Tweet
It would be excellent if OSForensics could identify and decrypt iTunes mobile backups found on Windows machines.
-
-
As long as they keep with the segmented work flow, id be happy to see Apple and Android DBs and cloud added also. -
Thanks for the suggestions. We've made a note of itunes decryption request. Typically we implement what is most in demand.
James, Which DBs in particular are you referring to?Comment
-
I am guessing Mr. Cadden is referring to SQLite database files holding human activities in phone extractions.
For example, Autopsy The Sleuthkit can parse Android physical image files and pull out SMS messages etc.
A homerun, in my opinion, would be for OSF to be able to image a workstation, automatically flag iTunes mobile backups found in user/appdata/Apple/mobilesync/backups, create a searchable index of the workstation, and then leverage the newly created search index in conjunction with the password cracking module, to crack any encrypted backups.
Also it would be nice for the SQLite module to scan and “add to case” commonly know SQLite database files such as main.db for Skype, etc.Comment
-
We do some of this already. There is already an module for viewing SQLite databases, you should already be able to parse and view the file system from mobile devices (if not encrypted) and cracking files based on an word index is already available.Comment
-
Yes, this is what I love most about OSForensics. The modular approach. It is nice to have some shake-n-bake, Can't deny that I love it. Triage is a solid addition BTW. Still many times I just need a certain thing examined. And this approach works for me.Originally posted by David (PassMark) View Post
Being able to process and break down AB backups.or iTunes backups from a computer hard drive and then parse them out into something that looks good and can be presented in court would sure be nice. Call logs, chat logs..etc.
Noticed two homeless guys up against the McDonalds the other day....both with their cell phones using the free WIFI. Not a pot to piss in, but they can still make wifi calls, surf the internet, use Facebook, Snapchat, email and Skype . So yea, solid market...everyone (except my grandmother) has a cell phone.Comment
-
Parsing images from mobile devices isn't the real problem. The real problem is that there is no sure fire way to get the (un-encrypted) disk image off a mobile device in the first place. Yes, some devices still have bugs and exploits but it is getting harder & more expensive to image them each year. Even getting example images to do development and testing with is hard.
(BTW: if you do have example images from mobile devices we'd love to get a copy of them).Comment
-
I can send you dozens of them, check your PMS. The issue of recovering or collecting cell phone data from the devices or computers is pretty much addressed (when they are not locked) with other tools that are free. Having the ability to add them to an OSForensic case, parse them out and include in the report would be amazing. I would love to see the Passmark methodology of work flow added to cell phone data.Comment
-
An ultimate capability, in my opinion, would be the ability for OSF to present and report a combined master timeline including email, text messages, internet browsing, etc activity.
No tool does this currently in the marketplace I believe.Comment
-
James, Thanks for the offer, I replied via PM.Comment
Comment