{$lblSkipToContent|ucfirst}

Part 3: Step-by-step Tooling for iOS Research (via @bizzybarney)

maandag 22 maart 2021 inmac4n6 (bestaat niet meer) (Backup & Security)

This is the third and final piece of the Mac and iPhone setup process!  Sorry for the long delay between the last one and this one, but better late than never right? …

Lees meer

APOLLO v1.4 - Now with 'Gather' Function from iOS/macOS and updates to iOS14 and macOS 11 modules

donderdag 3 december 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I’ve been working hard on a big update to improve core functionality of APOLLO to include methods to gather up the database files needed so they can be extracted from using the APOLLO modules.New APOLLO Functions:‘gather_macos’ - Automagically finds…

Lees meer

Analysis of Apple Unified Logs [Entry 12] – Quick & Easy Unified Log Collection from iOS Devices for Testing

dinsdag 8 september 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

Collection of Unified Logs on macOS systems is pretty straight forward. You can use the command, and yes – you do have to be root.sudo log collect Collection from iOS device is not as obvious. I think most of us are doing the sysdiagnose/AirDrop met…

Lees meer

Part 2: Step-by-step iPhone Setup for iOS Research (via @bizzybarney)

zondag 23 augustus 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

This is a follow-on to the previous post showing how to setup your Mac for iOS testing. If you haven’t read over that one - this article draws assumptions that your Mac is setup in a certain way, or that you know what you’re doing otherwise. Feel fr…

Lees meer

Step-by-step macOS Setup for iOS Research (via @bizzybarney)

vrijdag 14 augustus 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

CLI…WTFCommand line interface (CLI) isn’t for everyone.  Trust me; I get it.  @iamevltwin forced me out of my comfort zone a few years ago and opened my eyes to the power of Terminal (command prompt on Mac).  Now it is pinned to the Dock on every Ma…

Lees meer

Follow-on to DFIR Summit Talk: Lucky (iOS) 13: Time To Press Your Bets (via @bizzybarney)

maandag 20 juli 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

Facial Recognition in PhotosOne facet of my DFIR Summit talk I want to expand upon is a look into the Photos application, and a few of the derivative pieces of that endeavor.  While trying to focus on the topic of facial recognition, it seemed prude…

Lees meer

Socially Distant but Still Interacting! New and Improved Updates to macOS/iOS CoreDuet interactionC.db APOLLO Modules

zondag 21 juni 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

The interactionC.db database certainly does not get as much as attention as its CoreDuet partner in crime, knowledgeC.db. However, I think it has quite a bit of investigative potential. I’ve written about it before in a prior blog, however I’d like …

Lees meer

APOLLO and tvOS – It Just Works! (...and judges me for binging TV)

dinsdag 9 juni 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

It’s been a while since I last jailbroke an Apple TV and had a forensic look at it. Using the checkra1n jailbreak, I decided to give it a try. The jailbreak itself was easy and went very smooth. This was using an 4th Gen Apple TV running tvOS 13.4I …

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 11] – AirDropping Some Knowledge

vrijdag 5 juni 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I’ve written about this before in this article but wanted to revisit it for this series. For this scenario I want to test what certain items might look like when they are AirDrop’ed from an unknown source. Many schools have been receiving bomb threa…

Lees meer

Guest Post by @bizzybarney! A Peek Inside the PPSQLDatabase.db Personalization Portrait Database

dinsdag 2 juni 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

The DFIR Twitter-sphere exploded this morning when @mattiaep mentioned /private/var/mobile/Library/PersonalizationPortrait/PPSQLDatabase.db. I’ve been doing some research work on this file and plan to present pieces of it during my talk at the upcom…

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 10] – You down with TCC? Yea, you know me! Tracking App Permissions and the TCC APOLLO Module

maandag 1 juni 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

TCC Modifications in the Unified LogsTCC or Transparency, Consent, and Control keeps track of various application permissions. A user can make changes to an application’s permissions in the respective Privacy settings on macOS and iOS.  …

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 8] – Man! What a process!?

dinsdag 19 mei 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

A quick trick to get more info when you are testing different Unified log examples is to use Terminal’s man page lookup feature. This is useful to provide more context to processes that you may not be familiar with. Perhaps you have something intere…

Lees meer

New Webinar: Analyzing macOS with BlackLight's APOLLO Plugin

zondag 17 mei 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I’ll walk you through using BlackLight’s APOLLO plugin to track user application usage (knowledgeC, Power Log and Screen Time), device states, network usage and processes, file quarantine, and application permissions (TCC) on macOS.Webinar is availa…

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins

donderdag 30 april 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I’m sure many of us are working remote right now possibly using some of these remote capabilities. Remote Logins can include a few different services; SSH and Screen Sharing are two that I’ll show here. These services are disabled by default and wou…

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week!

maandag 27 april 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

No one can find flour or yeast anyway! ?This week is all about system lo…

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 3] – Playing in the Sandbox, Enumerating Files and Directories

vrijdag 24 april 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

While I’ve been researching various queries with these unified logs, I’ve noticed some peculiar but forensically useful entries. I have found many of these entries to be created when I’m browsing directories via Finder. However, they don’t appear to…

Lees meer

Analysis of Apple Unified Logs: Quarantine Edition [Entry 2] – sudo make me a sandwich

woensdag 22 april 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

The first item in the Unified Logs we will take a look at is a relativel…

Lees meer

Introducing 'Analysis of Apple Unified Logs: Quarantine Edition' [Entry 0]

maandag 20 april 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I’ve decided to spend some time revisiting analysis of Unified Logs as blog series during this quarantine. It is the perfect topic to make bite sized and I can make it as long or as short as Coronavirus deems it so.I’m planning of doing smaller blog…

Lees meer

New Presentation - Exploring macOS with APOLLO from #OBTS 3.0

vrijdag 13 maart 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

This was presented yesterday at Objective by the Sea 3.0 in beautiful Maui. Official macOS support and modules are coming to APOLLO!Slides and video are available here. I hope to update the APOLLO GitHub with updated script/modules next week. I’ll b…

Lees meer

macOS & iOS "Secure" Notes - I Can See Your Secrets, No Brute Forcing Required!

donderdag 5 maart 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I wrote a blog for BlackBag Tech on the not so secret secrets that could be stored in secure notes using the Notes application on macOS and iOS. Note snippets, location data, and media attachment metadata can all be there for the taking! You can rea…

Lees meer

Providing Context to iOS App Usage with knowledgeC.db and APOLLO

dinsdag 14 januari 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

With the APOLLO v1.0 update, I updated many of the Application Activity modules used with the knowledgeC.db database. I mentioned in this article that these were updated to provide more context to specific user application activities. One column in …

Lees meer

Internet - WiFi • e-mail • Software • Hardware • Reparatie • (Geheugen - SSD) Upgrades • Advies • Netwerken • Routers • Beheer op afstand (Teamviewer) • Onderhoud (Online Backup's) • Data Recovery • OSX Server • Synology NAS • Bootcamp - Parallels - VMWare

• 20 jaar ervaring •