Extracting and Analyzing Apple sysdiagnose Logs
June 27th, 2025 by Oleg Afonin
Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS, and other devices from Apple ecosystems. Originally designed for debugging and diagnostics, these logs capture a continuous stream of detailed system activity – including app behavior, biometric events, power state changes, and connectivity transitions. In digital forensics, where traditional sources of evidence like backups or app data may be encrypted or inaccessible, the logs provide an alternative and often untapped reservoir of forensic artifacts. This article explores the content, availability, and forensic value of Apple logs collected via sysdiagnose across different device types, focusing on practical methods for extraction and analysis using modern forensic tools.
iPhone 4 Performance
September 15th, 2010 by Andrey Belenko
Finally, we’ve got our first iPhone 4 in office. And what was the first thing we did with it? Yes, test its performance to complete table in my previous post.
Measuring iPhone Performance
August 5th, 2010 by Andrey Belenko
I’ve had plans to create some kind of performance measurement app for iPhone/iPod/iPad for quite a bit time of already, and after reading recent reports that iOS 4 is very slow on iPhone 3G I thought that time had finally come.
Peeking Inside Keychain Secrets
August 5th, 2010 by Andrey Belenko
Today we have released Elcomsoft iPhone Password Breaker 1.20 which introduces two new features and fixes few minor issues.
Something new….
July 15th, 2010 by Alexandra Tsybulskaya
According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking). Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another. One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” 🙂
CCFC 2010
July 1st, 2010 by Andrey Belenko
For the third time we've been invited to Beijing, China to participate in CCFC (China Computer Forensic Conference), to talk about password recovery and to conduct workshop on password recovery tools. Like two previous times, this time CCFC also was great. Lots of visitors, very nice audience and lots of smart questions. On the first day of conference I gave a talk on password recovery (mostly very generic and not very in-depth) and I'd like to share slides of that talk.
0-day
June 21st, 2010 by Andrey Belenko
It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.
Password Usage Behavior Survey, Take 2
June 15th, 2010 by Olga Koksharova
Hello! Yet again, we have launched a survey on password usage behavior.
‘Casual and Secure’ Friday Post
May 14th, 2010 by Katerina Korolkova, Direktur Humas
German law has always been strict about any possible security breaches. This week German court ordered that anyone using wireless networks should protect them with a password so the third party could not download data illegally.
ATI is at it. Again.
May 12th, 2010 by Andrey Belenko
Two months ago I wrote a blog post "ATI and NVIDIA: Making Friends out of Enemies" where (among other things) I wrote:
