Notifications
Clear all

Best IOS platform?

10 Posts
5 Users
0 Likes
919 Views
(@hunter)
Posts: 32
Eminent Member
Topic starter
 

Who here has had recent success with iphone. Running cellebrite, and Apple has been giving me trouble. Has anyone used Parabin, Blackbag, Magnet and had good success within the last six months?

 
Posted : 27/08/2019 2:07 am
(@armresl)
Posts: 1011
Noble Member
 

In the last 6 months?
Yes, luck.

If you are trying to pull from the cloud, and using older versions of the software, you wouldn't get the benefit of the updated security protocols each vendor has worked around.

 
Posted : 27/08/2019 4:02 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Belkasoft is good tool for iPhone forensics analysis

 
Posted : 27/08/2019 4:41 am
(@hunter)
Posts: 32
Eminent Member
Topic starter
 

Thank you both

 
Posted : 27/08/2019 6:06 am
(@badgerau)
Posts: 96
Trusted Member
 

Can you expand on the problems you are having with Cellebrite, so we can learn?

I use Cellebrite, Magnet and Blacklight.

Blacklight is great for IOS. The new update includes integration for APPOLLO ( Sarah Edwards's tool) although I have not tested this yet, but based on what Sarah and other have done with this tool, it should be worthwhile.

If you don't have Blacklight the Mobilize is a very economical, basically the same thing only for mobile

 
Posted : 27/08/2019 10:10 pm
(@hunter)
Posts: 32
Eminent Member
Topic starter
 

Just having a hard tie bypassing the lock screen and extracting the data. Any data. Are it comes back chopped up. Numbers no names. Date txt was sent no txt. nothing consistent. I will look into mobilize.

 
Posted : 27/08/2019 11:35 pm
(@badgerau)
Posts: 96
Trusted Member
 

Well the screen bypass is Apple security issue, and as far as I am aware none of the mobile forensic platforms support screen bypass on up to date IOS versions.

The only way to get around the screen lock is using Cellebrite CAIS or GreyKey. Both these solutions are almost always LE only unless you have a court order/subpoena.

With regards to parsing the data incorrectly is this data that has been carved/recovered deleted data? Run the Cellebrite dump against other tools to see if there is a difference in the way the parsed data is presented.

Good Luck and keep us updated please.

 
Posted : 27/08/2019 11:42 pm
(@hunter)
Posts: 32
Eminent Member
Topic starter
 

Well the screen bypass is Apple security issue, and as far as I am aware none of the mobile forensic platforms support screen bypass on up to date IOS versions.

The only way to get around the screen lock is using Cellebrite CAIS or GreyKey

. Both these solutions are almost always LE only unless you have a court order/subpoena.

With regards to parsing the data incorrectly is this data that has been carved/recovered deleted data? Run the Cellebrite dump against other tools to see if there is a difference in the way the parsed data is presented.

Good Luck and keep us updated please.

I think this answers my issue. Thank you.

 
Posted : 28/08/2019 1:59 am
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

Run the Cellebrite dump against other tools to see if there is a difference in the way the parsed data is presented.

Has Cellebrite changes the layout of their Logical/Method 1 backups recently? I have no issues parsing Cellebrite .tar archives in AXIOM, but I was demoing some other mobile forensics tools recently and I had trouble with all of the ones I tried. It's possible there was some user error involved for any one of them, but probably not all.

 
Posted : 28/08/2019 6:45 am
(@hunter)
Posts: 32
Eminent Member
Topic starter
 

Run the Cellebrite dump against other tools to see if there is a difference in the way the parsed data is presented.

Has Cellebrite changes the layout of their Logical/Method 1 backups recently? I have no issues parsing Cellebrite .tar archives in AXIOM, but I was demoing some other mobile forensics tools recently and I had trouble with all of the ones I tried. It's possible there was some user error involved for any one of them, but probably not all.

So, I do have the issue of convincing my employer to pay for the annual updates. Yes I know that is 80% of the problem. However, even without keeping up with the updates very well Android hasn't been a huge challenge. Which leads my employer to believe that paying for the updates are not 100% necessary.

 
Posted : 30/08/2019 12:32 am
Share: