I’ve been innudated with emails about images created by Cellbrite™ Physical Pro. Well, the answer is that they don’t decrypt thier images and use decrpytion on the fly. This however doesn’t help examiners that was to use this image in other tools. My suggestion is to use the free iOS Imager — Lantern Lite, that […]
I’ve been innudated with emails about images created by Cellbrite™ Physical Pro. Well, the answer is that they don’t decrypt thier images and use decrpytion on the fly. This however doesn’t help examiners that was to use this image in other tools. My suggestion is to use the free iOS Imager — Lantern Lite, that creates an unecrpyted image. Then use it in the tool of your choice. I’m biased and I would say “Keep it in the Mac world and use Lantern 2.1 — The best Analysis tool bar none.” or,
The developers at Katana forensics will soon be releasing a Image Converter Tool. This will be a Mac based converter that will decrypt those images. Best of all it will be free!!!.
A got a call from an investigator from a federal agency asking about accessing an iPad 2 to create a physical image. unfortunately I had to advise that it isn’t possible at this time, however I advised to get subpoenas and/or court orders for the user’s iCloud data. Since the suspect did not have a […]
A got a call from an investigator from a federal agency asking about accessing an iPad 2 to create a physical image. unfortunately I had to advise that it isn’t possible at this time, however I advised to get subpoenas and/or court orders for the user’s iCloud data. Since the suspect did not have a computer (a growing tend), we know that in the course of setting up any iDevice, that one has to choose to backup to iTunes or iCloud. with the power of a court orders, an investigator request the following iCloud data,
1. Email
2. Backups from the Device ( so we can get a plethora of data as from a normal system backup)
3. Photos stored in iCloud
4. Documents stored in iCloud
5. Contacts
6. Calendar data
if the user also sets up the device by default, it backs up automatically as well.
So there will be data. You don’t even need have to know the apple ID, write your papers to ascertain the user account information and subsequently acquire the data associated with that account. There is a tool created off shore that claims to access iCloud data remotely. I assume that Apple will plug that leak soon, and that accessing a server out your jurisdiction without proper probable cause and a warrant will cause trial issues. So therefore investigators can get this information for free and with the knowledge that it will forestall any legal implications.
Sean Cavanaugh, a contributor for the Apple Examiner wrote a nice article on Lantern Lite. This article can be read at http://www.appleexaminer.com/Downloads/LanternLitePaper.pdf Thanks Sean for writing a nice article. There also is a Law Enforcement only version at the Katana Forensics Website. www.katanaforensics,com
Sean Cavanaugh, a contributor for the Apple Examiner wrote a nice article on Lantern Lite. This article can be read at http://www.appleexaminer.com/Downloads/LanternLitePaper.pdf
Thanks Sean for writing a nice article.
There also is a Law Enforcement only version at the Katana Forensics Website.
www.katanaforensics,com
Blackbag announced a triage addition to its MacQuisition™ tool. Well it costs $1200. I would use Raptor to image a Mac, and MacLockPick to do triage. Total Cost? Raptor — Free MacLockPick 2.2™ — $499 ( and its cross platform also) A savings of $701 With shrinking budgets, it about smart forensics, not cool forensics. There are applications that […]
Blackbag announced a triage addition to its MacQuisition™ tool. Well it costs $1200. I would use Raptor to image a Mac, and MacLockPick to do triage. Total Cost?
Raptor — Free
MacLockPick 2.2™ — $499 ( and its cross platform also)
A savings of $701
With shrinking budgets, it about smart forensics, not cool forensics. There are applications that do just as good if not better than the high priced tools. Its time to support them, not what the fanboys think are great.
You won’t find any of this information about this blog or the tools we suggest. We don’t allow ads either!! Information is power not bias or advertising
You won’t find any of this information about this blog or the tools we suggest. We don’t allow ads either!! Information is power not bias or advertising
Katana Forensics now has a Law Enforcement Version and a public Version of Lantern Lite — “The iOS Physical Imager” Now everyone has the capacity to image iOS Devices. All ranges of Forensics and Security have the ability to analyze these devices. See the details at www.katanaforensics.com.
Katana Forensics now has a Law Enforcement Version and a public Version of Lantern Lite — “The iOS Physical Imager” Now everyone has the capacity to image iOS Devices. All ranges of Forensics and Security have the ability to analyze these devices. See the details at www.katanaforensics.com.
Katana Forensics has updated its FREE time converter application. This time it converts Mac Absolute Time and Unix Epoch Time. Most can’t distinguish which is which. This updated app already knows and converts the values on the fly. Just copy and paste. Visit www.katanaforensics.com and get the FREE application. Another tool for your war chest.
Katana Forensics has updated its FREE time converter application. This time it converts Mac Absolute Time and Unix Epoch Time. Most can’t distinguish which is which. This updated app already knows and converts the values on the fly. Just copy and paste. Visit www.katanaforensics.com and get the FREE application. Another tool for your war chest.
Lantern Lite, the open source project has taken its first step. It was released to Law Enforcement. After some modifications and improvements, the utility will be released to the public. Security professionals will finally have access to a free tool to examine iDevices. This is meant for all that do forensics, and keeping it free […]
Lantern Lite, the open source project has taken its first step. It was released to Law Enforcement. After some modifications and improvements, the utility will be released to the public. Security professionals will finally have access to a free tool to examine iDevices.
This is meant for all that do forensics, and keeping it free and away from forensic tool makers that can’t innovate, just copy. The days of paying to image an iDevice is over. It is parsing the data where one uses grey matter.
Further information can be seen at www.lanternlite.org
My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?” I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well. So here it is […]
My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?” I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well. So here it is using a case folder using the new Lantern 2. This will also work using FTK. Unfortunately I do not have FTK running in my VM, so this method can also work the same way. For this demonstration I am using Parallels. Just like it better now, but again, if you have VMware Fusion, this will work also.
1. Acquire an iDevice using Lantern.
2. Start you Windows virtual machine
3. Depending on your VM software, set up file sharing
4. Copy the Lantern case file (the icon that looks like a briefcase) and bring it into Windows. As you see in the following figure, the case file looks like a file folder. The Lantern case file in 2.0 is an Apple/Mac package. Basically a folder. Windows 7 sees this package as a folder.
5. Open You windows base forensic tool, in this demonstration open Encase and create a case.
6. Then just drag and drop the Lantern folder into Encase as seen below,
7. Then you can run whatever process you care to do at this time. It is just that simple!
For older Lantern version 1 case files. It is essential a Zip file. Just unzip the files and bring them into Encase or FTK using the same method as described above. If you have any questions drop me an email. info@katanaforensics.com