Decode. Analyze. Understand.
Decode. Analyze. Understand.
This week I focused on a subtle but forensically valuable artefact: detecting when a device was physically connected to power. Or physically connected to a USB cable without charging. USB connections are often overlooked during triage, but can be critical…
As part of my ongoing research into Apple Unified Logs (AUL), this week’s focus is on physical interactions specifically, the use of the volume buttons on an iOS device. While seemingly simple, these artifacts can provide clear and timestamped evidence of user…
Sysdiagnose or CLI Logarchive? When conducting forensic investigations on Apple devices, Unified Logs provide a treasure trove of information about user interactions, system events, and application behavior. However, the way these logs are extracted greatly influences the amount and quality…
Why use the terminal? I write this guide based on years of experience as a digital forensic specialist. What you’re reading is not just a general how-to. It’s the exact approach I use in my own investigations, including when working…
It isn’t even Friday, but I decided to make an early artifact explanation. Today’s topic is about the pattern of the native iOS application with the mail application as a example. Why the native apps? Just like I mentioned earlier:…
It’s Friday again. I’m working through the final to-do’s for my thesis. The end is near, which means long days, plenty of words on paper, and just as many being scrapped again. So, let’s dive into today’s topic: the standard…