, 13 tweets, 3 min read
My Authors
Read all threads
Current status: doing forensics on my own iPhone to do the same sort of network data report as in that Bezos forensics report:
It appears that not only can I track data usage, I can narrow it down to which App did the usage. In other words, that I can know if it was Snapchat, WhatsApp, or whatever that was responsible for the uploads.
Well, yes, it appears I can know from forensics which app is responsible for "unauthorized data exfiltration".
In other words, that forensics report could have told us which app was doing the "unauthorized exfiltration", but chose not to. Or the forensics is woefully incomplete.
So let's pop this data over from SQLite into Excel and graph traffic by date. We see that it's spikey, like Bezo's phone.
Hmm, that's a big spike at the end of June 2018. What apps are responsible for this traffic?
(FYI: this isn't actually my phone, but my sister's phone. I was confused as to which iPhone backup I was looking at).
The point is that we can drill down a bit better as to which app is doing the unusual traffic, and by how much.
BTW: this is something anybody can do:
* use iTunes to create a backup of your phone onto your computer
* use tools to extract the data, like "iPhone Backup Extractor"
* grab /private/var/wireless/Library/Databases/DataUsage.sqlite
* use SQLlite tools to browse this file
To extract this data to save to CSV to import into Excel, I stole the query from:
github.com/mac4n6/APOLLO/…
Then I use excel tricks to sum by date:
=SUMPRODUCT($E$3:$E$2034*(INT($A$3:$A$2034)=G26))
I'm not an iPhone forensics expert, so don't quote me as such.

However, I am a person who has done this sort of forensics on iPhones.
I mean, I'm not proving my competence to opine on this story by citing fancy credentials, I'm demonstrating my competence by reproducing the "exfiltration" graph on one of my own iPhones (the one I gave to my sister):
To repeat my conclusion from another thread: I see nothing in that FTI Bezos "forensics" report that suggests Bezos's phone was hacked.
vice.com/en_us/article/…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!