The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this toolkit facilitates comprehensive data acquisition from iOS devices, with planned expansion to Android.
M.E.A.T. equips forensic experts with the tools needed to execute logical and filesystem acquisitions seamlessly, paving the way for advanced mobile forensics investigations.
Meet M.E.A.T!
From Jack Farley – BlackStone Discovery
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future).
Using the logical acquisition flag on MEAT will instruct the tool to extract files and folders accessible through AFC on jailed devices.
The specific folder that allows access is: \private\var\mobile\Media, which includes fodlers such as:
Using the filesystem acquisition flag on MEAT will instruct the tool to start the AFC2 service and copy all files and fodlers back to the host machine.
This method requires the device to be jailbroken with the following package installed:
This method can also be changed by the user using the -filesystemPath flag to instruct MEAT to only extract up a specified folder, useful if you’re doing app analysis and only want the app data.
usage: MEAT.py [-h] [-iOS] [-filesystem] [-filesystemPath FILESYSTEMPATH]
[-logical] [-md5] [-sha1] -o OUTPUTDIR [-v]
MEAT - Mobile Evidence Acquisition Toolkit
optional arguments:
-h, --help show this help message and exit
-iOS Perform Acquisition on iOS Device
-filesystem Perform Filesystem Acquisition -
-filesystemPath FILESYSTEMPATH
Path on target device to acquire. Only use with --filesystem argument
Default will be "/"
-logical Perform Logical Acquisition
iOS - Uses AFC to gain access to jailed content
-md5 Hash pulled files with the MD5 Algorithm. Outputs to Hash_Table.csv
-sha1 Hash pulled files with the SHA-1 Algorithm. Outputs to Hash_Table.csv
-o OUTPUTDIR Directory to store results
-v increase output verbosity
iPhone X iOS 13.3 iPhone XS iOS 12.4
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…