M.E.A.T. - Mobile Evidence Acquisition Toolkit

E.A.T! From Jack Farley - BlackStone Discovery

This toolkit is designed to assist forensicators in performing various types of acquisitions on iOS devices, with plans to support Android devices in the future.

Operating System: Windows or Linux. Required Python Version: 3.7.4 or 3.7.2. Additional Dependencies: Pip packages listed in requirements.txt. Supported Acquisition Types: iOS Devices Logical - By using the logical acquisition flag on MEAT, you will direct the tool to retrieve files and folders that are accessible via AFC on jailed devices.

\private\var\mobile\Media, which contains the following folders: AirFair, Books, DCIM, Downloads, general_storage, iTunes_Control, MediaAnalysis, PhotoData, Photos, PublicStaging, Purchases, and Recordings. Filesystem iOS Device Prerequisites: You need a Jailbroken iOS Device and AFC2 must be installed via Cydia. By using the filesystem acquisition flag on MEAT, you will instruct the tool to initiate the AFC2 service and transfer all files and folders back to the host machine.

This method necessitates that the device is jailbroken and has the following package installed: Apple File Conduit 2.

This method can also be customized by the user through the -filesystemPath flag. This flag allows MEAT to extract only specific folders as instructed.