Mobile Apps Forensics Update


In the weeks following our last blog post, we have created base images of the iPhone 5 and the Nexus 7 using Cellebrite UFED Touch and XRY. We have generated data for the application Yik Yak on both devices and then reimaged them. As a team, we are now delving into the analysis of the images and determining what can and can’t be recovered.

Analysis of Mobile Apps

With our data generation, we have been keeping a written record of everything that we have done on Yik Yak to use as a comparison when analyzing the images.

We’ve encountered various problems with the imaging, such as issues extracting zip folders. We were able to overcome this by using sqlite, but we are still exploring how to extract the zip folder.

Another problem we have run into is being unable to view application data on the iPhone because the phone needs to access the AFC2 service. We are working on a way around this using iTunes to perform a backup of the phone, but have thus far been unsuccessful.


We believe we have made pretty good head way in our analysis despite the problems that have popped up. We have so far discovered that with the Nexus 7, we were unable to find as much data from Yik Yak using XRY as we did using Cellebrite. Due to the problems we’ve encountered with the iPhone, we are unable to tell if this is the theme across both platforms or if it is Android specific, though we will be sure to address that in the next blog post.

More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team