Extracting Forensic Artifacts from Seemingly Idle iOS Devices - Dormant Devices, Chatty Logs

Explore the wealth of forensic artifacts generated by seemingly inactive iPhones in this 33-minute SANS DFIR Summit 2024 presentation. Delve into newly discovered iOS artifacts and learn how System logs can provide crucial information for investigations, especially when Full File System (FFS) images are unavailable. Discover how logs intended for crash reporting and system monitoring can be leveraged by forensic analysts to uncover valuable data. Join speakers Cesar Quezada, Director of Forensics at Hexordia, and Nick Dubois, Mobile Vulnerability Researcher at Hexordia, as they reveal techniques for extracting and analyzing these hidden artifacts from idle iOS devices.

Dormant Devices, Chatty Logs: Extracting Forensic Artifacts from Seemingly Idle iOS Devices