As part of our series on Warrant Return content we wanted to show you some of the content that can be parsed, displayed, and searched in Magnet AXIOM from Warrant Returns. So, what kind of evidence can you find? Let me show you. First up let’s discuss Apple. Before loading an Apple warrant return, please ensure you decrypt the package using the instructions provided by Apple. Now your decrypted backup will include encrypted backups! Nested encryption is fun.
Once you’ve decrypted the package, AXIOM Process will decrypt the encrypted backups contained within the decrypted warrant return. Below is an example of some of the content returned with a sample Apple return. Because entire backups can be included, you can get the same content as you would on a regular backup. Including some 3rd party chat applications, pictures, video, documents, emails with header information,
Apple Warrant Returns contain emails sent to or from the associated iCloud email address, for example jsmith2020@icloud.com. Not only will you get to/from information, full header, and body of the email that is completely searchable along with the associated timestamp, but HTML emails are viewable as they are displayed to a user in the Preview pane for easy review.
If you have any comments or questions feel free to reach out to me at Jessica.hyde@magnetforensics.com. As warrant returns formats are subject to change at any time, please reach out if you discover a change in support!
The post Apple Warrant Returns in Magnet AXIOM appeared first on Magnet Forensics.