When reviewing Biome and KnowledgeC artifacts in iOS Forensics there are often references to stream names for events. There is a plist file that seems to provide a little more information about these stream names including descriptions and some precision and rate limit values. It can be found at: /System/Library/PrivateFrameworks/CoreDuet.framework/com.apple.coreduet.systemevents.plist The below table is taken ... Read more The post iOS Stream Names first appeared on Blue Crew Forensics.| Blue Crew Forensics
In this blog I will discuss my findings on the AppIntent files that are located within the Biomes folder in many iOS extractions. These files contain many forensic artifacts that may no longer appear elsewhere on the device including deleted iMessages. The post Analyzing iOS Biome AppIntent Files first appeared on Blue Crew Forensics.| Blue Crew Forensics
Introduction I recently found a file that Apple has started using at some point which seems to be known as a Metadata Plist based on finding files with this same format using the extension ‘.mdplist’. It seems to be different from a BPList although it seems to hold the same type of data. I’m not ... Read more The post DEBA / MDPlist Files first appeared on Blue Crew Forensics.| Blue Crew Forensics
Introduction I recently had a case involving Discord where the case investigator had observed images within the thread on an iPhone but they were not appearing in the threads in Cellebrite Physical Analyzer. The investigator described the images to me and I was able to locate them in a folder associated with Discord so I ... Read more The post Connecting Discord Attachments to Threads & SDWebImage Library first appeared on Blue Crew Forensics.| Blue Crew Forensics
Sometimes it becomes necessary to quickly change the background of a photo and often times we may not have a graphics editing software available. This tip will help you change the background when a different color is needed to match others. Most of the skill needed to make this look good is in Step 6. ... Read more The post Change Background of Mugshots with Microsoft Word first appeared on Blue Crew Forensics.| Blue Crew Forensics