Looking for some input.
Exhibit is an iPad A1455.
Got a large quantity of IIOC stored in: private/var/mobile/Applications/com.atebits.Tweetie2/Documents/com.atebits.tweetie.compose.atttachements.
According to iOS forensic analysis by Simon Morrissey 2010 this location contains "Documents with hash numbers as file names that are actual attachments sent with tweets"
But I've not been able to find any other solid information on that location. A sample file name is: 01CB714D-3386-42BF-BB70-913516F8A439 this does not match the md5 or sha1 hash.
Has anyone else encountered pictures stored in this location, were you able to prove distribution and is there a way to identify whether a picture was sent or received?
Or any other insight into the matter would be appreciated.
↧