AirTag Investigation
Benjamin Dalton and John Bilski
1 minute read ∼ Tagged with : airtag • dfir • forensics • investigations • exploitation • apple ∼ Filed in : capstone • projectAirTag Investigation
The investigation of Apple’s new product, Apple AirTags is a forensic exploration and documentation of the device’s capabilities and capacity for exploitation to educate potential and current consumers about potential safety risks. The catalog will detail common exploits and technique-specific details such as the exploit's purpose, function, and how it works. Once explained, each cataloged technique will provide an explanation on how to recognize that issue in the event a device is suspected of being tampered with. In order to accomplish these tasks, one or more AirTags will be disassembled and using researched data retrieval techniques, copying device firmware for use in technique recreation, and flashed onto the device motherboard to provide results and data for cataloging and technique-specific functions. Data will be interpreted in order to determine a risk level for each technique, based on a number of factors such as: ease of access, affected data, and time to recreate. If more forensically relevant or situational factors are discovered, they will be added accordingly and made note of.
This project was performed at Champlain College by Benjamin Dalton and John Bilski and is presented to you by Computer and Digital Forensics (CDF) Program.
