| ABTraceTogether | Analysis of the ABTraceTogether app (iOS) | |
| AirTags | AirTags within iOS File Systems - Appalachian4n6 | |
| AirTags | [Air]Tag You're It! - D20 Forensics | |
| Anonymous Chat Rooms (Dating App) | Finding messages in Anonymous Chat Rooms, Dating app - Chuan-lun (Johnson) Chou | |
| AppInstalls, AppLaunch, & AppIntents | iOS 16 Breaking Down the Biomes Part 2 - AppInstalls, AppLaunch, & AppIntents - D20 Forensics | |
| AppIntent | Analyzing iOS Biome AppIntent Files - Blue Crew Forensics | |
| Apple CarPlay | Ridin’ With Apple CarPlay | |
| Apple Health | Audio and App Usage in Apple Health - Stark4n6 | |
| Apple Mail | Apple Mail - A Forensic Insight | |
| Apple Maps | What Apple Maps Activity Can be Found Using a Logical Extraction - Lord Templar1 | |
| Apple Notes | Revisiting Apple Notes (1): Improved Note Parsing | |
| Apple Notes | Revisiting Apple Notes (2): Easy Embedded Objects | |
| Apple Notes | Revisiting Apple Notes (3): Embedded Tables | |
| Apple Notes | Revisiting Apple Notes (4): Gallery Objects | |
| Apple Notes | Revisiting Apple Notes (5): Encrypted Notes | |
| Apple Notes | Revisiting Apple Notes (6): The Protobuf | |
| Apple Notes | Revisiting Apple Notes (7): Cloudkit Data | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 3] – Playing in the Sandbox, Enumerating Files and Directories | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 2] – sudo make me a sandwich | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 1] – Converting Log Archive Files on 10.15 (Catalina) | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 7] – Exploring USBMSC devices with --style | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 5] – Login Inception!? Yes! – Local Logins! | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week! | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 9] – We all know you're binging Netflix! Now Playing on your Apple Devices! | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 10] – You down with TCC? Yea, you know me! Tracking App Permissions and the TCC APOLLO Module | |
| Apple Unified Logs | Analysis of Apple Unified Logs: Quarantine Edition [Entry 11] – AirDropping Some Knowledge | |
| Apple Unified Logs | Analysis of Apple Unified Logs [Entry 12] – Quick & Easy Unified Log Collection from iOS Devices for Testing | |
| Apple Watch | Apple Watch Forensics 02: Analysis | |
| Apple Watch Data | Enriching Investigations with Apple Watch Data Through the healthdb_secure.sqlite Database - James McGee | |
| Apple Watch/Apple TV | Apple TV and Apple Watch Forensics 01: Acquisition | |
| Auto-lock and Require Passcode | iOS Settings Display Auto-Lock & Require Passcode - Scott Koenig | |
| Battle.net | Finding Blizzard Battle.net messages in iOS | Concentrates on messages sent with Battle.net app |
| Bumble | What's the Buzz - Bumble on iOS - Stark4n6 | |
| Cache.db | Looting iOS App's Cache.db - Drew Kirkpatrick | |
| Carplay | iOS 16 - Breaking Down the Biomes (Part 3) - Keeping up with CarPlay - D20 Forensics | |
| Chipolo | iOS - Chipolo App Research and Encrypted Realm Databases | |
| Clubhouse | Investigating Clubhouse | |
| Continuity/Cellular Relay | Relays in the Apple Ecosystem. Passing the Baton - The Binary Hick | |
| Couch to 5K Runner App | Couch to 5K Runner: A Mobile Forensics Investigation | |
| Deleted Messages | Lagging for the Win: Querying for Negative Evidence in the sms.db - Belkasoft | |
| Deleted SMS/iMessage | An Alternate Location for Deleted SMS/iMessage Data in Apple Devices - James McGee | |
| DFU: iPhone 8, 8 Plus, and iPhone X | Entering DFU: iPhone 8, 8 Plus, and iPhone X - Elcomsoft | |
| Discord | Finding Discord chats in iOS | |
| Discord | Update on Discord forensic artifacts for iOS & Windows | |
| Discord | It's alive! - Attachment links in Discord | |
| Discord | Discord Forensics | |
| DJI Fly | iOS - App Research: DJI Fly | |
| Dropbox | Profiling user activity in Dropbox for iOS | |
| Dual SIM Phones | Mo’ SIMs, Mo’ Problems. Examining Phones with Dual SIMs - Binary Hick | |
| Evernote | Evernote for iOS | Covers application logging and geolocations in database files, |
| Facebook Messenger | Investigating iOS Facebook Messenger - Forensafe | |
| Gboard | Gboard has some interesting data.. | |
| GeoFence | Reminder Locations (GeoFences) | |
| Google Duo | Google Duo - Android & iOS Forensic Analysis | |
| Google Fit | Google Fit Extraction: Location, Health and Fitness Data | |
| Grubhub App | Forensic Investigation of the Grubhub iOS App - Christopher Kyriacou | |
| Hidden Assets | How to find iOS Hidden Assets - The Forensic Scooter | |
| Houseparty | iOS Houseparty app: More Realm | |
| Houseparty | Get your red Solo cup: It's time for a little Houseparty | |
| iCloud | Investigating iCloud | |
| iMessage Location Sharing | Sharing Locations in iOS Messages | |
| iMessage Reactions | Message Reactions | |
| iOS | Taking The First Step - iOS Security & Forensics -P1 | |
| iOS | Upgrade From NULL—Detecting iOS Wipe Artifacts | |
| iOS | Oh no! I have a wiped iPhone, now what? | |
| iOS | Apple’s Find My & iCloud’s Throne of Lies | |
| iOS | iOS Backup vs iCloud How can you compare? | |
| iOS | Today, Widgets, & Ignored Apps in iOS | |
| iOS | iOS System Artifacts: Revealing Hidden Clues | |
| iOS - Sysdiagnose | sysdiag-who? | |
| iOS - VMP4 File Format | iOS Forensics: VMP4 File format | |
| iOS 11 - HEIC | Monkey takes a .heic | |
| iOS 11 and 12 Notifications | iOS 11 & 12 Notifications Triage Parser | |
| iOS 12 | Creating a File System Image of iOS12 (12.1/16B92) | |
| iOS 13 | iOS 13 - Summary For Those of You Who Enjoy the CliffsNotes | |
| iOS 13 | …Won't You Back That Thing Up: A Glimpse of iOS 13 Artifacts | |
| iOS 13 | iOS 13 – Swipe to Type | |
| iOS 14 | iOS 14 - First Thoughts and Analysis | |
| iOS 14 | Rotten to the Core? Nah, iOS14 is Mostly Sweet | |
| iOS 14 - App Clips | iOS 14 - Tracking App Clips in iOS 14 | |
| iOS 14 - iMessage | iOS 14 - Message Mentions and Threading | |
| iOS 14 - Maps | iOS14 Maps History BLOB Script | |
| iOS 14 - Notes | Notes in iOS 14 | |
| iOS 14 - Private Wi-Fi Addresses | Apple Private Wi-Fi Addresses | |
| iOS 15 Image | iOS 15 Image Now Available. Finally. - Binary Hick | |
| iOS 16 - iMessage Updates | iOS16 iMessages - DoubleBlak | |
| iOS 17 | iOS 17 Forensics: Another Year, Another Byte of the Apple | |
| iOS Acquisition | The Art of iPhone Acquisition | |
| iOS Acquisition | iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent | |
| iOS Acquisition | iCloud Advanced Data Protection: Implications for Forensic Extraction | |
| iOS ADDataStore.sqlitedb | On the Fifth Day of APOLLO, My True Love Gave to Me – A Stocking Full of Random Junk, Some of Which Might be Useful! | |
| iOS AirDrop | AirDrop Forensics | |
| iOS APOLLO | On the Eleventh Day of APOLLO, My True Love Gave to Me – An Intriguing Story – Putting it All Together: A Day in the Life of My iPhone using APOLLO | |
| iOS Application Groups | iOS Application Groups & Shared data | |
| iOS Application Usage | On the Third Day of APOLLO, My True Love Gave to Me – Application Usage to Determine Who Has Been Naughty or Nice | |
| iOS Artifact Reference | iOS Forensics References - Mattia Epifani | |
| iOS Backups | Forensic Analysis of iTunes Backups | |
| iOS Backups | iPhone Backups: Top 5 Default Passwords | |
| iOS Bluetooth | How to Use iOS Bluetooth Connections to Solve Crimes Faster | |
| iOS Bluetooth | How to Use iOS Bluetooth Connections to Solve Crimes Faster | |
| iOS Bundle IDs | iOS - Tracking Bundle IDs for Containers, Shared Containers, and Plugins | |
| iOS Camera Roll | Parsing iOS Camera Roll using Python | |
| iOS Communications and Data Usage | On the Seventh Day of APOLLO, My True Love Gave to Me – A Good Conversation – Analysis of Communications and Data Usage | |
| iOS Databases | Primary Key / Date Stamp Fallacy | |
| iOS Device Connections | On the Eighth Day of APOLLO, My True Love Gave to Me – A Glorious Lightshow – Analysis of Device Connections | |
| iOS Device Migration | iOS - Tracking Device Migration | |
| iOS Device Status Analysis | On the Sixth Day of APOLLO, My True Love Gave to Me – Blinky Things with Buttons – Device Status Analysis | |
| iOS Device with Broken Buttons into DFU Mode | How to Put an iOS Device with Broken Buttons in DFU Mode | |
| iOS Facial Recognition | Follow-on to DFIR Summit Talk: Lucky (iOS) 13: Time To Press Your Bets (via @bizzybarney) | |
| iOS Files | iOS - The Files App | |
| iOS Files | iOS - Files App Part Deux: Quick Images and A Chart! | |
| iOS Health Data | On the Second Day of APOLLO, My True Love Gave to Me - Holiday Treats and a Trip to the Gym - A Look at iOS Health Data | |
| iOS Images | iOS 13 and 14 Images - The Binary Hick | |
| iOS Installation Logs | iOS Mobile Installation Logs Parser | |
| iOS Installed and Uninstalled Apps | Identifying installed and uninstalled apps in iOS | |
| iOS Installed and Uninstalled Apps | Update on identifying installed and uninstalled apps in iOS | |
| iOS InteractionC.DB | Socially Distant but Still Interacting! New and Improved Updates to macOS/iOS CoreDuet interactionC.db APOLLO Modules | |
| iOS Interface | On the Ninth Day of APOLLO, My True Love Gave to Me – A Beautiful Portrait – Analysis of the iOS Interface | |
| iOS Jailbreak using unc0ver | Jailbreaking iPhone XR with unc0ver - Hexordia | |
| iOS Jailbreaking and Full File System Acquisition | Step by Step Guide to iOS Jailbreaking and Physical Acquisition | |
| iOS Jailbreaking and Full File System Acquisition | iOS Device Acquisition with checkra1n Jailbreak | |
| iOS Jailbreaking and Full File System Acquisition | Checkm8, Checkra1n and the new "golden age" for iOS Forensics | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 4 - Analyzing extractions "Before First Unlock" | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 3 - Automating extraction "Before First Unlock" (aka "Give me a stupid bash script!") | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 2 - Extracting data "Before First Unlock" (aka "I found a locked iPhone! And now?") | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 1 - Before First Unlock (aka "I lost my iPhone! And now?") | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 5 - Automating extraction and processing (aka "Merry Xmas!") | |
| iOS Jailbreaking and Full File System Acquisition | iOS Forensics: BFU (Before First Unlock) acquisition, using checkra1n | |
| iOS Jailbreaking and Full File System Acquisition | Checkm8 and Checkra1n – Full Filesystem extractions for iOS devices | Webinar on Checkm8 and Checkra1n |
| iOS Jailbreaking and Full File System Acquisition | The True Meaning of iOS Recovery, DFU and SOS Modes for Mobile Forensics | |
| iOS Jailbreaking and Full File System Acquisition | Full File System Acquisition of iPhone 11 and Xr/Xs with iOS 13 | |
| iOS Jailbreaking and Full File System Acquisition | iPhone Acquisition Without a Jailbreak (iOS 11 and 12) | |
| iOS Jailbreaking and Full File System Acquisition | Everything you ever wanted to ask about Checkm8 and Checkra1n | |
| iOS Jailbreaking and Full File System Acquisition | [Case Study] Mobile Forensics: Several Ways of Exploration for iOS Jailbreaking and iPhone Forensics | |
| iOS Jailbreaking and Full File System Acquisition | CheckRa1n | |
| iOS Jailbreaking and Full File System Acquisition | Checkra1n Era - Ep 6 - Quick triaging (aka from the iPhone to APOLLO, iLEAPP and sysdiagnose in 6 minutes) | |
| iOS Jailbreaking and Full File System Acquisition | iOS Forensic: full disk acquisition using checkra1n jailbreak | |
| iOS Keychain | Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored | |
| iOS KnowledgeC | KnowledgeC: Now Playing entries | Now Playing entries |
| iOS KnowledgeC | KnowledgeC (and Friends) | |
| iOS KnowledgeC | Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage | |
| iOS KnowledgeC | Knowledge is Power II – A Day in the Life of My iPhone using knowledgeC.db | |
| iOS KnowledgeC | Providing Context to iOS App Usage with knowledgeC.db and APOLLO | |
| iOS KnowledgeC | KnowledgeC.db - The iOS Database that knows more about you than you. | |
| iOS Location Mapping | iOS Location Mapping with APOLLO – Part 2: Cellular and Wi-Fi Data (locationd) | |
| iOS Location Mapping | iOS Location Mapping with APOLLO - I Know Where You Were Today, Yesterday, Last Month, and Years Ago! | |
| iOS Location Mapping | On the Tenth Day of APOLLO, My True Love Gave to Me – An Oddly Detailed Map of My Recent Travels – iOS Location Analysis | |
| iOS Location Mapping | Locations, Locations, Locations | |
| iOS Location Services & System Services | iOS Location Services and System Services ON or OFF? | |
| iOS Mail | iOS Mail | |
| iOS Media Analysis | On the Fourth Day of APOLLO, My True Love Gave to Me – Media Analysis to Prove You Listened to “All I Want for Christmas is You” Over and Over Since Before Thanksgiving | |
| iOS Network and Application Usage | Network and Application Usage using netusage.sqlite & DataUsage.sqlite iOS Databases | |
| iOS Photos | Photo.sh - Analysing The Locked iPhone - Apple Photos Shared Albums | |
| iOS Photos | Sharing is Caring – An Overview of Shared Albums in iOS | |
| iOS Photos | iPhone Pictures | |
| iOS Photos.sqlite | iOS Photos.sqlite Forensics | |
| iOS Photos.sqlite | Does Photos.sqlite have relations with CameraMessagesApp? By Scott Koenig | |
| iOS Photos.sqlite | Using Photos.sqlite to Show the Relationships Between Photos and the Application they were Created with? | |
| iOS PLists | PList Decoding | |
| iOS PLists | iOS Bplist Inception | |
| iOS PowerLog | Aggregating iOS PowerLog data using C# – Part 1 | |
| iOS Protobuf Data | Just Call Me Buffy the Proto Slayer – An Initial Look into Protobuf Data in Mac and iOS Forensics | |
| iOS Screen Time | Data Quality and Quantity – How to Get the Best of Both Worlds, Part 2 – Examining Screen Time Artifacts | |
| iOS Shortcuts | iOS Shortcuts - HK_Dig4nsics | |
| iOS Snapshots | iOS Snapshots Triage Parser & working with KTX files | Snapshots show what was last on screen before the app is closed or sent to the background |
| iOS Snapshots | A "Quick Look" into iOS Snapshots | |
| iOS Snapshots | KTX to PNG in Python for iOS snapshots | |
| iOS Software | IPSW Downloads | Download current and previous versions of Apple's iOS, iPadOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released |
| iOS SysDiagnose | How to extract sysdiagnose logs for forensic purposes on iOS | |
| iOS Timestamps | Understanding iOS Time Stamps | |
| iOS Update History | Restore Log - Tracking iOS Update History | |
| iOS15 Metadata Adjustments | iOS Media Adjustment | |
| IPA Files | What's brewing with IPAs - Working with IPA files for Forensic Examiners - Hexordia | |
| iPhone PINs | Analyzing iPhone PINs - Elcomsoft | |
| iTunes Backups | The Most Unusual Things about iPhone Backups | |
| Jailbreak (iOS 15) | checkm8 to SSH - Blake Regan | |
| Jailbroken Full File System | Creating a Full File System image from a jailbroken iOS device - Hexordia | |
| Kik Messenger | Ain't that a Kik in the Head: Kik Messenger iOS Analysis - Kevin Pagano & Alexis Brignoni | |
| KnowledgeC Notifications - ZOBJECTS & ZSTRUCTUREMETADATA | iOS KnowledgeC.db Notifications | |
| KnowledgeC.db | iOS 16 - Now You 'C' It, Now You Don't -- Breaking Down The Biomes Part 1 - D20 Forensics | |
| KnowledgeC.db Notifications | iOS KnowledgeC.db Notifications - Scott Koenig | |
| Location & Device Data | Path of a Murderer: Location & Device Data - Revo4n6 | |
| Location and System Services | iOS Location Services and System Services are they ON or OFF - Scott Koenig & Ian Whiffin | |
| Locked Data | Obtaining Serial Number, MAC, MEID and IMEI of a locked iPhone - Elcomsoft | |
| MySudo | iOS App Forensics — A Closer Look at The MySudo Privacy App | |
| Nike Run | iOS Nike Run app - Geolocation & self join queries | |
| OpenVPN | Forensic Analysis of OpenVPN on iOS | |
| Photos.sqlite | Photos.sqlite Query Documentation & Notable Artifacts - The Forensic Scooter | |
| Photos.sqlite - ZINTERNALRESOURCE | Do you have a Full-Sized Asset…or just a Thumbnail? Did Optimized iPhone Storage process occur?, Filling a device internal storage for Optimize iPhone Storage Research, and lastly, Photos.sqlite ZINTERNALRESOURCE Table Reference Guide - The Forensic Scooter | |
| Photos.Sqlite Queries | Using Photos.sqlite to show relationships between photos and the application they were created with - The Forensic Scooter and Update #2 - Photos.Sqlite Queries and Update 3 | |
| Private Photo Vault | Photo Vault app still pwnable in 2019? An adventure in iOS RE | |
| Protobufs | Parsing unknown protobufs with python | |
| ProtonMail | ProtonMail on iOS | |
| Safari | Favicons | |
| Safari | iOS / macOS - Tracking Downloads from Safari Without Downloads | |
| Safari | iOS 16 - Breaking Down the Biomes (Part 4) - Surfin' with Safari - D20 Forensics | |
| Samsung Smart Switch | Android - Samsung Smart Switch // iOS Transfer Artifacts | |
| Shared with You Syndication Photo Library | Shared with You Syndication Photo Library – Message Attachments & Linked Assets - The Forensic Scooter | |
| Signal | Investigating Signal with ArtiFast Signal | |
| Siri | iOS 16 - Breaking Down the Biomes Part 5 -- "Hey Siri, find me some more data..." - D20 Forensics | |
| Slack | Finding Slack app messages in iOS | |
| Snapchat | Snapchat PList | Covers ChatConversationStore.plist |
| Snapchat | Snapchat - A False Sense Of Security? | |
| Sysdiagnose (iOS 16) | Sysdiagnose in iOS 16: a first look from a Digital Forensics perspective - Mattia Epifani | |
| Telegram | Investigating iOS Telegram | |
| TikTok | Finding TikTok messages in iOS | |
| TikTok | TikTok Smartphone Evidence | |
| TikTok | Case Study: Forensic Analysis of TikTok on iOS - Dr. Graeme Horsman & Linda Shou | |
| Tile | iOS - The Tile Strikes Back | |
| Tile | iOS - Tile App Part 2: Custom Artifact Boogaloo | |
| Time Inconsistencies after Dead Battery | The Case of the Phantom Device Usage | |
| Unsent Messages | iOS 16 - "Paul unsent a message." ... OR DID HE?! - D20 Forensics | |
| User Notification Events | Peeking at User Notification Events in iOS 15 - 4n6 Ninja | |
| User Notifications in iOS15 | Peeking at User Notification Events in iOS 15 - 4n6 Ninja | |
| Venmo | Venmo. The App for Virtual Ballers. | |
| WhatsApp | How to decrypt WhatsApp end-to-end media files | |
| WhatsApp | iOS WhatsApp Forensics with Belkasoft X | |
| Wickr | Wickr. Alright. We’ll Call It A Draw. | |
| ZSPEED - iPhone Device Speed | iPhone Device Speeds via Cache.sqlite - ZRTCLLOCATIONMO table and Vehicle and iPhone Speed Comparison - The Forensic Scooter | |