Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Tryhackme: iOS Analysis Writeup - Aleyna Doğan

Aleyna

Cyber Security

Tryhackme: iOS Analysis Writeup

updated on

Discover the forensic artefacts present within iOS.

Room Link

Task 2: iOS Pairing

2.1. What is the name of a type of certificate that is used when an iPhone and a device pair together?

Trust Certificate

2.2. What is the expiry timer on these certificates?

30 Days

Task 3: Preserving Evidence

3.1. What is the name of the Apple feature that allows a device to be remotely wiped?

Find My

3.2. What “type” of backup would we perform if we wanted to backup the entire device

Encrypted

3.3. What is the name of an important piece of equipment that can block all signals, preventing the device from being remotely wiped?

Faraday Bag

Task 4: The iOS Filesystem

4.1. After March 2017, what filesystem do all iPhones use?

APFS

4.2. What is the name of the “domain” that stores all files relating to the operating system?

System

Task 5: Artefacts

5.1. In what directory of a backup is the Address Book (contacts) stored?

HomeDomain/Library/AddressBook

5.2. In what directory of the iPhone are passwords and certificates stored? This is known as the Keychain.

/var/keychains

Task 6: Analysis

6.1. What is the name of the cross-platform toolkit that can interact with iOS devices? This is a CLI tool.

libimobiledevice

6.2. If we wanted to do a full iPhone backup using the aforementioned tool, with the directory being “backup”, what would our command look like?

  • backup: instructs the module to backup.
  • --full: create a full backup.

idevicebackup2 backup –full ./backup

Task 7: Practical: Operation Timely Manner

7.2. What is the name (SSID) of the Wi-Fi network the iPhone connected to?

OneMinuteStaff

7.3. What are the saved contact details for the competitor?

Answer format: Firstname,Lastname

Open the AddressBook.sqlitedb file in SQLite in the directory C:\Users\Administrator\Desktop\iPhoneExtracted.

Wayne,Garcey

7.4. On what day was the exchange of information to take place?

Answer format: DD/MM/YYYY

30/03/2024

Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir