Clik here to view.
…Won’t you back that thing up: a glimpse of ios 13 artifacts
Don’t lie – the song is already in your head. And if not, maybe it will be by the end. If you know me, titles/taglines, whatever you want to call them, are not my thing. But since testing iOS 13, I...
View ArticleClik here to view.
iOS 13 – Summary for those of you who enjoy the cliffsnotes
For those of you who don’t have time to read for585.com/ios13, here is a mini summary for you. First – If the backup is NOT encrypted you will not get: MapsCallsSafariHealthKeychainWallet Apple has...
View ArticleClik here to view.
2020 Forensic 4Cast Nominations are open!
I have been meaning to get this out for a bit, so here it is. Something has been keeping me busy – you know kids, work, SANS and being all in the same place together 24 hours a day. 🙂 The forensic...
View ArticleClik here to view.
“Life Has no ctrl+Alt+Del”– The New DFIR online Meetup
A DFIR Meetup Most important – Sign up here: https://t.co/MqW8jmiCv6?amp=1 Working from home, social-distancing, travel restrictions, and homeschooling all related to COVID-19 have changed our lives....
View ArticleClik here to view.
DFIRSummit Laugh Track
First, thank you to everyone for humoring me and submitting jokes. If we cannot laugh at ourselves, we are way too serious. Here are some of my favorites from the DFIR Summit. On a positive note –...
View ArticleClik here to view.
Does Photos.sqlite have relations with CameraMessagesApp? By Scott Koenig
First, I would like to thank Heather Mahalik for her help with this process and for allowing me to post something on her blog. It’s an honor! Additionally, thanks to Jared Barnhart for his assistance...
View ArticleClik here to view.
Rotten to the Core? Nah, iOS14 is Mostly Sweet
By Heather Mahalik This blog is a cursory glance of iOS14, which was officially released this week. To keep with my previous trends, I focus on basic artifacts that impact almost every investigation...
View ArticleClik here to view.
Forensic 4:Cast Awards – nominations are open
It’s that time of year again – the Forensic 4:Cast awards season and nominations are open. Last year I won 4 awards and my team won an additional 2! It was mind blowing and humbling. Thank you again...
View ArticleClik here to view.
Android and iOS acquisition Recommendations
I have been meaning to update this blog for years, so here goes. This blog is going to cover what I recommend to get the most data from iOS and Android devices. Many tools exist to successfully...
View ArticleClik here to view.
iOS 17- The “Forever” Setting That Isn’t… Or Is It?
When I teach SANS FOR585 Smartphone Forensic Analysis In-Depth, we really dive into iOS artifacts to validate the truth of what happened, what tools are reporting, and what they are missing. Message...
View Article