Open Source Mobile Forensics using Python
Alexis Brignoni
FBI
We are living in the golden age of mobile forensics. Thanks to the work done by the online open source community we have incredible access to the innermost data stores in mobile devices. This access requires proper parsing and analysis to make the acquired data meaningful and ultimately useful. To these purposes the iOS Logs, Events And Plist parser (iLEAPP) and the Android, Logs, Events And Protobuf (ALEAPP) platforms have been developed to provide a fully transparent way of creating artifact parsers, in Python 3, for these mobile device extractions.
In this presentation you will learn the following:
How to process zip, tar, and logical extractions with iLEAPP & ALEAPP.
Analyzed the parsed data using the generated HTML reports, TSV files, and SQLite based timeline feature.
Understand the artifact parsing workflow so you have a total understanding of what the tool is doing.
Be presented with free online resources that will guide you on how to create and edit artifacts for these platforms.
Be presented with free online resources that will teach you Python itself if you are not familiar with programming.
Alexis Brignoni has been serving the area of Orlando, Florida for the last 13 years as a Special Agent of the Federal Bureau of Investigation. A native of San Juan, Puerto Rico, he has a Bachelor's in Computer Science and an MBA in Management of Information Systems. Before working as a digital forensics examiner, he was a case agent tasked with investigating online crimes against children, network intrusions, intellectual property and online fraud among others. Currently holding multiple digital forensics certifications, Alexis Brignoni has been focused on mobile app digital forensics as an area of interest due to the ever-evolving challenge of parsing a never-ending stream of new applications for relevant data. He can be reached online via Twitter @AlexisBrignoni and on his blog at abrignoni.com.