IOS6 and recent iTunes updates have broken a few features. We have made some partial fixes, but they are not complete. If you’d like to help support our development, or take over the development please let us know.
Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone’s own backup files or (for jail broken iphones) ssh. Viewing of plist, sqlite, and hex are supported. IOS 5 is now supported
iOS 6 only partially works at the moment (some features fail or are missing). Unfortunately paid work means we can’t fix this right now, but would welcome anyone else submitting patches
Release Notes iPhone Analyzer 2.0 alpha :
Adds heat maps for mapping
Added support for off-line mapping
IPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced from iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the data.
- Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
- Multi-platform (Java based) product, supported on Linux, Windows and Mac
- Fast, powerful search across device including regular expressions
- Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous “locationd” data)
- Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
- Recovery of “deleted” sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
- Integrated visualisation of plist and sqlite files
- Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
- Support for KML export and direct export to Google Earth
- Browse the device file structure, navigate directly to key files or explore the device using concepts such as “who”, “when”, “what” and “where”.
- Analyse jail broken device directly over SSH without need for backup (experimental)
How to use/User guide right here : ipa_user_guide.pdf