MEAT

No description is available yet
MEAT logo

M.E.A.T. - Mobile Evidence Acquisition Toolkit

A toolkit for forensic analysts to perform various acquisitions on iOS devices (and Android in the future).


Requirements

  • Windows or Linux
  • Python 3.7.4 or 3.7.2
  • Pip packages listed in requirements.txt

Types of Acquisitions Supported


iOS Devices


Logical Acquisition
  • Extract files and folders accessible through AFC on jailed devices.
  • Supports the following folders:
    • AirFair
    • Books
    • DCIM
    • Downloads
    • general_storage
    • iTunes_Control
    • MediaAnalysis
    • PhotoData
    • Photos
    • PublicStaging
    • Purchases
    • Recordings

Filesystem Acquisition
  • Requires a jailbroken iOS device with AFC2 installed via Cydia.
  • Copies all files and folders back to the host machine.

Known Issues

  • Folder timestamp preservation (not supported)
  • Can't preserve birth time of files on Linux only
  • iOS 9 bugs (untested)

Future Development

  1. Add post-processors
  2. Containerize output (ZIP, TAR, AFF4)
  3. Add keyword searching while processing or after
  4. Add hash matching while processing or after
  5. Support Android devices
  6. Allow users to specify block device for Android physical acquisitions
  7. Support iTunes backups
  8. Support MacOS (optional)

Special Thanks

  • BlackStone Discovery
  • pymobiledevice
  • Mathieu Renard for fixing the iOS 13 bug
  • W.E. for their contributions




> Visit MEAT Website <
Best Search
Popular Tags