OWASP iOSForensic - Forensic Analysis
At times, you need a tool to conduct the forensics analysis; in order to investigate and recover the information found in digital devices. The tool and method is totally depends on the nature of the test and the objective of the forensic analysis, however security analyst and developers have created designated tools for every platform (OS, Application etc).
IOSForensic is a python script that has been written by OWASP, it help in forensic analysis on iOS. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml.
OWASP iOSForensic is free to use. It is licensed under the GNU GPL v3 License, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
Dependencies
Linux
- OpenSSH
- sshpass
- sqlite3
- python >= 2.6
- Python-magic
- plistutil
Device
- a jailbroken device
- OpenSSH
- syslogd to /var/log/syslog (it's the name of the application, restart your phone after install)
- wifi ON
- on some firmware, usb connection needed
How to use
Options
- -h --help : show help message
- -a --about : show informations
- -v --verbose : verbose mode
- -i --ip : local ip address of the iOS terminal
- -p --port : ssh port of the iOS terminal (default 22)
- -P --password : root password of the iOS terminal (default alpine)
Examples
./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP
./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2
Download and More information
