-
A first look at iOS 18 forensics
This has been a tough year for me: my mom passed away in June, and I’m still slowly recovering from the hard blow. It’s time to start again doing what I love: researching and sharing! It’s early September and like every year, that moment is approaching when everyone who deals with mobile forensics starts to…
-
iOS Forensics: tool validation based on a known dataset – Preamble
Hello world, it’s been a while since my last series of blog posts! But now I am ready to share with you the results of my recent research. I face many different challenges in my daily work as a digital forensics analyst, who deals mainly with mobile devices. All modern smartphones are encrypted (usually with…
-
Sysdiagnose in iOS 16: a first look from a Digital Forensics perspective
Back in May 2019, along with my colleagues Heather Mahalik and Adrian Leong, we wrote the paper “Using Apple “Bug Reporting” for forensic purposes” and some scripts to parse data stored in Sysdiagnose logs. The paper is still available for download and, for the most part, is still accurate. But time goes on, and new…
-
To Schnorr and beyond (part 2)
This post continues a long, wonky discussion of Schnorr signature schemes and the Dilithium post-quantum signature. You may want to start with Part 1. In the previous post I discussed the intuition behind Schnorr signatures, beginning with a high-level design rationale and ending with a concrete instantiation. As a reminder: our discussion began with this…
-
On Ashton Kutcher and Secure Multi-Party Computation
Back in March I was fortunate to spend several days visiting Brussels, where I had a chance to attend a panel on “chat control“: the new content scanning regime being considered by the EU Commission. Among various requirements, this proposed legislation would mandate that client-side scanning technology be incorporated into encrypted text messaging applications like…
-
Book Review: Red Team Blues
As a rule, book reviews are not a thing I usually do. So when I received an out-of-the-blue email from Cory Doctorow last week asking if I would review his latest book, Red Team Blues, it took a minute to overcome my initial skepticism. While I’m a fan of Cory’s work, this is a narrow/nerdy…
-
PRFs, PRPs and other fantastic things
A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptography textbooks, and how they tend to spend way too much time lecturing people about Feistel networks and the boring details of AES. Some of the folks in this conversation suggested that instead of these things, we should be…
-
Extraction Agent and Firewall: Software vs. Hardware
Using a firewall is essential to secure the installation of the extraction agent when performing low-level extraction from a variety of iOS devices. We developed two solutions: a software-based firewall for macOS and a hardware-based firewall using a Raspberry Pi (or similar microcomputer) with our own custom firmware. This guide will help you choose the…
-
Windows Sockets: From Registered I/O to SYSTEM Privileges
By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the August 2024 Patch Tuesday. This post describes the exploitation process for the vulnerability. First, we give a general overview of the…
-
DeepSec 2024 Keynote – The Mind Bomb
DeepSec 2024 ended on 22 November 2024. We took a week off to post-process the event in terms of video material and dialogues. Usually only participants get first access to the video recordings, but because of the threat of disinformation from nation states, we published the keynote early and freely. Randahl Fink explained his take…