Clik here to view.
A breath of fresh air! Conducting application analysis with Oxygen Detective
See what I did there? I am getting craftier with these blog titles. First things first – this is NOT a sponsored blog. I am just really impressed with the bounds Oxygen is making in the mobile world....
View ArticleGet FOR585 at 50% off for Law Enforcement
How, you ask? See below. If you apply the Local LE discount (50%) to the Advanced Smartphone Forensics (FOR585) the cost is ~$2550 but we only have a limited amount of seats at this rate per class so...
View ArticleClik here to view.
Time is NOT on our side when it comes to messages in iOS 11
This is going to be a series of blog posts due to the limited amount of free time I have to allocate to the proper research and writing of an all-inclusive blog post on iOS 11. More work is needed to...
View ArticleClik here to view.
My Handy Smartphone Toolbox
I realize it’s been awhile and these tools have really changed since my last post in 2015. Have they changed for the better? Not necessarily. Some tools update so quickly that they lose the basics....
View ArticleClik here to view.
First the Grinch and now the Easter Bunny! Where is Apple Maps hiding?
Why is it that I stumble upon a smartphone artifact that drives me bonkers around holidays??? I am in the midst of the FOR585 course updates and I go through everything in great detail during this...
View ArticleClik here to view.
Smartphone Acquisition: Adapt, Adjust and Get Smarter!
June 25, 2018 I have been recently asked by students for a summary on how to handle smartphone acquisition of iOS and Android devices. I have avoided writing it down, like I would avoid the Plague,...
View ArticleForensic Grunt Work
Looking to blog and don’t know where to post it? I am happy to host your thoughts for you. Below is the first guest blog post by a past FOR585 student. If you have something to write about, please let...
View ArticleClik here to view.
Determining when an iOS backup was created
One point of contention in the FOR585 Advanced Smartphone Forensic class is – which files store the correct datetime for when a user created an iOS backup? I’ve engaged in a few friendly arguments...
View ArticleClik here to view.
How was an iPhone setup?
I’ve realized just how important it is to blog vs just do a webcast when I was completing my course updates. I would stumble upon a webcast, but didn’t have time to watch it, so I looked in another...
View ArticleClik here to view.
I’m not hiding, I swear!
If you are wondering where I have been, the answer is easy – busy! But I haven’t been ignoring you. Since joining Cellebrite, I have been working on sharing my research through their channels. To be...
View ArticleClik here to view.
…Won’t you back that thing up: a glimpse of ios 13 artifacts
Don’t lie – the song is already in your head. And if not, maybe it will be by the end. If you know me, titles/taglines, whatever you want to call them, are not my thing. But since testing iOS 13, I...
View ArticleClik here to view.
iOS 13 – Summary for those of you who enjoy the cliffsnotes
For those of you who don’t have time to read for585.com/ios13, here is a mini summary for you. First – If the backup is NOT encrypted you will not get: MapsCallsSafariHealthKeychainWallet Apple has...
View ArticleClik here to view.
2020 Forensic 4Cast Nominations are open!
I have been meaning to get this out for a bit, so here it is. Something has been keeping me busy – you know kids, work, SANS and being all in the same place together 24 hours a day. 🙂 The forensic...
View ArticleClik here to view.
“Life Has no ctrl+Alt+Del”– The New DFIR online Meetup
A DFIR Meetup Most important – Sign up here: https://t.co/MqW8jmiCv6?amp=1 Working from home, social-distancing, travel restrictions, and homeschooling all related to COVID-19 have changed our lives....
View ArticleClik here to view.
DFIRSummit Laugh Track
First, thank you to everyone for humoring me and submitting jokes. If we cannot laugh at ourselves, we are way too serious. Here are some of my favorites from the DFIR Summit. On a positive note –...
View ArticleClik here to view.
Does Photos.sqlite have relations with CameraMessagesApp? By Scott Koenig
First, I would like to thank Heather Mahalik for her help with this process and for allowing me to post something on her blog. It’s an honor! Additionally, thanks to Jared Barnhart for his assistance...
View ArticleClik here to view.
Rotten to the Core? Nah, iOS14 is Mostly Sweet
By Heather Mahalik This blog is a cursory glance of iOS14, which was officially released this week. To keep with my previous trends, I focus on basic artifacts that impact almost every investigation...
View ArticleClik here to view.
Forensic 4:Cast Awards – nominations are open
It’s that time of year again – the Forensic 4:Cast awards season and nominations are open. Last year I won 4 awards and my team won an additional 2! It was mind blowing and humbling. Thank you again...
View ArticleClik here to view.
Android and iOS acquisition Recommendations
I have been meaning to update this blog for years, so here goes. This blog is going to cover what I recommend to get the most data from iOS and Android devices. Many tools exist to successfully...
View ArticleClik here to view.
iOS 17- The “Forever” Setting That Isn’t… Or Is It?
When I teach SANS FOR585 Smartphone Forensic Analysis In-Depth, we really dive into iOS artifacts to validate the truth of what happened, what tools are reporting, and what they are missing. Message...
View Article