Fast iPhone forensic analysis with iLEAPP

Ғылым және технология

iPhone forensic analysis can be complicated, but sometimes you need to quickly access some of the most common information. iOS Logs, Events, And Plists Parser (iLEAPP) is a fast iPhone forensic triage tool that will parse out some of the most common data sources and applications. It is free to use and easy to expand with your own modules written in Python.
Thank you to all of our Patrons for sponsoring DFIR Science.
Especially The Ranting Geek. Thank you so much!
This video shows how to get started with iLEAPP if you already have a dump of iPhone data. iLEAPP is a simple way to start with iPhone forensics, but keep in mind that it is not as comprehensive as other tools. You may need to manually conduct an iPhone forensic analysis to pull out more information that iLEAPP cannot yet parse.
00:00 The Case
00:11 Getting iLEAPP
00:35 Install iLEAPP requirements
00:49 Run iLEAPP GUI
01:23 Review the iLEAPP report
01:49 Case-relevant artifacts
02:33 Limits of iLEAPP
02:47 Easily keep iLEAPP up to date
03:27 iLEAPP review
bit.ly/2Ij9Ojc - 👍 Subscribe for weekly videos
❤️ Get early access and bonus content - / dfirscience
Links:
* github.com/abrignoni/iLEAPP
#DFIR #iPhone #iLEAPP #forensics
010001000100011001010011011000110110100101100101011011100110001101100101
Help make DFIR tutorials
👍 Subscribe → bit.ly/2Ij9Ojc
🛒 Shop → swag.dfir.science
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Tools to help manage your KZread Channel: www.tubebuddy.com/DFIRScience
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing and will probably allow its use.

Пікірлер: 29

  • @accessinvestigationsllc6332
    @accessinvestigationsllc63322 жыл бұрын

    Good Stuff, thanks

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Glad you enjoyed it

  • @office9683
    @office96838 ай бұрын

    Damn - this guy flies thru plenty of info but does it in a way that a dolt (me) can follow along. Really hard to pull that off on a subject as complex as digital forensic recovery. Thanks

  • @SALTINBANK
    @SALTINBANK2 жыл бұрын

    Thanks great vid m8 ...

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Thanks a lot.

  • @djnikx1
    @djnikx1 Жыл бұрын

    👍Cheers bud!!

  • @OxygenOS
    @OxygenOS2 жыл бұрын

    Thumbs up!

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Thanks a lot!

  • @connorsullivan6441

    @connorsullivan6441

    2 жыл бұрын

    brooooo i love the hashtag. its a must

  • @battistacagnoni3332
    @battistacagnoni33322 жыл бұрын

    Great job! What do you recommend to generate the dump?

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Check out iOS triage (github.com/RealityNet/ios_triage) - it's also built into Tsurugi Linux. The dumpin the video was made with Cellebrite (Cellebrite CTF 2021)

  • @battistacagnoni3332

    @battistacagnoni3332

    2 жыл бұрын

    @@DFIRScience Thanks! BTW Tsurugi it's great.

  • @summerbeasley3796
    @summerbeasley3796 Жыл бұрын

    Hi DFIR Science, I am working on a project for school where I would like to utilize the tool you mentioned. Where could I retrieve dumps for research purposes? (i.e. Wiki Packet captures for Wireshark analysis) What are some good sites for iPhone dumps?

  • @DFIRScience

    @DFIRScience

    Жыл бұрын

    For forensic data sets check out cfreds.nist.gov/ and digitalcorpora.org/corpora/disk-images That will give you a lot of older and up to date data sets to work with.

  • @blanche489
    @blanche489 Жыл бұрын

    If my phone has been hacked by my employer could you see where they have some sort of trace on my phone? Or they have my data sent to their phone?

  • @djnikx1

    @djnikx1

    Жыл бұрын

    check the log files

  • @muhammadawais66
    @muhammadawais662 жыл бұрын

    How can I find the last unlock time through ileapp??

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Make sure you have the most up-to-date version of iLEAPP. There are modules for ios activities, but also for user activities.

  • @isaacnewtonfrancis5417
    @isaacnewtonfrancis54172 жыл бұрын

    Sir Hello I'm Isaac. Sir what books do you recommend for Fundamentals, principles and Concepts in Digital Forensics.

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    That's a good question. A few books came out this year that look interesting. Let me make a list and get back to you.

  • @isaacnewtonfrancis5417

    @isaacnewtonfrancis5417

    2 жыл бұрын

    @@DFIRScience sure sir thank you

  • @veil2death

    @veil2death

    2 жыл бұрын

    @@DFIRScience that will be an amazing thing to read

  • @tiom28x
    @tiom28x2 жыл бұрын

    How you can extract dump of the iPhone? Hmmm

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Check out iOS triage (github.com/RealityNet/ios_triage) - it's also built into Tsurugi Linux. The dump in the video was made with Cellebrite (Cellebrite CTF 2021)

  • @sayankumardey6826
    @sayankumardey68262 жыл бұрын

    Sir pls send the dump

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    Links for the image and password can be found here: www.stark4n6.com/2021/10/cellebrite-ctf-2021-marshas-iphone.html

  • @sayankumardey6826

    @sayankumardey6826

    2 жыл бұрын

    Sir which one I need to download? There is total 3 file and 1 is around 10 gb and that one is needed, I think. Am I right sir?

  • @DFIRScience

    @DFIRScience

    2 жыл бұрын

    @@sayankumardey6826 you need all three pieces. When you unzip them they make one large phone image.

  • @sayankumardey6826

    @sayankumardey6826

    2 жыл бұрын

    Oh ok sir

Келесі