Code

Below you will find a slowly growing list of code that will hopefully aid in your digital forensics daily lives. If you find value from these tools and want to help support their development, please consider supporting me on Github.

Mobile

Apple iCloud Notes Parser: This Ruby program decompresses the GZIP’d notes and puts them into a new copy of the database to provide access to any plaintext information in the note, while copying embedded objects out of the backup file and generating an HTML version of the note to preserve formatting.

SQLite Miner: A script to mine SQLite databases for hidden gems that might be overlooked, flagging blobs that actually contain known file types.

Windows

MAGA: This batch script was developed during FOR408 to standardize a number of the command line tools to ensure consistent application and remove a lot of double-clicking.