A Deep Dive into Mobile Forensics I recently completed a full mobile forensic analysis on an iPhone 13 Pro and it was a powerful reminder of how much a device actually remembers. This was an advanced logical extraction with verified image integrity. Even without diving into content, the metadata alone told a story. From location artifacts, I reconstructed where the device had been, the routes it traveled and the exact timestamps tied to those movements. But more importantly, I could see how those locations were generated. Some coordinates were tied to ride activity such as uber and bolt. Others came from navigation searches. Some were linked to shared live locations inside messaging apps. Each source leaves a different footprint. A searched address tells a different story than an active trip. A shared live location suggests intentional disclosure. The coordinates are only part of it, the behavior behind them is the real evidence. The “most visited locations” view made patterns obvious. Certain coordinates appeared repeatedly, building a clear picture of routine and frequency over time. On the communication side, interaction volume alone highlighted the primary contacts. Without even reading conversations, it was immediately clear who the highest frequency messaging relationships were. Volume builds pattern. Pattern builds context. Call analysis went just as deep. Even when call entries were deleted, I could still determine whether interactions were audio or video, which platform they occurred on, how long they lasted, and whether they were answered, missed or rejected. Deleting a visible log doesn’t erase the underlying artifacts. I was also able to recover delivered media, expired content, deleted messages and metadata tying everything to specific timestamps and user actions. Here’s what stands out. Phones don’t just store content. They store behavior. They store routine. They store intent. Files can be deleted. Logs can be cleared. But the artifacts remain. #digitalforensics #DFI #mobileforensics #cybersecurity

Free Annual Premium Voucher 😌

From GPS telemetry and Bluetooth artifacts to event logs and forensic timelines, digital evidence can tell a story when properly examined. Recently completed a vehicle forensics case study that demonstrates how forensic analysis can uncover patterns, reconstruct events, and support investigations through data-driven findings. Digital forensics goes far beyond computers. Report link: drive.google.com/file/d/1Ylx…

Handled something difficult today.

Anyone else notice that many online learning platforms are blurring the lines between job roles? Instead of focused learning paths, courses often bundle multiple disciplines together. I believe specialized paths could help beginners get job ready faster instead of feeling overwhelmed.

3 red cards in the opener, we’re in for chaos this tournament.

Most SOCs think they detect local user creation. They watch for "net user /add". Here's the command that does the same thing and fires zero alerts.

Picked up a hardcopy book to read today. Not documentation, not a GitHub README, just an actual book. It’s been so long.

Such a great report you got there

Case DL-GH-2024-BA-0004 | The Double Life A vehicle forensics case from Hive Consult involving a civil divorce proceeding. A family vehicle that disappeared every Thursday evening for 14 consecutive weeks led to a court ordered examination of its IVI system. My forensic report documents how GPS history, deleted navigation records, Bluetooth pairings, messages, call logs, digital receipts, and attempted evidence deletion all cross referenced to reveal a consistent pattern. A case put together by @RedHatPentester Link to full report drive.google.com/file/d/1g8r…

You’re better off writing your own reports and enduring the stress that comes with it. Letting LLMs do it for you can lead to greater stress, frustration, errors and unsupported assumptions.

I choose to understand rather than judge. It helps me both personally and as a Digital Forensics Examiner.

Because we’re in the era of NTFS, If you want to find low level metadata on windows, look into these two indexes $J and $I30. Goldmines if you ask me.

Deleted doesn’t always mean gone and that’s absolutely true. Traditional file recovery often relies on filesystem metadata. File carving on the other hand doesn’t. It searches raw storage for file signatures and reconstructs data even when filesystem information is missing or corrupted. File carving is the closest thing forensic investigators have to a cheat code.

Most people think deleted files are gone. not exactly. i watched someone "securely" clean a laptop before selling it. they deleted files. emptied recycle bin. factory reset. felt safe. the buyer recovered documents anyway. photos. PDFs. old browser exports. even fragments of spreadsheets. here's what surprises people: deleting a file usually doesn't immediately destroy the data. many systems just mark the storage space as available. until new data overwrites it. that's why file recovery software exists. and why incident responders sometimes recover evidence people thought disappeared months ago. "deleted" and "unrecoverable" are not the same thing.

Dropped the call on those losers

Arsenal = Arse

Job well done at PSG

So NITA published an outdated version of bill, that’s misinformation. Jail straight 😏

NITA space serving us “Technologia” music to calm us before starting 🤣

Are you licensed? Delete before NITA sees this.