Jailbroken - Mobile Forensics

Read some articles before you play.

• https://salt4n6.com/category/mobile-forensics/

• https://resources.infosecinstitute.com/topic/ios-forensics/

• https://www.sans.org/security-resources/posters/dfir-advanced-smartphone-forensics/30/download

What is the IOS version of this device?

# analyze with iLEAPP
9.3.5

What mm/dd/yyyy did Nest connect?

2020-04-15
4/15/2020

Who is using the iPad? Include their first and last name. (Two words)

# You can view iLEAPP report

Tim Apple

When was the last time this device was 100% charged? Format: 01/01/2000 01:01:01 PM

# /private/var/containers/Shared/SystemGroup/4212B332-3DD8-449B-81B8-DBB62BCD3423/Library/BatteryLife/CurrentPowerlog.PLSQL
# https://www.epochconverter.com/
04/15/2020 06:40:31 PM

What is the title of the webpage that was viewed the most? (Three words)

# You can view iLEAPP report
# \Jailbroken\private\var\mobile\Containers\Data\Application\FB1B2A1C-AC19-406F-BEEC-EC048BF504EA\Library\Safari\History.db
kirby with legs

What is the title of the first podcast that was downloaded?

# https://salt4n6.com/category/mobile-forensics/
# Jailbroken/private/var/mobile/Containers/Shared/AppGroup/80179E24-1812-4B5F-8063-AECFC3773A7A/Documents/MTLibrary.sqlite
# ZMTEPISODE

WHERE ARE WE?

What is the name of the WiFi network this device connected to? (Two words)

# You can view iLEAPP report
# Jailbroken/private/var/preferences/SystemConfiguration/com.apple.wifi.plist

black lab

What is the name of the skin/color scheme used for the game emulator? This should be a filename.

# Jailbroken/private/var/mobile/Library/Caches/com.apple.mobile.installation.plist
# Jailbroken/Applications/GBA4iOS.app/Default.gbaskin

Default.gbaskin

How long did the News App run in the background?

# /private/var/containers/Shared/SystemGroup/4212B332-3DD8-449B-81B8-DBB62BCD3423/Library/BatteryLife/CurrentPowerlog.PLSQL
# PLAppTimeService_Aggregate_AppRunTime

197.810275

What was the first app download from AppStore? (Two words)

# You can view iLEAPP report

Cookie Run: OvenBreak

What app was used to jailbreak this device?

# You can view iLEAPP report, itunes metadata

Phoenix

How many applications were installed from the app store?

# You can view iLEAPP report, itunes metadata

2

How many save states were made for the game mentioned in the question (What was the most recent emulator game obtained)?

$ ls -al Jailbroken/private/var/mobile

1

What language is the user trying to learn?

# You need to check podcasts information

$ cat Jailbroken/private/var/mobile/Media/Podcasts/-4807967202435678538
spanish

The user was reading a book in real life but used their IPad to record the page that they had left off on. What number was it?

# To record, it can be photo and videos

ls -al Jailbroken/private/var/mobile/Media/DCIM/100APPLE/IMG_0008.MOV

If you found me, what should I buy?

# \private\var\mobile\Containers\Shared\AppGroup\4466A521-8AF9-4E09-800B-C3203BB70E0E\NoteStore.sqlite

cp Jailbroken/private/var/mobile/Containers/Shared/AppGroup/4466A521-8AF9-4E09-800B-C3203BB70E0E/NoteStore.sqlite .

Crash Bandicoot Nitro-Fueled racing

There was an SMS app on this device's dock. Provide the name in bundle format: com.provider.appname

# You need to check Apps per screen in iLEAPP report

com.apple.MobileSMS

A reminder was made to get something, what was it?

Milk