Hi everybody,
I'm Josh, private investigator and digital forensics analyst in South Carolina.
In the last few encase images of iPhones I have found evidence of 'hidden folder' apps in the AppDomain directory
com.enchantedcloud.photovaultpro
com.onewave.folderfree
These apps look like a basic icon on the phone, but prompt for a pin when clicked by a user.
From a forensic standpoint there was no encryption of the files contained in these directories so it was easy to view the 'hidden' items. I know there are a few designed to look like your calculator.
Does anyone know of some good lists of identifiers for iOS or android apps related to 'hidden' folders?
Most of what I found when I went looking were default app listings for the native Apple apps. While that is great for a white list, i'm looking for signs of deception many times in my cases.
I believe these would make great keyword lists for Encase processing. Hidden folders, VPNs, etc…
Thanks!