Don’t Overlook the Significance of AirDrop Logs in iOS Analysis

 

A client once came to me with a concern for his privacy, as he started receiving his own private photos sent to him from a friend that he had a falling-out with. He did not know how his ex-friend could have these photos in their possession, and he was worried that his iPhone had been hacked somehow. I analyzed his phone over the course of two weeks and did not find any proof of spyware on the device. I did however find AirDrop transfers to an iPad, and he did not own an iPad. This was very likely his ex-friends doing and would explain the blackmail style messages he was receiving. This highlighted the high value in analyzing these logs from iOS devices.

AirDrop logs are stored within the sysdiagnose log archive on iOS devices, and contain a plethora of valuable information. These logs can contain useful information showing files transferred to and from the device via AirDrop. Depending on phone use, these logs can show data going back a few days to possibly 2 weeks, so time is an important factor when analyzing these logs.

In any investigation or eDiscovery matter, obtaining a copy of the sysdiagnose log archives is a good idea; however, obtaining them can be challenging if access to the device is limited. These logs can be generated within the device and then (ironically) AirDropped to an Apple computer for review. Alternatively, the logs can be obtained from a forensic image if the device is jailbroken. If the device is jailbroken, that means that a physical image can be acquired, which pulls many additional system logs, including the sysdiagnose log archive.

Contact Us:



Email Us



Phone: (855) 839-9084

#

Back to Knowledge Base

ArcherHall

How can we help?

Digital Forensics &

E-Discovery

Digital Evidence
Collection, examination, and testimony

Electronically Stored Information
Processing, production, and hosting

Contact

Give us a call at (855) 839-9084

Or send us a message and we’ll get back to you right away.

    • Digital Forensics
    • E-Discovery
    • Data Breach
    • Knowledge Base
    • MCLE Presentations
    • Pricing
    • About
    • Live Remote CLEs
    • Careers
    • Contact
    • Follow

    0 / 500

    Capitol Digital & Califorensics is now

    ArcherHall

    We are pleased to announce the new name of our company: ArcherHall. We have the same ownership, same dedicated team, and same great service that we’ve delivered for over 20 years. We look forward to continuing to work with you!

    • Home
    • Services
    • Pricing
    • Contact
    • Send Files


    855.839.9084