https://github.com/offlinemark/carve

Carve out forensic data from an iPhone system image.
https://github.com/offlinemark/carve

Last synced: 3 months ago
JSON representation

Carve out forensic data from an iPhone system image.

• Host: GitHub
• URL: https://github.com/offlinemark/carve
• Owner: offlinemark
• Created: 2013-10-27T03:31:25.000Z (over 11 years ago)
• Default Branch: master
• Last Pushed: 2013-10-28T01:43:18.000Z (over 11 years ago)
• Last Synced: 2025-01-06T11:44:24.947Z (5 months ago)
• Language: Python
• Homepage:
• Size: 133 KB
• Stars: 10
• Watchers: 2
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
carve

========

This was my hack for the 2013 [Cipher Tech Mobile Forensics Hackathon](https://sites.google.com/site/cthackathon/), 

sponsored by [Cipher Tech Solutions, Inc](http://twitter.com/ciphertech) and 

[NU IEEE](http://www.ieee.neu.edu/). It won first place.

the challenge

-------------

At the beginning of the hackathon, everyone was provided with an iPhone system image

and it was our task to develop software to "carve out" (extract) as much information 

as we could from the image and output the data in an easily readable format.

overview

--------

The script is designed to be run in the same directory as the iPhone image. 

Upon execution, it creates a ```carvings``` directory which contains directories for 

the piece(s) of information being carved, containing the relevant databases used in 

extraction, and the final product, typically a text file.

	$ ls

	Makefile                 carve.py                 	iOS4_logical_acquisition image_1.7z               

	README.md                carvings

	$ ls carvings/

	AddressBook         Cookies             Logs                	Maps                Safari              Voicemail

	Calendar            Keyboard            Mail                	SMS                 SystemConfiguration

	$ ls carvings/SMS/

	sms.db          sms_summary.txt

todo

----

Feel free to contribute, as there's plenty more data to carve (and the original 

code is ~~sort of~~ really messy).  Just [get in touch](http://twitter.com/markmossberg)

and I'll be happy to send you the image. Here is a list from the event of data up for grabs:

- ~~Address Book~~

- Application List

- Application Snapshots

- Bluetooth

- ~~Calendar~~

- Call History

- Cell Towers (maybe complete?)

- Clipboard Data

- ~~Cookies~~

- ~~Email~~

- Favorite Numbers

- Geolocation Data

- iPod

- ~~Keyboard Data~~

- Keychain

- ~~Messages~~

- Notes

- Pictures

- ~~Safari~~

- Synced Pictures

- System Info (partial)

- Videos

- Voice Memos

- ~~Voicemail~~

- WiFi Access Points (maybe complete?)

- ~~WiFi Networks~~

- Youtube