• iPhone SE (2022)
• iPhone 12 mini
• iPhone 12
• iPhone 12 Pro
• iPhone 12 Pro Max
• iPhone SE (2020)
• iPhone 11 Pro Max
• iPhone 11 Pro
• iPhone 11

New potential artifacts to watch for with iOS 17:

• Contact posters with contact records.
• Transcripts of voicemails and audio messages.
• Check-in data from people is automatically sent when you arrive at a destination.
• Facetime calls on Apple TV by using your phone as a camera.
• NameDrop data by having devices just be close together.
• Record and send a FaceTime video message.
• Safari profiles to separate browsing activities.
• Private browsing changes.
• Password and passkey sharing to groups.
• Health data changes with the state of mind to log a moment having an impact.
• Personal Voice enables users who are at risk of losing their voice to privately and securely create a voice that sounds like them on an iPhone and use it with Live Speech in phone and FaceTime calls. (Direct from release notes.)

Features we saw in iOS 16 that made a forensic impact are still showing in iOS 17.

We have come to value this data that was given back with iOS 16 after being gone since iOS 12. As you can see from the screenshots the valuable data is still available with iOS 17.

Other data we see as well to include new contact cards.

One of the biggest trends we saw is that a lot of voice-to-text options and voice AI are being worked into iOS 17.

The transcription of voicemails and audio messages to people do still show with your acquisitions noted that they show simply as normal iMessage data.

Data we do not see easily that will require more research is the voice-to-text function. From the basic logical acquisition, this data did not appear evident.

When it came to browser changes, it is lucky for all forensic investigators that data did show for not only profiles but also private browsing. Which as you might note is not very private. The data associated with profiles browsing was also able to be processed.

Finally, there is the automated check in function that now shows you if that occurred in the metadata of the text. Sometimes you really have to look closing with new firmware releases with the metadata showing a shift in a feature.

Things we will see after the Paraben E3 release on October 31^st. You should see the changes to health data with mindfulness. Research will be done for namedrop metadata, as well as password and passkey sharing to groups.

**Thank you to Kevin Fisher for his help in testing and producing the data associated with this research.