Heather Mahalik, the author of Practical Mobile Forensics and SANS FOR585, has written a post about forensicating iOS 11 iMessages and SMS. The first thing to be noted, common mobile forensic tools not parsing these messages correctly, at least sometimes, especially timestamps, so the best way is to parse the sms.db contents manually. The thing is – you can see timestamps in different formats in the same column! But it’s not a problem anymore as Heather has written an amazing query for parsing all SMS and iMessages from the sms.db regardless of the iOS version, you can find the whole post and the query here.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *