The Shared with You is a new feature that has been discussed within Apple Worldwide Developers Conference (WWDC) videos and other developer videos. Generally, the comments made indicate that within iOS and other Apple Operating Systems this feature will allow a user to easily view and interact with links that have been shared by otherContinue reading “Shared with You Syndication Photo Library – Message Attachments & Linked Assets”
Hello again! There has been a lot of discussion and curiosity about the recent news that iOS 16 will have an enhanced Hidden assets feature. According to the press releases, this feature will allow a user to lock hidden assets behind the device Passcode, Touch ID, and/or Face ID. The question I believe most ofContinue reading “How to find iOS Hidden Assets”
As I stated in the future considerations section of the original research write-up, I contacted a few vehicle forensics experts and asked if they would like to assist me with some research and testing, they responded “Absolutely.” During a training event, the experts and I conducted a small test. Forensic Question During the test, IContinue reading “Vehicle and iPhone Speed Comparison”
As many of you are aware, I recently updated my Photos.sqlite queries. Since releasing the different query iterations, I have received several questions about how I was able to decode the data included in the queries. That’s a great question! I also noticed several questions being posted to the listservs and DFIR Discord about theContinue reading “Local Photo Library Photos.sqlite Query Documentation & Notable Artifacts”
I would like to start off by saying thank you to everyone who has reached out about the Photos.sqlite queries I previously posted. After chatting with some people who have used the queries, it was suggested that I update the queries to include the following: To do this, I used data from multiple devices andContinue reading “Local Photo Library Photos.sqlite Query Variations & WHERE statements”
Hello everyone! Back in August 2020, I wrote a blog “Using Photos.Sqlite to show the relationships between photos and the application they were created with?” which was posted on Heather Mahaliks’ blog, https://smarterforensics.com/. The writeup was eventually sent to DFIR Review (https://dfir.pubpub.org/pub/v19rksyf/release/1) and published on their website. This is a follow-up to the aforementioned blogContinue reading “Photos.sqlite Queries – Original Blog Posting”
Cell phone use is routine. Our cell phones are really an extension of ourselves. We carry them around to not only make calls and messages, but they are also our daily planners, to do lists and entertainment resources. We use them at all times of the day – the alarms in the morning, email, andContinue reading “iOS KnowledgeC.db Notifications”
Have you ever wanted to know how fast a vehicle or person was traveling at a particular time? Have you considered acquiring iPhone data to answer that question? The material in this blog will help provide some tools and methods for answering these questions. We know from previously published research that Apples iOS location dataContinue reading “iPhone Device Speeds via Cache.sqlite > ZRTCLLOCATIONMO table”
Awhile back, I, started working on some research whether the device speed recorded in an iPhone database could be considered reliable evidence for how fast a device was traveling. I was going to discuss some device settings in the blog, but quickly learned the Location Services and System Services settings should be discussed in aContinue reading “iOS Location Services and System Services ON or OFF?”
Forensic Question: A classmate of mine contacted me and posed a question, “Where in an iPhone extraction is the Display Auto-Lock setting stored?” Thanks, Tyler Wuestenhagen, for posing the question and getting me thinking. I did a little research, like reviewing the SANS FOR585 poster and class notes, but could not find the easy answer.Continue reading “iOS Settings Display Auto-Lock & Require Passcode”
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.