iOS 17 Forensic Impacts

Written by Amber Schroader

October 3, 2023

We are in the time of year when our pumpkin spice cravings start crawling to the surface and we see some big releases in the world of mobile firmware. It is a good time to validate and check your tools to see what data you gained and lost with the firmware change. With Apple releasing iOS 17 we looked after the final release from the beta as well as the first patches that always go hand in hand with a release.

The first change is that the release was not forceful to all devices. It is being rolled out slower now that iOS 16 had the first feel of optional vs. forced. Here is the list of devices that can update to iOS 17.

  • iPhone 15
  • iPhone 15 Plus
  • iPhone 15 Pro
  • iPhone Pro Max
  • iPhone 14
  • iPhone 14 Plus
  • iPhone 14 Pro
  • iPhone 14 Pro Max
  • iPhone 13
  • iPhone 13 mini
  • iPhone 13 Pro
  • iPhone 13 Pro Max
  • iPhone SE (2022)
  • iPhone 12 mini
  • iPhone 12
  • iPhone 12 Pro
  • iPhone 12 Pro Max
  • iPhone SE (2020)
  • iPhone 11 Pro Max
  • iPhone 11 Pro
  • iPhone 11

New potential artifacts to watch for with iOS 17:

  • Contact posters with contact records.
  • Transcripts of voicemails and audio messages.
  • Check-in data from people is automatically sent when you arrive at a destination.
  • Facetime calls on Apple TV by using your phone as a camera.
  • NameDrop data by having devices just be close together.
  • Record and send a FaceTime video message.
  • Safari profiles to separate browsing activities.
  • Private browsing changes.
  • Password and passkey sharing to groups.
  • Health data changes with the state of mind to log a moment having an impact.
  • Personal Voice enables users who are at risk of losing their voice to privately and securely create a voice that sounds like them on an iPhone and use it with Live Speech in phone and FaceTime calls. (Direct from release notes.)

Features we saw in iOS 16 that made a forensic impact are still showing in iOS 17.

We have come to value this data that was given back with iOS 16 after being gone since iOS 12. As you can see from the screenshots the valuable data is still available with iOS 17.

Other data we see as well to include new contact cards.

One of the biggest trends we saw is that a lot of voice-to-text options and voice AI are being worked into iOS 17.

The transcription of voicemails and audio messages to people do still show with your acquisitions noted that they show simply as normal iMessage data.

Data we do not see easily that will require more research is the voice-to-text function. From the basic logical acquisition, this data did not appear evident.

When it came to browser changes, it is lucky for all forensic investigators that data did show for not only profiles but also private browsing. Which as you might note is not very private. The data associated with profiles browsing was also able to be processed.

Finally, there is the automated check in function that now shows you if that occurred in the metadata of the text. Sometimes you really have to look closing with new firmware releases with the metadata showing a shift in a feature.

Things we will see after the Paraben E3 release on October 31st. You should see the changes to health data with mindfulness. Research will be done for namedrop metadata, as well as password and passkey sharing to groups.


**Thank you to Kevin Fisher for his help in testing and producing the data associated with this research.

Forensic-Impact Articles

How Leadership Can Impact Cybersecurity

How Leadership Can Impact Cybersecurity

Written by: Riley Anne JohnsCybersecurity is a major priority nowadays for business leaders, as no organization is immune to cyber threats. For example, according to Forbes, cyberattackers made roughly $456.8 million in ransomware profits in 2022 alone, as most...

Different Android Flavors and Forensic Processing

Different Android Flavors and Forensic Processing

Android, developed by Google, is one of the most popular mobile operating systems worldwide, powering millions of devices. What you might not realize is that there are different tiers of Android OS that are available for millions of devices. We will explore the three...

Small Businesses: Don’t Make These 7 Common Cybersecurity Mistakes

Small Businesses: Don’t Make These 7 Common Cybersecurity Mistakes

Guest Blog Post: Lance Cody-ValdezHackers are going after SMBs with a vengeance – 43 percent of all cyberattacks are directed toward these smaller companies, according to a Hacked report.  SMBs make for “soft” targets, as many don’t have basic cybersecurity safeguards...