@grizzlydigital Just an FYI, the Yahoo app is in a lower protection class than both the native iOS Mail app and the Gmail app. Cellebrite WILL get the full Yahoo mail app even with the PA Adv Logical. But here's the kicker. It doesn't parse it, so most of the time you don't know it's even there. If you know the device has it, a simple search should return the UUID. If I remember correctly, the SQLite db is actually in the containers/shared instead of the normal containers/data path. 🙂 Happy hunting!!!
@grizzlydigital Just an FYI, the Yahoo app is in a lower protection class than both the native iOS Mail app and the Gmail app. Cellebrite WILL get the full Yahoo mail app even with the PA Adv Logical. But here's the kicker. It doesn't parse it, so most of the time you don't know it's even there. If you know the device has it, a simple search should return the UUID. If I remember correctly, the SQLite db is actually in the containers/shared instead of the normal containers/data path. 🙂 Happy hunting!!!
was this reported to Cellebrite support. They are pretty good at making fixes to new version of UFED PA
Checkm8 based Advanced Logical acquisition is a full file system extraction, it is normal that it contains more information then Methods 1 & 2 which are logical client based extractions!
As for the Checkm8 hanging the process, check the extraction log, it will be pretty self-explanatory of what happened. I seen the same device hang with a cable when oding Checkm8 based acquisition and do the full acquisition with another new cable. Nothing else differed in the setup...
If one failes, use another tool 🙂 I simply try the Belkasoft Evidence Center or Oxygen Forensics Checkm8 based extractions or the Elcomsoft client based full file system extraction on open devices.