Kali Linux

MEAT : This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

MEAT aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future).

Requirements to run from source

  • Windows or Linux
  • Python 3.7.4 or 3.7.2
  • Pip packages seen in requirements.txt

Types of Acquisitions Supported

iOS Devices

Logical

Using the logical acquisition flag on MEAT will instruct the tool to extract files and folders accessible through AFC on jailed devices. The specific folder that allows access is: \private\var\mobile\Media, which includes fodlers such as:

  • AirFair
  • Books
  • DCIM
  • Downloads
  • general_storage
  • iTunes_Control
  • MediaAnalysis
  • PhotoData
  • Photos
  • PublicStaging
  • Purchases
  • Recordings

Filesystem

iOS Device Prerequisites

  • Jailbroken iOS Device
  • AFC2 Installed via Cydia

Using the filesystem acquisition flag on MEAT will instruct the tool to start the AFC2 service and copy all files and fodlers back to the host machine.

This method requires the device to be jailbroken with the following package installed:

  • Apple File Conduit 2

This method can also be changed by the user using the -filesystemPath flag to instruct MEAT to only extract up a specified folder, useful if you’re doing app analysis and only want the app data.

MEAT Help

usage: MEAT.py [-h] [-iOS] [-filesystem] [-filesystemPath FILESYSTEMPATH]
[-logical] [-md5] [-sha1] -o OUTPUTDIR [-v]
MEAT – Mobile Evidence Acquisition Toolkit
optional arguments:
-h, –help show this help message and exit
-iOS Perform Acquisition on iOS Device
-filesystem Perform Filesystem Acquisition –
-filesystemPath FILESYSTEMPATH
Path on target device to acquire. Only use with –filesystem argument
Default will be “/”
-logical Perform Logical Acquisition
iOS – Uses AFC to gain access to jailed content
-md5 Hash pulled files with the MD5 Algorithm. Outputs to Hash_Table.csv
-sha1 Hash pulled files with the SHA-1 Algorithm. Outputs to Hash_Table.csv
-o OUTPUTDIR Directory to store results
-v increase output verbosity

Devices tested on

iPhone X iOS 13.3 iPhone XS iOS 12.4

Download
R K

Leave a Comment
Share
Published by
R K
Tags: AcquisitionsForensicatorsiOS DevicesMEAT
4 years ago

Recent Posts

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

10 hours ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

23 hours ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

1 day ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago