Special Guest: James Duffy – Researcher and Student

In this episode, we are joined by James Duffy who will be discussing acquiring, processing, and parsing iOS data. James is a 20-year-old security researcher and student at Northumbria University. He studies cybersecurity and computer networking while also working in security. Additionally, he has released a few open-source projects including SPIDER, ZPET, and Author.

James will be sharing the methodology and process that he uses for application analysis and some of the alterations that he has developed which help his workflow. He will also explore some of the scripts he has released, explain how he uses them, and go over some open-source utilities he finds useful in his research.

Steps to Approach the Artifact Discovery Process:

  • Download an application
  • Register with the application, preferably with unique details
  • Use the application – some aspects initialize upon first feature use
  • Take note of all user-entered data within the application (usernames, user-facing ids generated by the application, etc.)
  • Execute Checkra1n and wait for the boot
  • Acquire filesystem in BFU and AFU states
  • Extract relevant application data container for application
  • Grep for unique strings in BFU container

Listen to the full episode to learn more about acquiring, processing, and parsing iOS data and to hear about some interesting work being done with applications such as Snapchat.

Share this post