Alexis Brignoni  Dec 14, 2023

๐Ÿšจ The SEGB file format is a key data recovery source on devices that run iOS and macOS. SEGB version 2 comes in the most recent operating system implementations.

๐Ÿ”ฌ Understand the file format: https://cellebrite.com/en/understanding-and-decoding-the-newest-ios-segb-format/

๐Ÿ“„ Parse the file format using Python: https://github.com/cclgroupltd/ccl-segb

#DigitalForensics #MobileForensics #iOSForensics #SEGB #DFIR

Alexis Brignoni  Dec 14, 2023

๐Ÿ New Python parsers for Apple SEGB versions 1 & 2 file formats by Alex Caithness and CCL Solutions Group. Will be updating #iLEAPP soon to support both formats.

๐Ÿ“š These data structures are found in iOS and macOS operating systems. SEGB v2 are found on the latest versions of these operating systems.

๐Ÿ”Ž Important note: If you expect Protobuf as the data payload (it usually is) make sure to skip the first 8 bytes before decoding a SEGB v2 file. See line 17 in the attached image.

โ„น Notice how the script provides the offset, metadata offset, and timestamp along with the data.

๐Ÿ“Ž Get the code here: https://github.com/cclgroupltd/ccl-segb

๐Ÿ“– Thanks to Cellebrite for the file format research found here: https://cellebrite.com/en/understanding-and-decoding-the-newest-ios-segb-format/

#DigitalForensics #MobileForensics #iOSForensics #SEGB #DFIR

GitHub - cclgroupltd/ccl-segb: Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc.

Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc. - GitHub - cclgroupltd/ccl-segb: Module(s) related to reading SEGB (fka "Biome") data from iOS, mascO...

GitHub
Kevin Pagano - Stark 4N6 May 1, 2023
New design alert, thanks to Ricky Johnson on the assist #SEGB #DFIR https://www.teepublic.com/t-shirt/44654002-segb-this-just-means-more-data
SEGB - This Just Means More Data by stark4n6

When the clocking is ticking and you need to find a big score for the win, dive deep into the data

TeePublic