Dormant Devices, Chatty Logs: Extracting Forensic Artifacts from Seemingly Idle iOS Devices

Подробнее о видео

Have you ever wondered the sheer amount of forensic artifacts being generated by your seemingly idle iPhone just laying on your desk? Or perhaps you have an iOS device where a Full File System (FFS) image isn’t supported but you are still missing crucial pieces of information relevant to your investigation that aren’t found in your logical image. Join us as we delve into some newly discovered iOS artifacts and how System logs may hold the piece of data we need. While these logs were initially intended for Apple and developers to keep track of crash logs, application data and general system information, they harbor a trove of artifacts relevant for forensic analysts they could potentially be missing.

SANS DFIR Summit 2024
Dormant Devices, Chatty Logs: Extracting Forensic Artifacts from Seemingly Idle iOS Devices
Speakers:
Cesar Quezada, Director of Forensics, Hexordia
Nick Dubois, Mobile Vulnerabilty Researcher , Hexordia

View upcoming Summits: