Surviving Digital Forensics: iOS App Forensics - chat

Welcome to Surviving Digital Forensics training series. If you deal with iPhone evidence then this class is for you. We are going to focus on learning how to deconstruct iOS third party applications. The concept is important to learn because, oftentimes, automated tools will miss this type of evidence or not parse it properly. We first spend some time learning how the evidence is organized and the tools (free or low cost of course!) to use to do it. Once we have become familiar with this we will learn how to break out chat from third party apps and manually connect the dots, convert machine times, translate database so it all makes sense and can be used as evidence. This is not that difficult to do, heck this class is about two hours, so you will be up and deconstructing in no time. Speaking of time, we will also have a special focus on learning how to bulk convert those pesky machine time values using nothing but Excel. So, the next time you pull 100+ chat messages from a third party app database you can quickly bulk translate them into UTC or your local time zone.

As with past SDF classes, the curriculum is split between a brief presentation to go over important points and familiarize you with the process. After that it is all hands on as we learn by doing. Videos will walk you through the process, step-by-step. All the source files for testing are provided.