Mobile Forensics
Mobile Forensics (اَلْعَرَبِيَّةُ)
Mobile Forensics (اَلْعَرَبِيَّةُ)
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • التحقق من أجهزة الكمبيوتر التي تعمل بنظام ويندوز (Windows)
    • فحص البرامج التي تبدأ مع تمهيد تشغيل الكمبيوتر
    • فحص العمليات قيد التشغيل
    • مراجعة اتصالات الشبكة
    • استخراج البيانات لإجراء تحليل إضافي
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • فحص الهواتف الذكية
    • ملاحظة: المنهج
    • بنية نظام الهاتف الذكي
    • فحص الأجهزة المرتبطة بتطبيقات الدردشة
    • التحقق من الرسائل المشبوهة
    • مراقبة حركة المرور على الشبكة
    • ملاحظة: مراقبة حركة مرور الشبكة على لينوكس (Linux)
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  1. Checking iOS Devices

Review iCloud Accounts

PreviousChecking iOS DevicesNextReview Installed Applications

Last updated 4 months ago

Low-sophistication attackers might be able to monitor the activity of an iOS device by adding an additional iCloud account. The account would then normally be configured to automatically backup to iCloud all the data available on the phone (such as pictures, messages, contacts, etc.). The addition of an iCloud account normally requires physical access to the device. Once the iCloud account is enabled on the device, attackers are then simply able to inspect the data directly from iCloud or using an external service that synchronizes with iCloud. For example, most stalkerware and "parental control" services are increasingly adopting this technique, and advertising it as a "No-Jailbreak" service.

Checking if an iOS device has unwanted iCloud accounts can be trivially done by opening the Settings and looking at the very top of the menu.

Attackers Using Stolen Credentials

Obviously, if attackers have managed to steal the credentials to the legitimate iCloud account of the device owner, it is not necessary for them to add an additional account to the phone, leaving no visible trace. This is also . In this case, a potential check to perform is to look for any unrecognized device that appear to be enabled on the existing account. .

Image from Apple

a common tactic
Here are instructions on how to review connected devices