We are in the time of year when our pumpkin spice cravings start crawling to the surface and we see some big releases in the world of mobile firmware. It is a good time to validate and check your tools to see what data you gained and lost with the firmware change. With Apple releasing iOS 17 we looked after the final release from the beta as well as the first patches that always go hand in hand with a release.
The first change is that the release was not forceful to all devices. It is being rolled out slower now that iOS 16 had the first feel of optional vs. forced. Here is the list of devices that can update to iOS 17.
- iPhone 15
- iPhone 15 Plus
- iPhone 15 Pro
- iPhone Pro Max
- iPhone 14
- iPhone 14 Plus
- iPhone 14 Pro
- iPhone 14 Pro Max
- iPhone 13
- iPhone 13 mini
- iPhone 13 Pro
- iPhone 13 Pro Max
- iPhone SE (2022)
- iPhone 12 mini
- iPhone 12
- iPhone 12 Pro
- iPhone 12 Pro Max
- iPhone SE (2020)
- iPhone 11 Pro Max
- iPhone 11 Pro
- iPhone 11
New potential artifacts to watch for with iOS 17:
- Contact posters with contact records.
- Transcripts of voicemails and audio messages.
- Check-in data from people is automatically sent when you arrive at a destination.
- Facetime calls on Apple TV by using your phone as a camera.
- NameDrop data by having devices just be close together.
- Record and send a FaceTime video message.
- Safari profiles to separate browsing activities.
- Private browsing changes.
- Password and passkey sharing to groups.
- Health data changes with the state of mind to log a moment having an impact.
- Personal Voice enables users who are at risk of losing their voice to privately and securely create a voice that sounds like them on an iPhone and use it with Live Speech in phone and FaceTime calls. (Direct from release notes.)
Features we saw in iOS 16 that made a forensic impact are still showing in iOS 17.
We have come to value this data that was given back with iOS 16 after being gone since iOS 12. As you can see from the screenshots the valuable data is still available with iOS 17.
Other data we see as well to include new contact cards.
One of the biggest trends we saw is that a lot of voice-to-text options and voice AI are being worked into iOS 17.
The transcription of voicemails and audio messages to people do still show with your acquisitions noted that they show simply as normal iMessage data.
Data we do not see easily that will require more research is the voice-to-text function. From the basic logical acquisition, this data did not appear evident.
When it came to browser changes, it is lucky for all forensic investigators that data did show for not only profiles but also private browsing. Which as you might note is not very private. The data associated with profiles browsing was also able to be processed.
Finally, there is the automated check in function that now shows you if that occurred in the metadata of the text. Sometimes you really have to look closing with new firmware releases with the metadata showing a shift in a feature.
Things we will see after the Paraben E3 release on October 31st. You should see the changes to health data with mindfulness. Research will be done for namedrop metadata, as well as password and passkey sharing to groups.
**Thank you to Kevin Fisher for his help in testing and producing the data associated with this research.
Forensic-Impact Articles
Making an Investigations Sock Puppet
Transcript Hello and welcome to the next edition of, the Forensic Impact blog. I'm Amber Schroader. I have been off the video blog for a hot minute because I have broken my ankle, as you can see by my scooter. This is the best background I can get going right now. So,...
Empowering Small Businesses: The Significance of Data Governance
Guest Blog Post In today's digitally driven world, data is the lifeblood of businesses, regardless of their size. Small businesses, in particular, stand to gain significantly from harnessing the power of data. This article from Paraben Corporation delves into the...
Strengthening Your Career In Digital Investigations
Transcript Hi there, and welcome to another installment of forensic impact. I'm Amber Schroader, and this week I am sharing with you information about strengthening your career in digital investigations. This was a topic conversation that I had with one of the blog...
