Skip to content

Veritas-Forensics/iOS-Toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
app
app
 
 
src/tools
src/tools
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements-app.txt
requirements-app.txt
 
 
run_app.py
run_app.py
 
 
start_app.py
start_app.py
 
 

Repository files navigation

VDF iOS Forensics Application

A web-based application for iOS digital forensic analysis, built on the VDF iOS Forensics Toolkit.

Features

  • Web-based Interface: Simple, clean UI for forensic analysis
  • iOS Backup Analysis: Analyze iTunes/Finder backups for artifacts
  • Real-time Progress: Live progress tracking for long-running operations
  • Threat Intelligence: Automatic correlation with threat indicators
  • Results Export: Download analysis results in JSON format
  • Job Management: Track multiple analysis jobs simultaneously

Quick Start

Option 1: Development Server (Recommended for Testing)

The easiest way to test the application:

# Run the development server with mock data
python start_app.py

This will:

  • Start a development server on http://localhost:8080
  • Automatically open your browser
  • Provide a working UI with mock forensic data for testing

Option 2: Full Application (Production-ready)

For production use with real forensic capabilities:

# Install dependencies
pip install -r requirements-app.txt

# Run the full application
python run_app.py

Application Structure

MVT-Implementation/
├── app/                          # Main application package
│   ├── api/                      # REST API endpoints
│   │   ├── main.py              # FastAPI application
│   │   └── __init__.py
│   ├── services/                 # Business logic layer
│   │   ├── forensic_service.py  # Main forensic service
│   │   └── __init__.py
│   ├── core/                     # Core utilities
│   │   ├── config.py            # Application configuration
│   │   ├── exceptions.py        # Custom exceptions
│   │   └── __init__.py
│   ├── static/                   # Frontend files
│   │   └── index.html           # Main UI
│   └── __init__.py
├── src/                          # Forensic toolkit (refactored)
├── start_app.py                  # Development server launcher
├── run_app.py                    # Production app launcher
└── requirements-app.txt          # Application dependencies

Using the Application

1. Start Analysis

From Local Path:

  • Enter the path to an iOS backup directory
  • Optionally provide a password for encrypted backups
  • Click "Start Analysis"

From File Upload:

  • Select an iOS backup file (.zip, .tar, .gz)
  • Optionally provide a password
  • Click "Upload & Analyze"

2. Monitor Progress

  • View real-time progress in the progress bar
  • Check job status in the "Job Status" panel
  • All jobs are tracked with unique IDs

3. View Results

  • Completed jobs show a "View Results" button
  • Results include:
    • Total artifacts found
    • Number of threats detected
    • Detailed forensic findings
    • Threat intelligence correlations

4. Export Results

  • Click "Download Full Results" for complete JSON export
  • Results include job metadata and detailed findings

API Endpoints

The application provides a REST API:

  • GET / - Main application interface
  • POST /api/analysis/start - Start backup analysis
  • POST /api/analysis/upload - Upload and analyze backup
  • GET /api/jobs - List all jobs
  • GET /api/jobs/{job_id}/status - Get job status
  • GET /api/jobs/{job_id}/results - Get job results
  • GET /api/jobs/{job_id}/download - Download results file
  • DELETE /api/jobs/{job_id} - Cancel job

Configuration

Environment Variables

  • VDF_DEBUG=true - Enable debug mode
  • VDF_API_HOST=localhost - API host
  • VDF_API_PORT=8080 - API port
  • VDF_OUTPUT_DIR=./forensic_output - Output directory
  • VDF_MAX_STORAGE_GB=10 - Maximum storage limit

Application Settings

Edit app/core/config.py to modify:

  • UI theme and appearance
  • Upload size limits
  • Storage locations
  • Security settings

Development

Adding New Extractors

  1. Create extractor in src/tools/ios/utils/
  2. Inherit from IOSForensicExtraction
  3. Implement execute_extraction() method
  4. Add to forensic service in app/services/forensic_service.py

Frontend Customization

  • Modify app/static/index.html for UI changes
  • CSS is embedded for simplicity
  • JavaScript handles API communication

Security Notes

  • The application runs locally by default
  • No external network access required
  • Forensic data stays on your system
  • Optional authentication can be enabled in config

Troubleshooting

Common Issues

  1. Port already in use: Change SERVER_PORT in config or kill existing process
  2. Missing dependencies: Run pip install -r requirements-app.txt
  3. Path issues: Use absolute paths for backup directories
  4. Large files: Check max_upload_size_mb in configuration

Logs

  • Application logs appear in console output
  • Set VDF_DEBUG=true for verbose logging
  • Job progress is logged in real-time

Example Usage

  1. Start the application:

    python start_app.py

  2. Open browser to http://localhost:8080

  3. Test with mock data or provide real iOS backup path

  4. Monitor progress and view results when complete

The application provides a complete forensic analysis workflow with a user-friendly interface for both technical and non-technical users.

About

Implementation of MVT for iOS

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages