Previous: Heisenberg's Android | Beth's iPhoneRound 3 goes to Marsha's iPhone X.Evidence: https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Marsha_iPhoneX_FFS_Premium_2021_07_29.zip.001https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Marsha_iPhoneX_FFS_Premium_2021_07_29.zip.002https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Marsha_iPhoneX_FFS_Premium_2021_07_29.zip.003Password: 02DB2ECE91DB67E8FA939FC3DC15D16BLocation Artifacts-FFS (20 points)A new reminder was set with pictures attached, in what city was Marsha when the reminder was set?There were two different reminders that had pictures attached, one with pictures created on 4/4/2021 08:07 pm with... [Read More]

Previous: Heisenberg's AndroidNext up we have an iPhone X owned by Beth. She's a feisty one!Evidence: https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Beth_iPhoneX_FFS_checkm8_2021-07-29.zip Password: 02DB2ECE91DB67E8FA939FC3DC15D16BDevice Connections (10 points)What is the name of the vehicle Beth’s phone connected to on April 6, 2021?We can get the answer quick from the following plist:private\var\containers\Shared\SystemGroup\C272EF97-5B86-4578-B2ED-AAAB06943E85\Library\Preferences\com.apple.MobileBluetooth.devices.plistiLEAPP pulls this out quickly so we can filter... [Read More]

Cellebrite is back with another CTF competition and this year's takes it up a notch. I want to start by giving major props to Heather, Paul, Ronen, Sahil and Ian for putting on a great competition.Now lets get started with the walkthroughs. First up, is the Samsung Note 10 owned by... [Read More]

Shortlink: startme.stark4n6.comIf you'd like to nominate my page for Resource of the Year for the 2022 Forensic 4:cast Awards, fill out the form from the link here:https://forms.gle/g6hDp9uaErvoNzt68EZ Tools & KAPEAwesome-KAPE - A curated list of KAPE-related resourcesDFIR YouTube FeedsChewing the FATMSABForensics ToolsRLEAPP - Returns Logs Events And Properties ParserGetting Started in... [Read More]

There is always room for improvement to parsers of the past. That was the case when I asked to look into some Kik Messenger artifacts. There has already been support for Kik in iLEAPP for months but  you can always squeeze out more information. Starting with the basics we can... [Read More]