An examiner like you must not only know how to use forensic tools but must also understand the methods and acquisition techniques that are deployed by the tools you use in your investigations. Apart from saving time, forensic tools also make the process of forensic analysis a lot easier. However, each tool has its flaws. You must catch any mistakes and know how to correct them by leveraging another tool or technique. It's impossible for a tool to support all devices. You are responsible for learning and using the best tools to complete the job. As we discussed in the previous chapters, you must understand how data is stored on iOS devices to ensure that the tool is capturing all the accessible data.

Currently, there are a number of commercial tools, such as Cellebrite UFED Physical Analyzer, BlackBag BlackLight, Oxygen Forensic Detective, Belkasoft Evidence Center, MSAB XRY, Magnet AXIOM, and others, which are available for the forensic acquisition and analysis of iOS devices. For familiarity purposes, this chapter will walk you through the usage of a few of them and provide details on the steps required to perform acquisitions and the analysis of iOS devices.

In this chapter, we will cover the following topics:

• Working with Cellebrite UFED Physical Analyzer
• Working with Magnet AXIOM
• Working with Belkasoft Evidence Center
• Working with Elcomsoft Phone Viewer