Alexis Brignoni  May 19, 2025

πŸ†• New blog post on Apple Unified Logs (iOS) and how to query them effectively.
πŸͺ΅ Learn how to generate a .logarchive using a macOS device, third-party tools, or straight from files in a full file system extraction.
πŸͺ΅ Use a macOS device to convert the .logarchive into a JSON file for use outside of a macOS environment.
πŸͺ΅ Process the JSON file with iLEAPP in order to query the data using SQLite.

If you are not looking at unified logs you are missing incredibly valuable evidence in your cases.

Thanks to the following researchers for their invaluable contributions:
πŸ™ Lionel Notari
πŸ™ Tim Korver
πŸ™ Johann POLEWCZYK
πŸ™ Heather Charpentier

Read the blog post here:

https://abrignoni.blogspot.com/2025/05/extraction-processing-querying-apple.html

#DigitalForensics #DFIR #MobileForensics #UnifiedLogs #AppleForensics #iOSForensics #iLEAPP
#DigitalForensics

Extraction, Processing, & Querying Apple Unified Logs from an iOS Device

What are Apple Unified Logs and why are they important in my digital forensics examinations?  Introduction Unified logs keep pattern of life...

Alexis Brignoni  Apr 9, 2025

How to install and run #iLEAPP on your computer or using the Atrio MK II from Arcpoint Forensics.

https://www.arcpointforensics.com/news-1/ileapp

#DFIR #DigitalForensics #MobileForensics

Decoding iOS Data: A Step-by-Step Guide to Installing and Using iLEAPP β€” ArcPoint Forensics Main

If you're involved in digital forensics or simply curious about extracting and analyzing data from iOS devices, iLEAPP is an indispensable open-source tool. In this guide, we'll walk you through the entire process of installing and using iLEAPP, so you can effectively parse iOS data. To make it even

ArcPoint Forensics Main
Kevin Pagano - Stark 4N6 Feb 17, 2025
New #iLEAPP 2.1.0 release is out! #DFIR https://github.com/abrignoni/iLEAPP/releases/tag/v2.1.0
Release v2.1.0 Β· abrignoni/iLEAPP

iLEAPP v2.1.0 You can now filter modules displayed in GUI to select or unselect them more easily Media manager (pre-release) for LAVA Fix error when attaching a SQLite DB in read-only mode on Wind...

GitHub
Kevin Pagano - Stark 4N6 Jan 29, 2025
New #iLEAPP v2.0.4 is out, check those GUI updates! #DFIR https://github.com/abrignoni/iLEAPP/releases/tag/v2.0.4
Release v2.0.4 Β· abrignoni/iLEAPP

What's Changed Update version number and builds_ids.py by @Johann-PLW in #1020 Update iTunesBackupInfo.py for lava output by @Johann-PLW in #1024 Update iTunesBackupInfo.py for lava output by @Joh...

GitHub
Kevin Pagano - Stark 4N6 Dec 16, 2024
Hey wake up, a new #iLEAPP release is out! https://github.com/abrignoni/iLEAPP/releases/tag/v2.0.2
Release v2.0.2 Β· abrignoni/iLEAPP

What's Changed header language admin stuff by @JamesHabben in #944 Bug fix telegramMessages.py by @kobo220 in #945 Update builds_ids.py by @stark4n6 in #946 Update version number and specs files t...

GitHub
Kevin Pagano - Stark 4N6 Nov 20, 2024
#iLEAPP v2.0.1 out now! #DFIR https://github.com/abrignoni/iLEAPP/releases/tag/v2.0.1
Release v2.0.1 Β· abrignoni/iLEAPP

What's Changed Update modules for lava output by @Johann-PLW in #914 Lava output dev by @snoop168 in #915 Update ilapfuncs.py - Fix path issue with media_to_html by @Johann-PLW in #917 Lava output...

GitHub
Kevin Pagano - Stark 4N6 Nov 8, 2024
#iLEAPP v2.0.0 out now #DFIR #MobileForensics https://github.com/abrignoni/iLEAPP/releases/tag/v2.0.0
Release v2.0.0 Β· abrignoni/iLEAPP

What's Changed Initial load for lava output by @JamesHabben in #825 Update ileappGUI.py by @Johann-PLW in #826 Update ileappGUI.py - Generate LAVA-specific output by @Johann-PLW in #827 Update mod...

GitHub
Show threadKevin Pagano - Stark 4N6 Oct 7, 2024
New #iLEAPP release v1.19.5 too #DFIR #MobileForensics https://github.com/abrignoni/iLEAPP/releases/tag/v1.19.5
Release v1.19.5 Β· abrignoni/iLEAPP

What's Changed Add file_version_info.txt files for Windows binaries by @Johann-PLW in #786 Create mobileInstallb.py by @abrignoni in #787 Update chatgpt.py by @theAtropos4n6 in #788 Update builds_...

GitHub
Kevin Pagano - Stark 4N6 Sep 24, 2024

#iLEAPP Update: @kalinko added Withings Healthmate parsers! #DFIR

Download πŸ”—: https://github.com/abrignoni/iLEAPP

Research πŸ”—: https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html

GitHub - abrignoni/iLEAPP: iOS Logs, Events, And Plist Parser

iOS Logs, Events, And Plist Parser. Contribute to abrignoni/iLEAPP development by creating an account on GitHub.

GitHub
Alexis Brignoni  May 19, 2024

πŸ—½Monumental #digitalforensics work by Scott Koenig implementing his well researched photos.sqlite queries into #iLEAPP artifacts.

πŸ™‡The blog post details the paths, artifact name descriptor, & data the artifact provides. Amazing work.

πŸ”—Get iLEAPP here:
https://github.com/abrignoni/iLEAPP

πŸ”—Read the blog post here:
https://theforensicscooter.com/2024/05/18/ileapp-parsers-photos-sqlite-queries/

GitHub - abrignoni/iLEAPP: iOS Logs, Events, And Plist Parser

iOS Logs, Events, And Plist Parser. Contribute to abrignoni/iLEAPP development by creating an account on GitHub.

GitHub