In order to perform a correct forensic analysis on a Apple device, a basic knowledge of storage, file allocation methods relevant files paths is always required.

I’ve already written about DLL Hijacking, but today I’d like to share a really interesting research by Wietze Beukema.

I read an interesting article that I’d like to share with you today.
A post on Elcomsoft blog by James Duffy, titled “Demystifying iOS Data Security”.

LinuxCheck is a small bash script for information collection, useful for emergency response on Debian and Centos systems.

Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.
In that case, the analysis of windows events has turned out really useful.

Vladimir Katalov published, on ElcomSoft‘s blog, a good post about forensic acquisition techniques for iOS devices.

In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.
That paper has confirmed what had long been theorized by computer security practitioners: the volatile memory of computer systems is less volatile than expected.

During an incident response, a fast analysis could be required, often on systems that aren’t the workstation usually used by the analyst.
So, I always suggest to create a small and simple toolkit that can be copied on a USB stick.

The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.

iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices.