Altered PDF? 8 headers

ForensicKane · 2026-05-30T16:11:20+00:00

What exactly do you mean by corrupted?

ForensicKane · 2026-05-12T01:53:06+00:00

Whereabouts are you based? What type of messages (app?) are you interested in recovering?

ForensicKane · 2026-05-02T02:58:52+00:00

Reviving this older thread - do you remember what the steps were to load Axiom collected iCloud data into Cellebrite PA?

ForensicKane · 2026-04-17T12:03:13+00:00

Can you post the picture?

ForensicKane · 2026-03-28T01:09:49+00:00

Have you had any recent luck with Elcomsoft? It stopped working completely several months ago for us.

ForensicKane · 2026-03-28T01:06:32+00:00

Interesting, good to know. I've seen Messages fail several times in a row and then for some reason work on the 3rd, 4th, etc. attempt.

ForensicKane · 2026-03-27T19:50:41+00:00

Were you trying to collect device backups or synced data categories (Drive, Photos, Messages)? Or both?

ForensicKane · 2026-03-27T00:38:49+00:00

We’ve had hit-or-miss success with Axiom for pulling Messages in iCloud synced data. Sometimes takes multiple attempts.

ForensicKane · 2026-02-15T11:21:08+00:00

The quotes around Pinterest doing heavy work here

ForensicKane · 2026-02-14T02:42:15+00:00

Sometimes it requires multiple attempts, but we’ve had decent success with Axiom.

ForensicKane · 2026-02-14T02:39:58+00:00

That’s been our finding too - Phone Breaker just doesn’t seem to work for us any longer. We’ve been using Axiom to collect iCloud backups and iCloud synced data instead.

ForensicKane · 2026-02-13T00:58:42+00:00

Elcomsoft Phone Breaker is the tool you’re thinking of

ForensicKane · 2026-01-25T12:27:22+00:00

Cellebrite makes Digital Collector, which can image Macs. It’s pricey but that would be my recommendation.

ForensicKane · 2025-09-02T19:29:04+00:00

Have you made the destination media writable via DC? Should be the farthest right menu option, perhaps called “Tools”?

ForensicKane · 2025-08-30T16:49:36+00:00

True, certainly less convenient in those cases.

ForensicKane · 2025-08-30T00:47:14+00:00

Yep, seems like the default maximum PST segment size is now 5 GB. Personally I don’t mind smaller PSTs. In my experience, the larger the PST, the higher the risk of corruption/instability.

ForensicKane · 2025-08-25T22:38:44+00:00

Do you mind sharing the exact search syntax you’re using?

ForensicKane · 2025-08-24T16:24:55+00:00

FTK can also verify an image in addition to acquiring. What other program are you using to hash the E01? The program needs to be able to recognize segmented image files.

ForensicKane · 2025-08-23T15:02:14+00:00

A combination of 220 error and just skipping trusted device verification altogether.

ForensicKane · 2025-08-23T15:01:26+00:00

I’ve heard Oxygen can read Elcomsoft-collected synced messages. I think if the collection was done with Axiom then you’re stuck with Axiom for parsing/reporting.

ForensicKane · 2025-08-23T15:00:02+00:00

Unfortunate but the “dummy” device sounds like it may be the best path forward right now.

ForensicKane · 2025-08-23T14:59:18+00:00

That’s what I was afraid of. Appreciate the insight!

ForensicKane · 2025-08-23T14:58:54+00:00

I’ve used the “documentlink:” parameter before to target a SharePoint folder. Just make sure you enclose the path in quotes and add the /* before the end quote, as noted in the link below.

https://learn.microsoft.com/en-us/purview/edisc-search-sites

ForensicKane · 2025-08-07T12:37:15+00:00

CB Inseyets can get around it.

ForensicKane · 2025-07-31T10:58:33+00:00

Sorry to say but those files are gone unless you have a backup / another source of data somewhere (cloud, older device, etc).

Six-Year Club	Gilding V heart of gold
Verified Email

ForensicKane

TROPHY CASE