@inproceedings{766df28d1b5240f0801e409b1907f25a,
title = "Forensic Timeline Analysis of iOS Devices",
abstract = "One of the steps in a forensic investigation is to build a timeline. A timeline is required to discover activities that occurred in a forensic image. A forensic image is an acquisition result of an iOS device, such as the iPhone and iPad. One of the de facto tools for creating forensic timelines is the log2time1ine plaso. However, the plaso cannot extract all the time data on iOS device artifacts. In this study, a method is proposed to complete log2time1ine in order to extract all-Time data on iOS devices. We create a parser plugin for the log2time1ine plaso for missing artifacts, such as a plist or an SQLite database. The proposed method is briefly described as follows. First, the procedure constructs a forensic timeline using the plaso tool from an iOS image which has been acquired beforehand. We then examine missing artifacts from the timeline. After that, we create a plaso plugin to parse missing artifacts. Finally, we rerun the plaso with new plugins to build a more comprehensive timeline. Thus, a complete forensic timeline is obtained from the forensic image of an iOS device. Experiments show that additional plugins can provide a more comprehensive forensic timeline extracted from an iOS device.",
keywords = "forensic timeline, iOS forensics, log2timeline, plaso",
author = "Hudan Studiawan and Tohari Ahmad and Santoso, {Bagus J.} and Pratomo, {Baskoro A.}",
note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 8th International Conference on Engineering and Emerging Technologies, ICEET 2022 ; Conference date: 27-10-2022 Through 28-10-2022",
year = "2022",
doi = "10.1109/ICEET56468.2022.10007150",
language = "English",
series = "8th International Conference on Engineering and Emerging Technologies, ICEET 2022",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "8th International Conference on Engineering and Emerging Technologies, ICEET 2022",
address = "United States",
}