iOS Unified Logs Acquisition tool - Description
The tool, designed by Lionel Notari, enables digital investigators to automatically extract Unified Logs from iOS devices connected to a Mac computer in a forensic sound manner. In addition to logs, the tool also retrieves crucial information about the iOS device, such as name, model, iOS version, storage capacity, UDID, phone number, etc.
Details
Forensic Extraction
The primary objective of the iOS Unified Logs Acquisition tool is to streamline the extraction of the iOS Unified Logs in a forensic manner. Extracting Unified Logs manually can be a cumbersome process. By automating this process, the tool ensures that forensic investigators can access crucial digital evidence efficiently and reliably. This automated approach not only saves time and effort but also ensures the integrity and accuracy of the extracted data, which is essential in forensic investigations.
Extraction Customization
Digital Investigators have the ability to customize their extraction process by specifying their name, the case name, extraction name, and the location for saving the extracted unified logs. They can also specify a start date/time so as not to extract all the logs if they wish. These features significantly simplify the extraction process for investigators and ensures efficient organization of the extracted data.
Detailed Extraction Report
Upon completion of the extraction, the tool automatically generates a comprehensive report that provides a detailed overview of the extraction. This report includes information provided by the investigator during the tool launch, as well as important statistics such as the date of the first and last extracted log, archive size, total number of extracted logs, etc. Additionally, a hash of the log archive is included to ensure data integrity.
iOS Unified Logs Acquisition tool - Process
Below is a detailed and illustrated description of the process to acquire iOS Unified Logs.