Collaborate Disseminate
I had the opportunity to present to a bunch of folks in one of my favorite places, Norway (yes, again!) I wanted to take an initial look into Apple Intelligence (AI), to see what was forensically interesting. I will personally add that I really did enj… Continue reading New Presentation – Using Apple Intelligence (AI) Data in Investigations
I’ve uploaded my presentation that I gave at the lovely Sikkerhetsfestivalen 2024 in Lillehammer, Norway.This presentation goes through some pattern-of-life (APOLLO-ish) investigative scenarios. Continue reading Sikkerhetsfestivalen 2024 – Lillehammer, Norway
This is the third and final piece of the Mac and iPhone setup process! Sorry for the long delay between the last one and this one, but better late than never right?
… Continue reading Part 3: Step-by-step Tooling for iOS Research (via @bizzybarney)
I’ve been working hard on a big update to improve core functionality of APOLLO to include methods to gather up the database files needed so they can be extracted from using the APOLLO modules.New APOLLO Functions:‘gather_macos’ – Automagically finds a… Continue reading APOLLO v1.4 – Now with ‘Gather’ Function from iOS/macOS and updates to iOS14 and macOS 11 modules
Collection of Unified Logs on macOS systems is pretty straight forward. You can use the command, and yes – you do have to be root.sudo log collect Collection from iOS device is not as obvious. I think most of us are doing the sysdiagnose/AirDrop m… Continue reading Analysis of Apple Unified Logs [Entry 12] – Quick & Easy Unified Log Collection from iOS Devices for Testing
This is a follow-on to the previous post showing how to setup your Mac for iOS testing. If you haven’t read over that one – this article draws assumptions that your Mac is setup in a certain way, or that you know what you’re doing otherwise. Feel free … Continue reading Part 2: Step-by-step iPhone Setup for iOS Research (via @bizzybarney)
CLI…WTFCommand line interface (CLI) isn’t for everyone. Trust me; I get it. @iamevltwin forced me out of my comfort zone a few years ago and opened my eyes to the power of Terminal (command prompt on Mac). Now it is pinned to the Dock… Continue reading Step-by-step macOS Setup for iOS Research (via @bizzybarney)
Facial Recognition in PhotosOne facet of my DFIR Summit talk I want to expand upon is a look into the Photos application, and a few of the derivative pieces of that endeavor. While trying to focus on the topic of facial recognition, it seemed pru… Continue reading Follow-on to DFIR Summit Talk: Lucky (iOS) 13: Time To Press Your Bets (via @bizzybarney)
The interactionC.db database certainly does not get as much as attention as its CoreDuet partner in crime, knowledgeC.db. However, I think it has quite a bit of investigative potential. I’ve written about it before in a prior blog, however I’d like to … Continue reading Socially Distant but Still Interacting! New and Improved Updates to macOS/iOS CoreDuet interactionC.db APOLLO Modules