An Open Source iOS Backup Examination Tool

Last year, a team from the University of New Haven’s Cyber Forensics Research & Education Group / Lab introduced at the Association of Digital Forensics, Security and Law conference an open source iOS backup forensics examination tool.

From the abstract, authors Ibrahim Baggili, Shadi Al Awawdeh, Jason Moore write:

“This tool helps both researchers and practitioners alike in both understanding the backup structures of iOS devices and forensically examining iOS backups. The tool is currently capable of parsing device information, call history, voice messages, GPS locations, conversations, notes, images, address books, calendar entries, SMS messages, Aux locations, facebook data and e-mails. The tool consists of both a manual interface (where the user is able to manually examine the backup structures) and an automated examination interface (where the tool pulls out evidence from known files). Additionally, LiFE is designed so that the evidence located in files would retain its integrity. It is important to note that most of the evidence examined by LiFE is parsed from SQLite databases that are backed up by iTunes. LiFE also offers an extensibility option to the user, where an examiner can add new evidence SQLite files to the application that can be automatically parsed, and these known files are then automatically populated in the automated GUI’s toolbar with an icon added to the investigator’s liking.”

You can download the tool here.

Source: ADFSL

 
< Prev   Next >






Lifting Latent Fingerprints from Difficult Surfaces

ALMOST ANYONE can find, process, and lift a latent print that happens to be in a logical and obvious place like a door handle, a beer can, or a butcher knife. But sometimes, a latent print is not just sitting there in a logical and obvious place. Sometimes, you have to use your imagination to find the print and your skills to lift it.

Read more...