{$lblSkipToContent|ucfirst}

New Year New APOLLO – Officially out of Beta iOS 13 Module Updates!

dinsdag 14 januari 2020 inmac4n6 (bestaat niet meer) (Backup & Security)

I spent this weekend updating and sprucing up APOLLO for its v1.0 release. It took far longer than anticipated, mostly because I’ve added quite a few new modules. It also takes a while to go through every SQL query module updating it to iOS 13. Data…

Lees meer

New(ish) Presentation: Poking the Bear - Teasing out Apple's Secrets through Dynamic Forensic Testing and Analysis

dinsdag 10 december 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

I had the wonderful opportunity to present this presentation at two great conferences in October; Jailbreak Security Summit and BSides NoLA. Unfortunately I was going on an extended vacation almost immediately after so I forgot to post this to the s…

Lees meer

Just Call Me Buffy the Proto Slayer – An Initial Look into Protobuf Data in Mac and iOS Forensics

vrijdag 27 september 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

I was first introduced to the protobuf data format years ago accidentally when I was doing some MITM network analysis from an Android device. The data I was looking at was being transferred in this odd format, I could tell there were some known stri…

Lees meer

iOS Location Mapping with APOLLO – Part 2: Cellular and Wi-Fi Data (locationd)

maandag 26 augustus 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

My previous article showed a new capability of APOLLO with KMZ location file support. It worked great…for routined data, but there was something missing. What about the cellular and Wi-Fi locations that are stored in databases? Well, turns out I ne…

Lees meer

iOS Location Mapping with APOLLO - I Know Where You Were Today, Yesterday, Last Month, and Years Ago!

donderdag 22 augustus 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

I added preliminary KMZ (zipped KML) support to APOLLO. If any APOLLO module’s SQL query has “Location” in its Activity field, it will extract the location coordinates in the column “Coordinates” as long as they are in Latitude, Longitude format (ie…

Lees meer

New Presentation from SANS DFIR Summit 2019 - They See Us Rollin', They Hatin' - Forensics of iOS CarPlay and Android Auto

woensdag 7 augustus 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

Heather Mahalik and I teamed up again this year at the SANS DFIR Summit to present on iOS CarPlay and Android Auto.Presentation is here. Will post a link to the video when it’s available.Always a good time and love seeing friends every year. Still o…

Lees meer

New Presentation from MacDevOpsYVR 2019 - Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis

maandag 17 juni 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

I had the pleasure last week to attend MacDevOpsYVR in Vancouver, Canada. While I barely saw the city, I got to hang out with some awesome Mac Sys Admins and Dev Ops people. I’ve not been to a conference outside of Security/Forensics before so it wa…

Lees meer

New Presentation from Objective by the Sea 2.0 - Watching the Watchers

donderdag 6 juni 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

Just got back from a wonderful time hanging out with the who’s who of Mac security folk in swanky Monaco at the Objective by the Sea conference. I’ve uploaded my presentation Watching the Watchers in my Resources section. This presentation goes thro…

Lees meer

iOS 12 APOLLO Updates

donderdag 16 mei 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

Many modules were updated to specially support iOS 12 including those below. Many were already available on iOS 12 (Powerlog, Passes, SMS, etc). If the files are were available without a jailbreak. As always, let me know if I missed something! Remem…

Lees meer

Apple Pattern of Life Lazy Output’er (APOLLO) Updates & 40 New Modules (Location, Chat, Calls, Apple Pay Transactions, Wallet Passes, Safari & Health Workouts)

vrijdag 18 januari 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

I started filling in the gaps to missing APOLLO modules. While doing this I realized there was some capability that was missing with the current script that had to be updated. As far as script updates go the following was done:Support for multiple d…

Lees meer

Network and Application Usage using netusage.sqlite & DataUsage.sqlite iOS Databases

maandag 7 januari 2019 inmac4n6 (bestaat niet meer) (Backup & Security)

Two iOS databases that I’ve always found interesting (and probably should test more) are netusage.sqlite and DataUsage.sqlite. These two databases contain very similar information – one is available in a backup (and file system dumps) the other only…

Lees meer

Video of 'From Apple Seeds to Apple Pie' from Objective by the Sea - Now Available!

vrijdag 28 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

Videos have been posted from Objective by the Sea from this past November. My talk ‘From Apple Seeds to Apple Pie’ a pattern of life talk about my APOLLO tools is here.As always, my videos and presentations will always be available on the Resources …

Lees meer

On the Twelfth Day of APOLLO, My True Love Gave to Me – A To Do List – Twelve Planned Improvements to APOLLO

dinsdag 25 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

My Christmas gift to you - improvements!More Queries – There is plenty more to come. There are more databases and many half-written queries that I have yet to add.Additional Testing – I want these to be as accurate as possible.BLOB/Protobuf Parsing …

Lees meer

On the Eleventh Day of APOLLO, My True Love Gave to Me – An Intriguing Story – Putting it All Together: A Day in the Life of My iPhone using APOLLO

maandag 24 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

I did a blog article, especially about the knowledgeC.db about a day in the life of my iPhone and it went over really well. I’ve decided to do a similar story using all the data that I’ve parsed from my iPhone using APOLLO, quite a bit more data to …

Lees meer

On the Tenth Day of APOLLO, My True Love Gave to Me – An Oddly Detailed Map of My Recent Travels – iOS Location Analysis

zondag 23 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

I saved one of my favorite topics for (nearly) last. There is no question that location can play a major role in many investigations. iOS location data as changed drastically with iOS 11 from previous iOS versions. I published research on these loca…

Lees meer

On the Ninth Day of APOLLO, My True Love Gave to Me – A Beautiful Portrait – Analysis of the iOS Interface

zaterdag 22 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

The interface of the device can produce some useful artifacts. Starting with screen orientation. Perhaps you want to know if the user was watching a video for a period of time. In conjunction with other artifacts that I’ve already details like app u…

Lees meer

On the Eighth Day of APOLLO, My True Love Gave to Me – A Glorious Lightshow – Analysis of Device Connections

vrijdag 21 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

Today we’ll be analyzing the knowledgeC.db and CurrentPowerlog.PLSQL database for various connections. The first thing you may want to know in an investigation is – was the device plugged in or not? This can be gained from a few places.The knowledge…

Lees meer

On the Seventh Day of APOLLO, My True Love Gave to Me – A Good Conversation – Analysis of Communications and Data Usage

donderdag 20 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

Today is all about the CurrentPowerlog.PLSQL database. This database keeps track of many ways that data is transferred either by cellular, Wi-Fi, or Bluetooth methods. These modules can help determine where the data is going, which app is pulling do…

Lees meer

On the Sixth Day of APOLLO, My True Love Gave to Me – Blinky Things with Buttons – Device Status Analysis

woensdag 19 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

On this sixth day we’re going to go back to looking at the knowledgeC.db and CurrentPowerlog.PLSQL databases. If you are unfamiliar with these databases, please go back a few blogs. Today is all about what state the device is in. Let’s start with th…

Lees meer

On the Fifth Day of APOLLO, My True Love Gave to Me – A Stocking Full of Random Junk, Some of Which Might be Useful!

dinsdag 18 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

Today we go over one of the stranger databases on iOS, the Aggregate Dictionary database, or ADDataStore.sqlitedb. This database is only available with a physical file system dump in the /private/var/mobile/Library/AggregateDictionary/ directory. Th…

Lees meer

On the Fourth Day of APOLLO, My True Love Gave to Me – Media Analysis to Prove You Listened to “All I Want for Christmas is You” Over and Over Since Before Thanksgiving

maandag 17 december 2018 inmac4n6 (bestaat niet meer) (Backup & Security)

The fourth day brings us media artifacts using the knowledgeC.db and CurrentPowerlog.PLSQL databases. Each database stores similar yet somewhat different records when it comes to audio, and video usage.Let’s get in the mood! KnowledgeC.db Starting w…

Lees meer

Internet - WiFi • e-mail • Software • Hardware • Reparatie • (Geheugen - SSD) Upgrades • Advies • Netwerken • Routers • Beheer op afstand (Teamviewer) • Onderhoud (Online Backup's) • Data Recovery • OSX Server • Synology NAS • Bootcamp - Parallels - VMWare

• 20 jaar ervaring •