Olivia
Online
Julian Derry
@CyberSamuraiDev
Licensed Digital Forensics Analyst & Investigator
Mobile & Computer || I break down what devices don’t forget
SHA-256
Joined April 2015
869 Following
13K Followers
5.7K Posts
Pinned Tweet
A Deep Dive into Mobile Forensics
I recently completed a full mobile forensic analysis on an iPhone 13 Pro and it was a powerful reminder of how much a device actually remembers.
This was an advanced logical extraction with verified image integrity. Even without diving into content, the metadata alone told a story.
From location artifacts, I reconstructed where the device had been, the routes it traveled and the exact timestamps tied to those movements. But more importantly, I could see how those locations were generated.
Some coordinates were tied to ride activity such as uber and bolt. Others came from navigation searches. Some were linked to shared live locations inside messaging apps.
Each source leaves a different footprint. A searched address tells a different story than an active trip. A shared live location suggests intentional disclosure. The coordinates are only part of it, the behavior behind them is the real evidence.
The “most visited locations” view made patterns obvious. Certain coordinates appeared repeatedly, building a clear picture of routine and frequency over time.
On the communication side, interaction volume alone highlighted the primary contacts. Without even reading conversations, it was immediately clear who the highest frequency messaging relationships were. Volume builds pattern. Pattern builds context.
Call analysis went just as deep. Even when call entries were deleted, I could still determine whether interactions were audio or video, which platform they occurred on, how long they lasted, and whether they were answered, missed or rejected. Deleting a visible log doesn’t erase the underlying artifacts.
I was also able to recover delivered media, expired content, deleted messages and metadata tying everything to specific timestamps and user actions.
Here’s what stands out. Phones don’t just store content. They store behavior.
They store routine. They store intent.
Files can be deleted. Logs can be cleared. But the artifacts remain.
#digitalforensics #DFI #mobileforensics #cybersecurity
@Profetavmg It’s very safe
I choose to understand rather than judge. It helps me both personally and as a Digital Forensics Examiner.
Who to follow
@koboateng @TheUltimate_09 You sound like RILEY FREEMAN with that “infinite access to all kinds of booty.” 🤣
Because we’re in the era of NTFS, If you want to find low level metadata on windows, look into these two indexes $J and $I30. Goldmines if you ask me.
Deleted doesn’t always mean gone and that’s absolutely true. Traditional file recovery often relies on filesystem metadata.
File carving on the other hand doesn’t. It searches raw storage for file signatures and reconstructs data even when filesystem information is missing or corrupted.
File carving is the closest thing forensic investigators have to a cheat code.
Deleted doesn’t always mean gone and that’s absolutely true. Traditional file recovery often relies on filesystem metadata.
File carving on the other hand doesn’t. It searches raw storage for file signatures and reconstructs data even when filesystem information is missing or corrupted.
File carving is the closest thing forensic investigators have to a cheat code.
Most people think deleted files are gone.
not exactly.
i watched someone "securely" clean a laptop before selling it.
they deleted files.
emptied recycle bin.
factory reset.
felt safe.
the buyer recovered documents anyway.
photos.
PDFs.
old browser exports.
even fragments of spreadsheets.
here's what surprises people:
deleting a file usually doesn't immediately destroy the data.
many systems just mark the storage space as available.
until new data overwrites it.
that's why file recovery software exists.
and why incident responders sometimes recover evidence people thought disappeared months ago.
"deleted" and "unrecoverable" are not the same thing.
Most people think deleted files are gone.
not exactly.
i watched someone "securely" clean a laptop before selling it.
they deleted files.
emptied recycle bin.
factory reset.
felt safe.
the buyer recovered documents anyway.
photos.
PDFs.
old browser exports.
even fragments of spreadsheets.
here's what surprises people:
deleting a file usually doesn't immediately destroy the data.
many systems just mark the storage space as available.
until new data overwrites it.
that's why file recovery software exists.
and why incident responders sometimes recover evidence people thought disappeared months ago.
"deleted" and "unrecoverable" are not the same thing.
@prettycyb3rgirl Welcome to my domain, bankai 😌
@h4ruk7 PRESS ANYWHERE TO CLOSE 😭
@h4ruk7 STATUS: TARGET FULLY IDENTIFIED
CLOSING BACKDOOR CONNECTION… SAFE.
😭
Dropped the call on those losers
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers