John Hyla Disclaimer: This format was reverse engineered to the best of my ability. This blog article is subject to future updates or corrections if anything new is learned. Please reach out if you have any insights Introduction I recently found a file that Apple has started using at some point which seems to be known as … Read more
Introduction I recently had a case involving Discord where the case investigator had observed images within the thread on an iPhone but they were not appearing in the threads in Cellebrite Physical Analyzer. The investigator described the images to me and I was able to locate them in a folder associated with Discord so I … Read more
In this blog I will discuss my findings on the AppIntent files that are located within the Biomes folder in many iOS extractions. These files contain many forensic artifacts that may no longer appear elsewhere on the device including deleted iMessages.