Julian Derry

A Deep Dive into Mobile Forensics I recently completed a full mobile forensic analysis on an iPhone 13 Pro and it was a powerful reminder of how much a device actually remembers. This was an advanced logical extraction with verified image integrity. Even without diving into content, the metadata alone told a story. From location artifacts, I reconstructed where the device had been, the routes it traveled and the exact timestamps tied to those movements. But more importantly, I could see how those locations were generated. Some coordinates were tied to ride activity such as uber and bolt. Others came from navigation searches. Some were linked to shared live locations inside messaging apps. Each source leaves a different footprint. A searched address tells a different story than an active trip. A shared live location suggests intentional disclosure. The coordinates are only part of it, the behavior behind them is the real evidence. The “most visited locations” view made patterns obvious. Certain coordinates appeared repeatedly, building a clear picture of routine and frequency over time. On the communication side, interaction volume alone highlighted the primary contacts. Without even reading conversations, it was immediately clear who the highest frequency messaging relationships were. Volume builds pattern. Pattern builds context. Call analysis went just as deep. Even when call entries were deleted, I could still determine whether interactions were audio or video, which platform they occurred on, how long they lasted, and whether they were answered, missed or rejected. Deleting a visible log doesn’t erase the underlying artifacts. I was also able to recover delivered media, expired content, deleted messages and metadata tying everything to specific timestamps and user actions. Here’s what stands out. Phones don’t just store content. They store behavior. They store routine. They store intent. Files can be deleted. Logs can be cleared. But the artifacts remain. #digitalforensics #DFI #mobileforensics #cybersecurity

@RedHatPentester you know too much.. you need to be arrested.

This is very easy. There are two ways to tackle this: 1. Use the Group Policy path (most reliable): Computer Configuration └─ Administrative Templates └─ Windows Components └─ Search Enable: a. Do not allow web search b.Don’t search the web or display web results in Search Or you can use the registry: Registry Editor Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search Create/set these DWORD values: a. DisableWebSearch = 1 b. ConnectedSearchUseWeb = 0 Then restart Explorer or reboot. Disabling web results in Start search is important for security, privacy, performance, and forensic integrity. From a security standpoint, it reduces exposure to malicious or spoofed web results that could lead to phishing or unintended downloads.

ManCity

@ose_jay1 I think it’s the same for many

@CyberSamuraiDev Its already ingrained in me

So happy for Bruno and Sesko 🔥

Brunoooooo🔥🔥🔥🔥

@godwin_ikponke Congratulations

After a break from social media, I came back with CISSP ❤️❤️❤️❤️❤️❤️

@CoincDera @Tunchi_99 sure

@CyberSamuraiDev @Tunchi_99 Mutuals ?

If I tell you I don’t fear anything…this is what I mean 🤣

@CoincDera @Tunchi_99 dey play

@CyberSamuraiDev @Tunchi_99 Na small pikin he never dey knack nah

@tysonphotoo You’re right, he’s dead

No streaming. No album. No tour. $300M. Michael Jackson is not human.

wtf! @PlayStation, I played this game yesterday so why the license restriction. I thought games had to go offline for 30 days for this to happen.

@CoincDera @Tunchi_99 Because gono is age biased abi? 😏

@CyberSamuraiDev @Tunchi_99 Gono kee , he’s a kid

Tech bro to bro, most of what you’re looking for is already sitting in the docs, not YouTube, not threads, not someone’s 10 minute breakdown. The real secrets live in documentation. That’s where things stop being simplified and start being accurate.

@nii_wayo Exactly

@CyberSamuraiDev Okay so even the premium after ffs extraction you still need to an app downgrade if the security doesn't allow decryption of the hardware keys.

Why data extraction is getting harder for forensic analysts (Android Forensics). Sometimes in Android forensics, you have to go backward to move forward. When standard extraction fails, one trick is APK downgrading, installing an older, less secure version of an app to force a backup and pull data. Here’s where it gets interesting. Modern apps are fighting back. Anti-rollback protections now detect version changes and can block the downgrade or wipe data entirely. In my latest attempt WhatsApp downgrade worked, data extracted Twitter (X) downgrade failed. Same method. Different outcome. With Android 12+ tightening restrictions, APK downgrades are becoming unreliable, pushing investigators toward full file system acquisitions and more advanced exploits.

There are tiers within forensics software such as T1, T2, T3 or basic, mid level or premium. Based on the tier of the software, the extraction capabilities differ. The ultimate tier allows for FFS. When hardware backed security is involved, FFS may still not give you exactly what you need. FFS extraction might give you the encrypted database but if the exploit used for the FFS doesn't also extract the hardware keys, the database is useless. That’s where package downgrade comes in.

@CyberSamuraiDev Can you elaborate?

@mrphilghana A package downgrade when ffs isn’t available

FFE?🤔

@nii_wayo There are tiers that grant the ffs option

@CyberSamuraiDev There is no option for full file system .only android backup and APk downgrade

@eafenyo02 Security first in all things 😉

@CyberSamuraiDev Yieeee😭😭. Why didn't I look at it like this. I'm almost done with school mmom. I won't be using this. But yeah thank you for drawing my attention to it

Just like that, you’ve told the world your route and how long it takes you to get home. Looks harmless but if someone were to plan something, you’ve provided three key things attackers look for, routine, timing and location patterns. That’s the foundation of most real-world targeting predictability. A better habit is leave out the exact route and timeframe entirely.