Cellebrite question - iOS Biome & Device Events
Howdy all,
(Throat-clearing preamble: I'm a private defense investigator so I can't get Cellebrite training, from the vendor, anyway. I'm not a forensic analyst, am not going to testify, etc. but like to understand enough to look for leads before hiring a pro; time and financial resources always have to be considered and attorneys don't love hiring experts to go on fishing expeditions based on a long shot theory of mine.)
I look at Cellebrite reports all of the time and am pretty familiar with the basics. However, I was wondering if someone could help me with a few more technical questions.
Also, I'm very happy to be pointed towards any training resources.
- Is it correct that the Biome is not a complete log of device events? I read that it has more to do with something like a prediction engine and Siri but not certain.
- Are more complete logs (than Biome) accessible via database queries? If so, can those be accessed from within a UFDR report? Or does that require the FFS extraction? I usually get the UFDR report, but sometimes get the zipped FFS as well.
- To open a Cellebrite FFS or Greykey extraction requires law enforcement grade tools like Physical Analyzer, correct?
- Are DevicePluginStatus events in Biome exactly what they appear to be? Someone is plugging/unplugging the cable at those time stamps?
- In the timeline I see Power Events (mobileactivationd.log) but only Power On. Are Power Off events not logged?
I have so many questions, but if y'all could help with these that would be brilliant!
-