Yogesh Khatri's forensic blog
All things forensic and security related
Sunday, July 19, 2020
KTX to PNG in Python for iOS snapshots
App snapshots on iOS are stored as KTX files, this is fairly well known at this point, thanks to the research by Geraldine Blay ( @i_am_t...
Tuesday, June 9, 2020
Screentime Notifications in Catalina (10.15)
If you routinely perform mac forensics, you've probably done a few macOS Catalina (10.15) examinations already. And if you are the kind...
Monday, March 30, 2020
Parsing unknown protobufs with python
Protocol Buffers are quite popular, more and more apps and system files are storing data in this format in both iOS and Android operating s...
Saturday, March 28, 2020
Google Search & Personal Assistant data on android
The Google app, previously known as Google Now, is installed by default on most phones. From the app's description - The Google app k...
Wednesday, January 8, 2020
Usagestats on Android 10 (Q)
UsageStats If you are unfamiliar with this artifact, Alex Brignoni explains the UserStats artifact in the blog post here . Located at /da...
Monday, October 28, 2019
macOS 10.15 Volumes & Firmlink magic
With macOS 10.15 - Catalina, Apple has introduced a change in the way system and user data is stored on disk. In prior versions, the root &...
Saturday, October 26, 2019
Part 3 - ADB keyvalue backups - Wifi and System settings
This is Part 3 of the continuing blog series on ADB keyvalue backups . Today we focus on Wifi settings and other system configuration ava...
View web version