Using Apple “Bug Reporting” for Forensic Purposes
Heather Mahalik
Cellebrite, FOR585
Mattia Epifani
RealityNet System Solutions
Track 2
Apple provides a tool for developers to report issues with Apple software and services. To correctly use this tool, the developer needs to create and collect logs, that can be extracted from an Apple device. These logs contain a lot of information useful to forensics investigations that are often overlooked by commercial tools.
The aim of the presentation is to show how these logs can be generated and extracted from a device, with a particular focus on iOS devices (iPhone and iPad) and explain the most relevant information that can be obtained from these logs.
Moreover, the presentation will show a set of open source scripts we developed to parse and to analyze the extracted logs.
To say that digital forensics is central to Heather Mahalik's life is quite the understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to major terrorism cases. She has helped law enforcement, eDiscovery firms, military and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. Heather is currently the Senior Director of Digital Intelligence at Cellebrite and a Senior Instructor, author and course lead for FOR585: Smartphone Forensic Analysis. She maintains www.smarterforensics.com and is the co-author of Practical Mobile Forensics (1st -4th editions), currently best sellers from Pack't Publishing. Heather is passionate about digital forensics because she loves always having to learn something new. "This field moves so quickly. It is literally impossible to get bored," she says. "If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle."
About Mattia EpifaniMattia Epifani’s passion with computers began when he was given a Commodore 64 for Christmas at age six. “After a couple of years, I was writing my first lines of code,” he says. He kept the computer as his hobby and passion while pursuing his studies, then pursued a computer science degree at university. “My father is a lawyer, so he was not completely happy when I didn’t choose to study law,” says Mattia, but over the years he’s blended the two with a career in digital forensics, bridging the gap between technical and legal systems.
Today, Mattia is CEO of RealityNet System Solutions, an Italian infosec and digital forensics consulting company, where he works as a digital forensics analyst and expert for judges, prosecutors, lawyers and private companies, at times serving as an expert court witness. Mattia also brings his passion and expertise to the classroom as an instructor for SANS FOR500: Windows Forensic Analysis and FOR585: Smartphone Forensic Analysis In-Depth, a topic he’s particularly passionate about. “I spend my days trying to acquire and analyze digital devices, smartphones in particular,” he says. An expert with a vast knowledge of tools and techniques for forensic investigation, Mattia always tries to find a way to achieve his goal even when no tools exist. “I do forensics on a daily basis testing, developing new methods, and going deeper and deeper, and I love teaching by providing real cases and scenarios to my students,” he says.
When he’s not teaching and consulting, Mattia supports the EVIDENCE2e-CODEX project through the Italian National Council of Research, where he serves as a researcher helping to build a system to facilitate the exchange of digital evidences among law enforcement agencies in Europe. Mattia obtained a degree in computer science from the university in Genoa, Italy and received post-graduate training in computer forensics and digital investigations in Milan. He also has several certifications in digital forensics and ethical hacking, including GNFA, GSAF, GREM, GCFA, GMOB, GCWN, CIFI, CEH, CHFI, ACE, AME, ECCE, CCE and MPSC.
A regular speaker on digital forensics at Italian and European universities and events, Mattia authored Learning iOS Forensics and Learning iOS Forensics, Second Edition, edited by PacktPub. He is also a member of the Digital Forensics Association (DFA), International Information System Forensics Association (IISFA), ONIF and T&L Center.