Linux Fu: Gum Up Your Script
We often write quick bash scripts and judging by the comments, half of us use bash or a similar shell to pop out quick, useful scripts, and half of us …read more Continue reading Linux Fu: Gum Up Your Script
Category Archives: scripts
How to Use the PowerShell Exit Keyword to Terminate Scripts
PowerShell’s built-in exit keyword allows you to terminate scripts without… Continue reading How to Use the PowerShell Exit Keyword to Terminate Scripts
APOLLO v1.4 – Now with ‘Gather’ Function from iOS/macOS and updates to iOS14 and macOS 11 modules
I’ve been working hard on a big update to improve core functionality of APOLLO to include methods to gather up the database files needed so they can be extracted from using the APOLLO modules.New APOLLO Functions:‘gather_macos’ – Automagically finds a… Continue reading APOLLO v1.4 – Now with ‘Gather’ Function from iOS/macOS and updates to iOS14 and macOS 11 modules
Extensive knowledgeC APOLLO Updates!
While helping some investigators out I realized that my some of my APOLLO knowledgeC modules needed a bit of updating. Naturally I thought it would be quick, but it turned into quite an extensive update. I’ve included lots of brand-new modules as well … Continue reading Extensive knowledgeC APOLLO Updates!
Providing Context to iOS App Usage with knowledgeC.db and APOLLO
With the APOLLO v1.0 update, I updated many of the Application Activity modules used with the knowledgeC.db database. I mentioned in this article that these were updated to provide more context to specific user application activities. One col… Continue reading Providing Context to iOS App Usage with knowledgeC.db and APOLLO
iOS Location Mapping with APOLLO – Part 2: Cellular and Wi-Fi Data (locationd)
My previous article showed a new capability of APOLLO with KMZ location file support. It worked great…for routined data, but there was something missing. What about the cellular and Wi-Fi locations that are stored in databases? Well, turns out I need … Continue reading iOS Location Mapping with APOLLO – Part 2: Cellular and Wi-Fi Data (locationd)
iOS Location Mapping with APOLLO – I Know Where You Were Today, Yesterday, Last Month, and Years Ago!
I added preliminary KMZ (zipped KML) support to APOLLO. If any APOLLO module’s SQL query has “Location” in its Activity field, it will extract the location coordinates in the column “Coordinates” as long as they are in Latitude, Longitude format (ie: 3… Continue reading iOS Location Mapping with APOLLO – I Know Where You Were Today, Yesterday, Last Month, and Years Ago!
New Presentation from MacDevOpsYVR 2019 – Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
I had the pleasure last week to attend MacDevOpsYVR in Vancouver, Canada. While I barely saw the city, I got to hang out with some awesome Mac Sys Admins and Dev Ops people. I’ve not been to a conference outside of Security/Forensics before so it was a… Continue reading New Presentation from MacDevOpsYVR 2019 – Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
iOS 12 APOLLO Updates
Many modules were updated to specially support iOS 12 including those below. Many were already available on iOS 12 (Powerlog, Passes, SMS, etc). If the files are were available without a jailbreak. As always, let me know if I missed something! Remember… Continue reading iOS 12 APOLLO Updates
Apple Pattern of Life Lazy Output’er (APOLLO) Updates & 40 New Modules (Location, Chat, Calls, Apple Pay Transactions, Wallet Passes, Safari & Health Workouts)
I started filling in the gaps to missing APOLLO modules. While doing this I realized there was some capability that was missing with the current script that had to be updated. As far as script updates go the following was done:Support for multiple data… Continue reading Apple Pattern of Life Lazy Output’er (APOLLO) Updates & 40 New Modules (Location, Chat, Calls, Apple Pay Transactions, Wallet Passes, Safari & Health Workouts)