M.E.A.T. - Mobile Evidence Acquisition Toolkit
Meet M.E.A.T! From Jack Farley - BlackStone Discovery. This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Requirements to run from source: Windows or Linux, Python 3.7.4 or 3.7.2, Pip packages seen in requirements.txt. Types of Acquisitions Supported: iOS Devices Logical - Using the logical acquisition flag on MEAT will instruct the tool to extract files and folders accessible through AFC on jailed devices. The specific folder that allows access is: \private\var\mobile\Media, which includes folders such as: AirFair, Books, DCIM, Downloads, general_storage, iTunes_Control, MediaAnalysis, PhotoData, Photos, PublicStaging, Purchases, Recordings. Filesystem iOS Device Prerequisites: Jailbroken iOS Device, AFC2 Installed via Cydia. Using the filesystem acquisition flag on MEAT will instruct the tool to start the AFC2 service and copy all files and folders back to the host machine. This method requires the device to be jailbroken with the following package installed: Apple File Conduit 2. This method can also be changed by the user using the -filesystemPath flag to instruct MEAT to only extract specific folders.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
A command-line utility for extracting human-readable text from binary files.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Tool for parsing Android logs events and protobuf data
Recover event log entries from an image by heuristically looking for record structures.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.