Forums
Main Category
General (Technical,...
Interesting Files o...
 
Notifications
Clear all

Interesting Files on iPhone / iTouch Devices

 
Page 2 / 4
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Hujarl 15 years ago
31 Posts
12 Users
0 Reactions
3,936 Views
RSS
alex101
 alex101
(@alex101)
Estimable Member
Joined: 17 years ago
Posts: 105
03/02/2010 6:08 pm  

I have recently had access to a tool called iPhorensic that allows you to search and explore all the backup files (sql, db, plist etc.) and produce your findings in a report. It will also decode and produce a very comprehensive report on key evidential data contained within the backup files.

I've been using it primarily as a verification tool as it can also read data recovered from XRY, UFED and Oxygen reads.

http//www.evigator.com/iphorensic/


   
ReplyQuote
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
03/02/2010 6:43 pm  

I have recently had access to a tool called iPhorensic that allows you to search and explore all the backup files (sql, db, plist etc.) and produce your findings in a report. It will also decode and produce a very comprehensive report on key evidential data contained within the backup files.

I've been using it primarily as a verification tool as it can also read data recovered from XRY, UFED and Oxygen reads.

http//www.evigator.com/iphorensic/

alex101
Do you know who is behind this prog, the contact details are West Yorkshire?
Do you know where the App Store link is, as it didn't appear on the webpages I looked at?
How much does it cost?


   
ReplyQuote
alex101
 alex101
(@alex101)
Estimable Member
Joined: 17 years ago
Posts: 105
03/02/2010 8:48 pm  

alex101
Do you know who is behind this prog, the contact details are West Yorkshire?
Do you know where the App Store link is, as it didn't appear on the webpages I looked at?
How much does it cost?

Sorry for the scant detail in my earlier post (was a little rushed for time when posting).

iPhorensic is by the original coder for WOLF (r.i.p.). Its release date is due to be very soon (days not weeks so he tells me) and price is around £120.

In case anyone is wondering, my involvement is purely as a beta tester (so no financial connection in any way) so any detailed questions about how or why would be best directed towards here http//www.evigator.com/support/

All I can say is that it has so far been an invaluable tool for me with regards to identifying evidence and saving time.


   
ReplyQuote
 Doug
(@doug)
Estimable Member
Joined: 16 years ago
Posts: 185
Topic starter 03/02/2010 10:45 pm  

It certainly sounds interesting.

Do you have any screen shots or sample reports that you could provide or is it still locked down to beta testers only?

I would be interested to see how it would report the internet history for example.


   
ReplyQuote
 JDCoulthard
(@jdcoulthard)
Trusted Member
Joined: 16 years ago
Posts: 98
04/02/2010 12:11 am  

The website will be updated over the next few days with screenshots.

If you contact me I will send you a sample report.


   
ReplyQuote
 kris_w
(@kris_w)
New Member
Joined: 19 years ago
Posts: 1
04/02/2010 2:02 am  

Not checked but maybe worth it?

http//sourceforge.net/projects/iphoneanalyzer/


   
ReplyQuote
 Doug
(@doug)
Estimable Member
Joined: 16 years ago
Posts: 185
Topic starter 04/02/2010 8:47 pm  

JDCoulthard - I have sent you a PM.

kris_w - I shall download that and have a play, thank you.


   
ReplyQuote
alex101
 alex101
(@alex101)
Estimable Member
Joined: 17 years ago
Posts: 105
05/02/2010 1:44 pm  

Not checked but maybe worth it?

http//sourceforge.net/projects/iphoneanalyzer/

Just had a quick play with this. Its an interesting tool and it lets you browse the backup files. It has a "report" tab but it doesn't seem to do anything so no way other than screen shots of exporting the data ? It seems fairly limited in what it does but then it is free D

It certainly sounds interesting.

Do you have any screen shots or sample reports that you could provide or is it still locked down to beta testers only?

I would be interested to see how it would report the internet history for example.

Screen shots of iPhorensic have now been posted http//www.evigator.com/iphorensic/gallery/index.html

I'm sure if people request it JDCoulthard will post some screen shots of the reports that it generates.


   
ReplyQuote
 Doug
(@doug)
Estimable Member
Joined: 16 years ago
Posts: 185
Topic starter 05/02/2010 3:16 pm  

Looking at the screen shots it shows Google Maps being used for the map location data.

Does this mean that it has to be installed on a PC with internet connectivity? We have our forensic towers on a separate forensic network with no outside access (Internet).

Also what format do you import the files in?
Can it support DD images in .dmg format? Or does it rely on a standard backup being taken?

Regards,


   
ReplyQuote
 JDCoulthard
(@jdcoulthard)
Trusted Member
Joined: 16 years ago
Posts: 98
05/02/2010 3:29 pm  

Doug

The google maps viewing is an additional feature but not an absolute requirement. This was developed for case officers to quickly identify locations relevant to an enquiry.

The main focus of this application is to examine backups found on a computer. You can also examine the contents of a folder, so if you mount the dd image using something like mount image pro or paraben p2 explorer you should be able to extract data.

I am working on producing a sanitised report that I will make available for download soon.


   
ReplyQuote
Page 2 / 4
Forum Jump:
  Previous Topic
Next Topic  
Share: