Tuesday, February 10, 2015

Exporting text messages from an iPhone

Last week, I was asked to acquire the text messages from an iPhone and to pull out only the messages that were to/from a particular party in a particular date range.  This took a little research to pull off so I'm posting this to share the steps we took.  I hope that this will be useful to others doing forensic investigations or e-discovery.

The first phone we needed to pull messages from was an iPhone.  To start with, we backed up the phone to the user's computer via iTunes.  On Mac OS X, the backups are stored in ~/Library/Application Suppport/MobileSync/Backup/{UDID}.  The individual backup files have no extension and the names of the files are the SHA-1 hashes of the original file path and name from the phone.  In this particular instance, the name of the database containing the SMS messages was 3d0d7e5fb2ce288813306e4d4636395e047a3d28, the same name cited in other articles.  Be careful, however, as this name can change.  If your backup does not contain this file name, a quick grep for 'chat_handle_join' (or any other tell-tale sign) should show you the correct sms.db file.

Understanding Scope in Go

As per my New Year's resolution, I've been learning to program in Go and reading  The Go Programming Language .   On page 141 of the...