Every Breath You Take, Every Swipe You Make—Your iPhone’s Logging It

Digital Forensics Now

תוכן מסופק על ידי Heather Charpentier & Alexis "Brigs" Brignoni, Heather Charpentier, and Alexis "Brigs" Brignoni. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Heather Charpentier & Alexis "Brigs" Brignoni, Heather Charpentier, and Alexis "Brigs" Brignoni או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

6M ago 1:15:09

MP3•בית הפרקים

Send us a text

Apple devices are constantly recording user activity, yet few forensic examiners are making use of the vast amount of data these systems quietly generate. Apple's Unified Logs and Spotlight databases track nearly everything that happens on an iOS device, often without the user realizing it.

Would you believe an iPhone can generate around 1.5 million log entries in just 15 minutes of regular use? These records include highly specific actions—such as the exact moment Face ID is used to unlock a device, when the phone is flipped face-up, or whether a user interacted with Siri or used the device manually. Despite their detail and reliability, these sources are often overlooked in mobile investigations.

In this session, we’ll show how forensic practitioners can process and search these massive log sets using open-source tools. We’ll walk through examples of log entries that record actions like toggling airplane mode, launching specific apps like Facebook, or even detecting changes in device orientation. For investigators, this means direct, time-stamped evidence of how a device was used.

One of the most valuable aspects of this data is its ability to help distinguish between user actions and automatic background processes. Was an app opened by the user, or was it a system event? These logs provide that level of clarity. We’ll demonstrate how to isolate specific events from millions of entries and construct accurate timelines that reflect exactly what happened—and when.

As part of our ongoing work, we’re also focused on improving the accessibility and usability of these artifacts with incorporation into the LEAPPS. If you work with iOS devices, this is a session you won’t want to miss.

Notes:

2026 IACIS in Reno NV-

https://www.iacis.com/training/reno-info/

Spotlight-

https://github.com/ydkhatri/mac_apt

Unified Logs-

https://www.ios-unifiedlogs.com/

https://github.com/abrignoni/iLEAPP

פרקים

1. Episode Introduction (00:00:00)

2. IACIS Conference Recap (00:04:35)

3. Epic Universe Adventure (00:07:28)

4. iOS Spotlight Forensics Basics (00:11:45)

5. Apple Unified Logs Overview (00:21:15)

6. Processing Unified Logs in iLEAPP (00:35:17)

7. Real-World Log Examination Examples (00:44:36)

8. Future Development Plans (01:10:30)

9. Meme of the Week and Closing (01:14:46)

40 פרקים

#Tech #Heather Charpentier & Alexis "Brigs" Brignoni #Alexis "Brigs" Brignoni #Heather Charpentier #Digital Forensics #Mobile Forensics #DFIR #Computer Forensics