Code

Below you will find a slowly growing list of code that will hopefully aid in your digital forensics daily lives.

Mobile

Apple iCloud Notes Parser: This Ruby program decompresses the GZIP’d notes and puts them into a new copy of the database to provide access to any plaintext information in the note, while copying embedded objects out of the backup file and generating an HTML version of the note to preserve formatting.

SQLite Miner: A script to mine SQLite databases for hidden gems that might be overlooked, flagging blobs that actually contain known file types.

Windows

MAGA: This batch script was developed during FOR408 to standardize a number of the command line tools to ensure consistent application and remove a lot of double-clicking.