Christian Peter

The new customizable Backup Option

A new UFADE Version is out! (github.com/prosch88/UFA...) New in 1.0.1:

Customizable backup functions,

The option to decrypt existing iTunes backups,

Interface improvements,

More consistent display on different platforms,

Includes the latest identifiers for the new iPhone and Apple Watch models

The big v1.0 release of #UFADE is here, thanks as always to @zamomin.bsky.social for provided an awesome tool github.com/prosch88/UFA...

Logs in a Sysdiagnose - It's about time... A recent discussion with Lionel Notari, Jesse M. Lindmar and Tim Korver raised the question of whether a log archive created via the iOS sysdiagnose function is comparable to a log archive created dir...

Have you ever wondered whether a iOS sysdiagnose contains all Unified Logs entries? I did:

Logs in a Sysdiagnose - It's about time...
www.linkedin.com/pulse/logs-s...

#iOS
#dfir
#forensics
#unifiedlogs

UFADE 0.9.8 is out now! (github.com/prosch88/UFA...)

- Unified Logs are now included in the PRFS Backup
- Device info is now shown in recovery or DFU mode
- An issue with mounting DDIs on older devices was solved
- improved decryption error handling

#UFADE
#dfir
#forensics
#iOS

Don't lose your logbook !This is not intended to be a vendor shitpost! It is understandable that developers protect their intellectual property. However, the measures taken to do so can destroy evidence that could be decisiv...

Don't lose your logbook
www.linkedin.com/pulse/dont-l...

Just tried to get some sort of "dark mode" with the latest Autopsy.
If you want to try: add "--laf com.formdev.flatlaf.FlatDarkLaf" to the "default_options" line in AppData\Roaming\autopsy\etc\autopsy.conf
The "Logical Files" source screen isn't showing. Aside from that it's working great!

#dfir

If you want to collect Unified Logs from an Apple Homepod (1. Gen), you can use UFADE to do so. I was able to connect the device with a 3D printed adapter on macOS and Windows.

#UFADE
#forensics
#ios
#dfir

Has everyone recovered from the 18.1 update?
Good, because iOS 18.2 brings a new security feature.
With stolen device protection activated, pairing with PCs in not trusted locations is prevented.

Better try to deactivate this Feature while still in the trusted location.

#ios
#dfir
#forensics

Week 48 – 2024 Adam MesserCloud Digital Forensics and Incident Response — Elastic Kubernetes Service Takeover Leads to… BelkasoftDocument Forensics with Belkasoft X CTF导航Reverse Engineering iOS 18 Inactivity Rebo…

Week 48 - 2024 #DFIR
thisweekin4n6.com/2024/12/01/w...

Yes. I used an iBus Adapter (MaAnt AWBT) and triggered the sysdiagnose creation with my UFADE tool.

grepped output for otctl_status.txt with a list of Apple device model ids and the serial numbers

content of bluetooth_status.txt showing the devices BT-MAC and two paired devices (iPhone and iPad)

Did you know that you can find references to a user's other devices in the sysdignose archive of an Apple Watch?

Look at these entries in "otctl_status.txt" for serial numbers and "logs/Bluetooth/CoreCapture/bluetooth_status.txt" for the names of the devices the watch is paired to.

#dfir
#apple

UFADE Logging menu

With the latest version of UFADE you are able to capture live syslogs from iOS devices. In addition, the logging features are now compiled in a separate submenu.
Furthermore, the compatibility with legacy devices has been increased (e.g. Ipad 1)

github.com/prosch88/UFA...

#UFADE
#forensics
#ios