New Presentation - Exploring macOS with APOLLO from #OBTS 3.0

vrijdag 13 maart 2020 in mac4n6 (Backup & Security)

This was presented yesterday at Objective by the Sea 3.0 in beautiful Maui. Official macOS support and modules are coming to APOLLO!Slides and video are available here. I hope to update the APOLLO GitHub with updated script/modules next week. I’ll b…

Lees meer

macOS & iOS "Secure" Notes - I Can See Your Secrets, No Brute Forcing Required!

donderdag 5 maart 2020 in mac4n6 (Backup & Security)

I wrote a blog for BlackBag Tech on the not so secret secrets that could be stored in secure notes using the Notes application on macOS and iOS. Note snippets, location data, and media attachment metadata can all be there for the taking! You can rea…

Lees meer

Providing Context to iOS App Usage with knowledgeC.db and APOLLO

dinsdag 14 januari 2020 in mac4n6 (Backup & Security)

With the APOLLO v1.0 update, I updated many of the Application Activity modules used with the knowledgeC.db database. I mentioned in this article that these were updated to provide more context to specific user application activities. One column in …

Lees meer

New Year New APOLLO – Officially out of Beta iOS 13 Module Updates!

dinsdag 14 januari 2020 in mac4n6 (Backup & Security)

I spent this weekend updating and sprucing up APOLLO for its v1.0 release. It took far longer than anticipated, mostly because I’ve added quite a few new modules. It also takes a while to go through every SQL query module updating it to iOS 13. Data…

Lees meer

New(ish) Presentation: Poking the Bear - Teasing out Apple's Secrets through Dynamic Forensic Testing and Analysis

dinsdag 10 december 2019 in mac4n6 (Backup & Security)

I had the wonderful opportunity to present this presentation at two great conferences in October; Jailbreak Security Summit and BSides NoLA. Unfortunately I was going on an extended vacation almost immediately after so I forgot to post this to the s…

Lees meer

Just Call Me Buffy the Proto Slayer – An Initial Look into Protobuf Data in Mac and iOS Forensics

vrijdag 27 september 2019 in mac4n6 (Backup & Security)

I was first introduced to the protobuf data format years ago accidentally when I was doing some MITM network analysis from an Android device. The data I was looking at was being transferred in this odd format, I could tell there were some known stri…

Lees meer

iOS Location Mapping with APOLLO – Part 2: Cellular and Wi-Fi Data (locationd)

maandag 26 augustus 2019 in mac4n6 (Backup & Security)

My previous article showed a new capability of APOLLO with KMZ location file support. It worked great…for routined data, but there was something missing. What about the cellular and Wi-Fi locations that are stored in databases? Well, turns out I ne…

Lees meer

iOS Location Mapping with APOLLO - I Know Where You Were Today, Yesterday, Last Month, and Years Ago!

donderdag 22 augustus 2019 in mac4n6 (Backup & Security)

I added preliminary KMZ (zipped KML) support to APOLLO. If any APOLLO module’s SQL query has “Location” in its Activity field, it will extract the location coordinates in the column “Coordinates” as long as they are in Latitude, Longitude format (ie…

Lees meer

New Presentation from SANS DFIR Summit 2019 - They See Us Rollin', They Hatin' - Forensics of iOS CarPlay and Android Auto

woensdag 7 augustus 2019 in mac4n6 (Backup & Security)

Heather Mahalik and I teamed up again this year at the SANS DFIR Summit to present on iOS CarPlay and Android Auto.Presentation is here. Will post a link to the video when it’s available.Always a good time and love seeing friends every year. Still o…

Lees meer

New Presentation from MacDevOpsYVR 2019 - Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis

maandag 17 juni 2019 in mac4n6 (Backup & Security)

I had the pleasure last week to attend MacDevOpsYVR in Vancouver, Canada. While I barely saw the city, I got to hang out with some awesome Mac Sys Admins and Dev Ops people. I’ve not been to a conference outside of Security/Forensics before so it wa…

Lees meer

New Presentation from Objective by the Sea 2.0 - Watching the Watchers

donderdag 6 juni 2019 in mac4n6 (Backup & Security)

Just got back from a wonderful time hanging out with the who’s who of Mac security folk in swanky Monaco at the Objective by the Sea conference. I’ve uploaded my presentation Watching the Watchers in my Resources section. This presentation goes thro…

Lees meer

iOS 12 APOLLO Updates

donderdag 16 mei 2019 in mac4n6 (Backup & Security)

Many modules were updated to specially support iOS 12 including those below. Many were already available on iOS 12 (Powerlog, Passes, SMS, etc). If the files are were available without a jailbreak. As always, let me know if I missed something! Remem…

Lees meer

Apple Pattern of Life Lazy Output’er (APOLLO) Updates & 40 New Modules (Location, Chat, Calls, Apple Pay Transactions, Wallet Passes, Safari & Health Workouts)

vrijdag 18 januari 2019 in mac4n6 (Backup & Security)

I started filling in the gaps to missing APOLLO modules. While doing this I realized there was some capability that was missing with the current script that had to be updated. As far as script updates go the following was done:Support for multiple d…

Lees meer

Network and Application Usage using netusage.sqlite & DataUsage.sqlite iOS Databases

maandag 7 januari 2019 in mac4n6 (Backup & Security)

Two iOS databases that I’ve always found interesting (and probably should test more) are netusage.sqlite and DataUsage.sqlite. These two databases contain very similar information – one is available in a backup (and file system dumps) the other only…

Lees meer

Video of 'From Apple Seeds to Apple Pie' from Objective by the Sea - Now Available!

vrijdag 28 december 2018 in mac4n6 (Backup & Security)

Videos have been posted from Objective by the Sea from this past November. My talk ‘From Apple Seeds to Apple Pie’ a pattern of life talk about my APOLLO tools is here.As always, my videos and presentations will always be available on the Resources …

Lees meer

On the Twelfth Day of APOLLO, My True Love Gave to Me – A To Do List – Twelve Planned Improvements to APOLLO

dinsdag 25 december 2018 in mac4n6 (Backup & Security)

My Christmas gift to you - improvements!More Queries – There is plenty more to come. There are more databases and many half-written queries that I have yet to add.Additional Testing – I want these to be as accurate as possible.BLOB/Protobuf Parsing …

Lees meer

On the Eleventh Day of APOLLO, My True Love Gave to Me – An Intriguing Story – Putting it All Together: A Day in the Life of My iPhone using APOLLO

maandag 24 december 2018 in mac4n6 (Backup & Security)

I did a blog article, especially about the knowledgeC.db about a day in the life of my iPhone and it went over really well. I’ve decided to do a similar story using all the data that I’ve parsed from my iPhone using APOLLO, quite a bit more data to …

Lees meer

On the Tenth Day of APOLLO, My True Love Gave to Me – An Oddly Detailed Map of My Recent Travels – iOS Location Analysis

zondag 23 december 2018 in mac4n6 (Backup & Security)

I saved one of my favorite topics for (nearly) last. There is no question that location can play a major role in many investigations. iOS location data as changed drastically with iOS 11 from previous iOS versions. I published research on these loca…

Lees meer

On the Ninth Day of APOLLO, My True Love Gave to Me – A Beautiful Portrait – Analysis of the iOS Interface

zaterdag 22 december 2018 in mac4n6 (Backup & Security)

The interface of the device can produce some useful artifacts. Starting with screen orientation. Perhaps you want to know if the user was watching a video for a period of time. In conjunction with other artifacts that I’ve already details like app u…

Lees meer

On the Eighth Day of APOLLO, My True Love Gave to Me – A Glorious Lightshow – Analysis of Device Connections

vrijdag 21 december 2018 in mac4n6 (Backup & Security)

Today we’ll be analyzing the knowledgeC.db and CurrentPowerlog.PLSQL database for various connections. The first thing you may want to know in an investigation is – was the device plugged in or not? This can be gained from a few places.The knowledge…

Lees meer

On the Seventh Day of APOLLO, My True Love Gave to Me – A Good Conversation – Analysis of Communications and Data Usage

donderdag 20 december 2018 in mac4n6 (Backup & Security)

Today is all about the CurrentPowerlog.PLSQL database. This database keeps track of many ways that data is transferred either by cellular, Wi-Fi, or Bluetooth methods. These modules can help determine where the data is going, which app is pulling do…

Lees meer

Internet - WiFi • e-mail • Software • Hardware • Reparatie • (Geheugen - SSD) Upgrades • Advies • Netwerken • Routers • Beheer op afstand (Teamviewer) • Onderhoud (Online Backup's) • Data Recovery • OSX Server • Synology NAS • Bootcamp - Parallels - VMWare

• 20 jaar ervaring •