Tag: Mobile

Magnet AXIOM Adds Forensic Support for Uber

By

Since its launch, Uber has become a popular alternative to taxi rides in many cities globally. As Uber is controlled through a mobile app, it only makes sense to add support for it in Magnet AXIOM and Magnet IEF. With the launch of AXIOM 1.0.4 and IEF 6.8.1, we’ve added support to parse data from … Continued

Forensic analysis of the Windows UserAssist artifact 

By

What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued

Digital Forensics: Artifact Profile – WhatsApp Messenger

By

APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt*   Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued

Digital Forensics: Artifact Profile – Whisper

By

APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite   Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued

Digital Forensics: Artifact Profile – Yik Yak

By

APPLICATION NAME: Yik Yak CATEGORY: Chat RELATED ARTIFACTS: Yik Yak Notifications, Yik Yak Yaks OPERATING SYSTEMS: iOS SOURCE LOCATION: iOS – %root%\Library\Caches\engineering.locus.chatter\Cache.db iOS – %root%\Library\Caches\engineering.locus.chatter\fsCachedData\%GUID%   Importance to Investigators Yik Yak is a popular social media application most commonly used by young adults. The app, available on iOS and Android smartphones, allows users to post anonymous messages to … Continued

Mobile Chat & Social App Forensics

By

Smartphone apps that allow users to express themselves by messaging, posting, tweeting, liking, commenting, and sharing images and videos, have radically altered communication patterns. This new world of hyper-connected mobile chat and social apps is evolving at warp speed, and it seems like a new app explodes in popularity every month, with others constantly changing … Continued

Announcing Magnet ACQUIRE: A New Forensic Tool for Imaging Smartphones

By

From Jad Saliba, Founder & CTO of Magnet Forensics Today I’m excited to announce the beta availability of a new software product called Magnet ACQUIRE™. Magnet ACQUIRE is a smartphone acquisition tool that will allow you to quickly and easily acquire an image of any iOS or Android smartphone or tablet. We’re looking for forensic professionals to … Continued

April Artifact Update: Native Android Apps

By

Our latest artifact update for IEF includes support for native Android applications. As the mobile market continues to narrow-in on two primary operating systems – Android and iOS – it’s becoming increasingly important for investigators to recover data from these built-in system apps. In February, we added support for a similar set of native iOS … Continued