Mobile Forensics
Mobile Forensics (اَلْعَرَبِيَّةُ)
Mobile Forensics (اَلْعَرَبِيَّةُ)
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • التحقق من أجهزة الكمبيوتر التي تعمل بنظام ويندوز (Windows)
    • فحص البرامج التي تبدأ مع تمهيد تشغيل الكمبيوتر
    • فحص العمليات قيد التشغيل
    • مراجعة اتصالات الشبكة
    • استخراج البيانات لإجراء تحليل إضافي
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • فحص الهواتف الذكية
    • ملاحظة: المنهج
    • بنية نظام الهاتف الذكي
    • فحص الأجهزة المرتبطة بتطبيقات الدردشة
    • التحقق من الرسائل المشبوهة
    • مراقبة حركة المرور على الشبكة
    • ملاحظة: مراقبة حركة مرور الشبكة على لينوكس (Linux)
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  1. Checking iOS Devices

Check for Mobile Device Management Profiles

PreviousReview Installed ApplicationsNextCheck for Shortcuts

Last updated 4 months ago

Mobile Device Management (MDM) is a system commonly used by enterprises to control a fleet of mobile devices, and be able to, for example, issue configuration updates, install applications, or remotely wipe the data in case the device is lost. in order to maintain control over their victims' phones, and install malicious applications.

The enrollment normally requires some manual interaction. An infection could happen, for example, if the attackers manage to obtain physical access to device (even for a short time), or by somehow social engineering the victims into enrolling themselves.

Similarly to malicious , MDM profiles should be visible in the settings of the device. If an MDM profile is installed on the device, opening "Settings", then "General", should reveal a "Profile" or "Device Management" menu option, typically below the "iTunes Wi-Fi Sync" and "VPN" menu options.

Image from BlackBag Technologies

If the device owner does not recognize the MDM profile, and if the MDM profile does not appear to belong to an organization or company the device owner works with, it is possible that the device has been compromised.

Attackers have sometimes been seen abuse MDM
iCloud accounts