Apple Is At It Again, Changing Our Logicals!

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:17):
Today is Thursday, march 28th, 2024.
2024.
My name is alexis brignani, akabriggs, and I'm accompanied by
my co-host, the digitalforensics sequel writer for
excellence, the one that remindsme to put on the face smoother

(00:37):
function before the show, theonly one that sets up meetings
that could not have been anemail the one and only Heather
Charpentier.
The music is Hired Up by ShaneIvers and can be found at
silvermansoundcom.
Heather, thank you, thank youfor reminding me to smooth out

(01:01):
my wrinkles before the show.

Speaker 2 (01:03):
Hey, the platform has a face smoother.
You need to use it.

Speaker 1 (01:08):
I'm in denial.
I'm like the river.
I'm in denial.

Speaker 2 (01:13):
We're not in our 20s anymore.

Speaker 1 (01:16):
Oh, Heather, how good to see you.
What's going on?

Speaker 2 (01:19):
Oh, good to see you too.
Nothing Been a busy.
Two weeks Was off all last week, as you know, because you were
off as well to work on the IASISmaterial.
So a full week of that, that'swhat I've been up to the last
two weeks.

Speaker 1 (01:37):
Well, we've been up to?
Yeah, definitely, and for folksthat might be listening for the
first time, we will be teachingthe Advanced Mobile Forensics
course for IASIS.
It's coming up real soon inOrlando, so come down to my
neighborhood to get this classand we're going to be there.
It's going to be reallyinteresting.
We're going to have a wholebunch of good topics for you.
Johan is online all the wayfrom Europe.

(02:00):
Thank you for staying up thislate with us or being up that
early, it depends.
It depends what time is there.
And obviously Kevin, my righthand man person with all my
projects, is up in the chat aswell.
So good seeing you.
Yeah, so we've been doing thatand we had a pretty busy.

(02:22):
So we've been doing that and wehad a pretty busy.
What?
48 to 24 hours?
And I say we, but I think thecommunity in general.
If you're one of thoseexaminers like us that we try to
go beyond, just you know,pressing and dumping and pumping
, dumping and pumping reportsout you need to be aware of a

(02:42):
few things, right?
So what do you say, Heather?
We could get on with it.

Speaker 2 (02:46):
Let's do it.

Speaker 1 (02:47):
All right, let's go.

Speaker 2 (02:53):
So first topic of the night, there was an article by
Adam Furman of MSAB and he wasdiscussing a new update with
Apple which came with iOS 17.4.
So SQLite databases are part ofan iTunes backup and, starting
in 17.4, we now have access tothe shim, the shared memory and

(03:14):
the wall files that go alongwith SQLite databases.
So excellent news for thecommunity.
Right, we have access topossible additional deleted data
, data that hadn't beencommitted to the database yet,
and his blog if you go out tolet me put his website up has a
bunch of comparisons that showthe additional data that's being

(03:37):
recovered from the iTunesbackup type extractions, now
that we have access to the wallfile and the shim file.
Yeah, so make sure you checkout his blog and the new data
you'll be able to have access to.

Speaker 1 (03:53):
Yeah, and I didn't get to read the article when it
came out, but obviously Heatherand some of the folks kind of
talked to me about it and atfirst go, you're thinking, well,
that's a pretty cool thing,right, because if it has the
wall file now you get more stuff.
Like Heather said, and againfor those that are not familiar,
those are temporary files thatSQLite utilizes as data is

(04:19):
coming in and out of thedatabase.
And yeah, so it's there, right.
So I'm like, well, that's nice.
I didn't think too much of ituntil what?
48 hours, 24 hours, I say 40,it was 48 hours right ago, tan
chan chan.
So, um the great, uh, ianwhiffen, and if you don't know
who ian whiffen you should,although most likely you know

(04:40):
who he is.
He is the main head cheese atCelebrite.
He deals with all the decodingteams there kind of the boss
there for those and he came outwith a post in the Celebrite
portal for the customers andreally important information.
So again, I'm going to get to it.
So we know that 17.4, that iOSversion, does include these wild

(05:06):
files.
Well, what's happening is thatnow these wild files are
appearing, and, as they'reappearing, depending on how
you're doing that extraction andI'll explain that in a second
and you might be getting copiesof that main database, two
copies of it.
So, instead of getting thedatabase and the wild file,
you're getting a database, adatabase again, and then a wild

(05:27):
file, and that's breaking ourtools.
Okay, and the reason you may belike well, why are we getting
those two?
That's how Apple decided topull those out from that
particular iOS version.
Now, remember, our tools don'tjust drop things into your file
system.
It just doesn't do that right.

(05:48):
What our tools do is put themin a container, right, heather?
And usually that container,based on practice, tends to be
what A zip file that's kind oflike, and I mean, even Celerbry
had tried to use DAR files andsome other formats, but, based
on reasons that we can discussanother day, the zip file has
become the de facto standard asa container for this data that's

(06:11):
coming out of these mobiledevices.
Okay, fine.
Well, the problem is when youpull out, these two databases
are coming out of the extractionor the phone is giving them to
you.
If they land on the file system, you're putting two files with
the same name in the samelocation.
Is that possible?
Of course not.
So what the computer does iswhat puts one in, overwrites the

(06:35):
other one and you're like okay,well, you don't notice it.
Right, but zip files don't workthat way.
If you send a file to acontainer SIP container and send
another file to the samelocation, path, right, with that
same name, the SIP is going tohold it.
The SIP file doesn't care.
It doesn't say hey look, areyou sure you want to put these
two files with the same path?

(06:56):
The SIP file doesn't care atall, it just keeps track of the
path of the file name alltogether.
So when tools like and I saycelebrate, because there were
the ones that gave that notice,but our assumption, we haven't
tested it yet, but ourassumption is that this could
happen with pretty much anyforensic tool the tool then has

(07:16):
to make a decision.
First of all, I have these twofiles.
Am I going to take them or not?
And if I do?
And if I do it's a problembecause if it takes one of them,
they're not the same.
Those two databases that comeout, they're not the same.
One goes with the wild file andthe other one, ian tells us
based on his research, is thatsame database with the wild file

(07:36):
already committed, which meansall that data is in or out and
it doesn't have a wild file.
So what happens?
If the system decides to pickthe one that has it committed,
the while file is still there.
It will try to apply that whilefile, say, okay, let's replay
these events here, and it'sgoing to choke because those

(07:56):
events already happened, right,right, and SQLite is not
designed to work that way.
And I know it's a lot oftechnical explanation for folks
that might be listening and evenseeing, because I don't have
any props.
I'm just talking about what Iknow and what we know based on
what Ian researched and sharedwith the community.
But this is the main pointafter all this and there's more

(08:17):
to say but the main point isthis right, if you take your
advanced logical extraction fromiOS 17, 4.1, right, and you
just put it through your tool,in whatever tool it is, and you
don't care about it and you passit on, you're going to miss
chats, because chats usually notalways, but usually are located
in what?

Speaker 2 (08:38):
In SQLite files In.

Speaker 1 (08:39):
SQLite databases right, and that's a serious
problem Because the tool willmake notice of that in some log,
I guess, but you might not evennotice.
And that comes back to what wetalked about last episode about
how I believe tools should bemore let me rephrase that Tools
should make us more aware ofwhere something breaks, instead
of having me dig to a log tofind it and that's a discussion

(09:02):
we had last episode, ifeverybody's interested.
But that's how it is right andthat could be a big problem.
I mean, what have you seen inregards to the topic, heather?

Speaker 2 (09:11):
So definitely props to Ian for putting that out in
the community portal.
Hopefully everybody got anemail if you didn't go into the
community portal and check outthat announcement, because
included in it are a couple ofworkarounds which we'll discuss
in a second.
But I extracted one of my testphones Advanced Logical 17.4.1,

(09:34):
and brought it in and checked itout and there's definitely
issues with my Advanced Logical.
I am missing data.
Some of the databases look tobe empty but they're not.
So using one of the workaroundsthat Ian provided, I was able
to compare the two and you cansee the data using the

(09:54):
workaround and then, of course,in just the regular advanced
logical, I'm missing that data.

Speaker 1 (10:00):
Yeah.
And again, if you're not, letme say this if you're not kind
of part of the community likecome to the show here or follow
folks in LinkedIn or open up onyour listserv or on your emails
from the vendors, you're goingto miss this data.
So those that are listening,reach out to other you know

(10:21):
colleagues from your agencies oryou know people that you know,
and make sure the word spreadsout.
Obviously, the companies areworking on it.
Well, let me rephrase that Iknow Celebrite is they told us
and they do it right.
But that's a little bit of atiny little rant, Not rant, a
tiny little comment here.
I haven't heard about this fromany other vendors, and some

(10:43):
folks I mean I'm not going tosay who they are, but some folks
from the other side of theworld has told me that they're
finding this issue in othertools, not in Celerbrite tools,
in tools from other vendors.
So just because you're like,well, I don't do my logical
extractions with Celerbrite, Iuse Company W, you might still
be susceptible to that.
And the reason for that is that, depending on how the company

(11:05):
makes those logicals, you mightbe exposed to this.
And you got to remember folksneed to be aware that most I say
logicals, but iTunes stylebackups, afc dumps and all that
they're done through DLLs thatApple owns.
Does that make sense?
So different companies, forthat particular purposes,
they're going to use the sameDLLs that Apple provides and say

(11:27):
tell the phone, hey, phone,provide me these things run,
these processes and thoseprocesses will run.
Now what will the company dowith that?
Right, so that's what I'msaying that this problem might
be.
I'm pretty sure and again, I'mnot 100 percent sure, I haven't
tested it, but I'm making areally good, informed guess that
other companies might be havingthis issue.

(11:47):
And again, full file systems.
Will they be susceptible?
I don't know, it depends whattheir sticker sauce is, but if
their sticker sauce includessome of these processes that
Apple has for their phones, itmight be susceptible.
So you have to always try tocheck out when you see these
things that your product is notbeing susceptible for it.

(12:09):
And if it is, then, likeHeather's saying, you need to
think about how can we get thejob done until the tools catch
up with.
I'm not going to say fix,nothing is broken.
It's just that somethingchanged right.
So how are they going to updatethemselves to accommodate this
new change in our working space?

Speaker 2 (12:28):
Exactly so.
Ian talked about a couple ofworkarounds.
I have one here.
Let's see.
So the first workaround hetalks about is to locate the zip
file created as part of theextraction process and then,
using a tool such as 7-Zip,extract the zip file created as
part of the extraction processand then, using a tool such as
7-zip, extract the zip file toyour computer and then extract.

(12:51):
Or you could extract just thebackup service folder and then,
if you're prompted to overwritethe files which you see here in
the screen, it's asking if youum saying, stating that the
destination folder alreadycontains these files, do you
want to replace the existingfile?
You would hit the yes, sooverwrite the files and then,

(13:12):
from within PA, you open thatunzipped folder as an iTunes
backup.
So just using the folder option.

Speaker 1 (13:23):
Yeah, and I mean it kind of makes sense.
It makes sense in like Idescribed previously.
Right, if you dump the files tothe file system, which is what
this is doing, if you uncompressthe zip file, you're dumping on
the file system, the filesystem through zip.
You have to make a decisionbecause you're going to have
both files in the same place,the same path, and then you

(13:45):
overwrite one and keep the otherone and obviously, on Ian's
testing, the one that remains isthe one that matches the while,
and then you're good to go.
But what problems could youforesee with that type of
approach, heather?

Speaker 2 (13:58):
Yeah, so definitely changes.
There'll be changes made toyour extraction.
You're not going to be able to.
You're not verifying the hashto the original hash that came
out with the extraction and Ianeven has in bold in his
announcement to the community toplease note that this solution
involves removing the committedversions of the duplicated

(14:19):
databases from the extraction.
Any steps taken should beundertaken with due care and
consideration and you must bewell documented.
So I think the documentation iskey here.
You're still going to have youroriginal extraction, your
original data, but documentingany changes you may have to make
to be able to view the data andthe tools.

Speaker 1 (14:42):
Yeah, and that speaks to a larger point that we need
to make our stakeholders awarewhat makes something forensic is
not just because I use aforensically you know a tool
that's been endued withforensicality, Like something
being forensic is not a propertyof like you know, a property of
water is wet, A property ofCelebrite.

(15:03):
Is that it's forensic, Likethat's not a thing, right?
Forensic is not a property.
What forensic means is thatyou're able to document the
steps you took to be able towhat Recreate it.
Recreate it or replicate itBoth words are perfect, right.
So that's what forensic is right.
You have to do the steps to getto this data.
Of course there's preferablesteps, right?

(15:26):
I'd rather not have to open thecontainer, right?
If I can avoid it, but if it'sunavoidable, then we have to do
it, right?

Speaker 2 (15:34):
Yeah, so there's a workaround too as well.
Did you want to explain thatone?

Speaker 1 (15:40):
Yeah, yeah, yeah.
So the second workaround is youtake Insights PA, which is the
new branding name for thetooling that Celerbite provides,
and you process the thing.
Now you go to one of the Ithink it's the file info tab, if
I'm not mistaken, right Correctand then you can look at
different files that might be ofissue here and you take note of

(16:02):
those.
After you take note of those,you can then go open the using
7-zip.
You have to use 7-zip to do it.
You don't do it through the.
Windows zip management thing.
That's not going to work.
You take 7-zip, you go in andyou flag those files and you
take them like, delete them fromyour zip and then save that zip
.
Now, that zip doesn't havethose files and then you process

(16:24):
it and then you're good to go.
Of course, like Heather said, abig problem in regards to that
I say big problem, but a problemin regards to hashes won't
match right.
Right and well, I mean I'm on aroll, so I'm going to go.
One more thing I decided what Ithink what I'm doing is an
approach of both.

(16:44):
Right, I'm saying that becausethe whole dump everything to the
computer and then parse it.
I don't like it because, true,the databases will be there.
The main metadata for the chatsif it's a chat, that's a
database for chats it's going tobe within the database, so that
doesn't get affected.

(17:05):
Now, the metadata for thedatabase itself, that outer
shell of the database, doeschange, right, the creation date
is now going to be the date.
The thing was uncompressed,right?
And Heather, jump at me if Isay something badly explained,
you're good.
All right, and then that's notan issue.
But what happens with possiblemultimedia files that come out

(17:26):
of that media?
Right, and maybe the tool notalways, but maybe the tool
depends on some of that metadatathat comes with the file itself
or some exit data.
And again, I'm not sayingthat's the case at all times.
Remember, there's manifestlists and there are different
things that have the metadatasomewhere else.
I get it.
But I don't want to run thatrisk.

(17:46):
So what I do is I take the zipfile, I dump it, right, I
uncompress it and then parseonly for the chats, that's it.
Then I take the original zipfile, parse it again for
everything else, okay, withoutchanging anything else, just for
the everything else.
So at least I kind of minimizethe scope of what could be quote

(18:08):
, unquote an issue here.
My second report, all thehashes will match because I'm
not changing that zip file butI'm using it only for the
specific purpose of everythingbut the databases.
And then for the other extract,I say extraction, but the other
report that I make out of itjust for the chats.
Then I can just speak to those.

(18:29):
So does that make sense?
So I'm trying to take the scopeof issues and minimizing it as
much as I can, if that makessense.

Speaker 2 (18:37):
It does.
It makes sense.
I have to pop your comment uphere though.

Speaker 1 (18:44):
Savi's my kid.
He's saying hi dad in Spanish.
Hi Savi, they're watching.

Speaker 2 (18:54):
That is so cute.

Speaker 1 (18:58):
It is.
It's my eight-year-old, thecutest thing you wouldn't
believe.
That came out, that came out ofme.
He's so beautiful, so smart.
Um, a quick, a quick side notehere, real quick.
Uh, I see all the folks cominginto uh into, uh, into instagram
.
So thank you also for all ofyou to uh for for showing up,
for we see you.
Yeah, all right.

(19:19):
So, yeah, so, so you know, and,um, yeah, one more thing.
This is important, right?
So these type of things whenthey happen, you need to be
aware.
I had in my LinkedIn a coupleof people told me hey, look, we
read your post and we went backand two of our cases had that
issue and they didn't notice.
Wow, so, yeah, just check outthe post when you can.

(19:41):
Awesome, yeah, they mentionedit, so they came across it.
So please, please, please,please, while this is getting
fixed, make sure that thoseadvanced logicals are being
properly parsed and give yourfull file systems an extra look,
and it don't matter if you'renot using seller by tools.
Okay, right.
Now this is the last thing I'mgoing to say on this topic,
which is important.
We said in this show a lot oftimes we're not shields for any

(20:03):
company.
We're also not haters of anycompany, and I've gave some
constructive criticism toCelebrite in the past.
But now, today, I'm here togive them a lot of credit.
Right, and it's how it goes,right, we try to call it as we
see it.
Celebrite took the step ofactually sending out somebody of
Ian's caliber to make sure thecommunity is aware.

(20:24):
They came out with workarounds.
Not only that, they're workingon a white paper that will be
coming out soon about the issues, because that's necessary,
right, if I need to go to courtand explain why there's some
issue with hashes, with theseparticular extractions, we have
the backing now with that whitepaper, extra backing of what's
going on, right, right, becauseyou have that documentation with

(20:46):
you, plus your own knowledge,expertise and your own notes,
and that's something that I wantto see companies continue to do
and do more.
Okay, that talks about thattransparency that we talked
about last episode, that we wantfrom our vendors.
It also talks about theintegrity of the work they do,
and they could have hidden theball right.
They could have said well, youknow, let's fix this real quick
and maybe nobody will notice.

Speaker 2 (21:07):
Yeah, I'm glad they didn't.

Speaker 1 (21:09):
Exactly which.
I've seen this happening in thepast with other companies.
Yeah, right, so I give themcredit for that.
Yeah, can you share Kevin'scomment there?

Speaker 2 (21:20):
I can.

Speaker 1 (21:22):
Yeah, and Kevin, I there, and yeah, and kevin.
I mean, that being said, kevin,kevin is totally correct.
Kevin is saying that he wishesthe post was public and not
behind a login for customers,right, and of course there's
always space to to be better.
Um, so, yeah, that maybe makeit make another type of
notification.
I think they send out emailstoo, but again, emails goes
mostly to customers, right, um,people that are that are in that

(21:42):
list.
So, but hey, I give a lot ofcredit just for being able to
put that out there at the speedthey did it.
And yeah, that's how we're here.
We took that and we try to alsomake it known to the community
and now you that are listeningor watching then kind of also
let other people know.
So good stuff.

Speaker 2 (22:04):
I agree with Kevin, because sometimes they're
sometimes there's like oneperson in charge of like uh,
managing all of the, the donglesand stuff, so they have the
login and they get the email andif they don't share it with
everybody, that works for them.
You may.
You may have a lot of peoplethat miss the um, miss the
notification.

Speaker 1 (22:21):
So that's actually a good point yeah, I mean uh, yeah
, uh, yeah, I'm gonna leave itlike that, I'm not gonna put,
I'm gonna, I'm not gonna thrownobody under the bus, but um, um
, yeah, if you're one of thosepersons, make sure you put out
like that person is responsiblefor it.
Make sure to put it out.
Send an email out.
You might be like well, I sawit on the celebrate portal.
I sent many.

(22:41):
Everybody must know, everybodydoesn't know.

Speaker 2 (22:44):
No, they do not.

Speaker 1 (22:45):
Send an email to your squads, to your troops, to your
different units that are faraway, and make sure people are
aware.

Speaker 2 (22:57):
All right.
So we have the UniversalForensic Apple Device Extractor
next, and I'm going to put thelink up for that while Alexis
talks about it.

Speaker 1 (23:09):
Yeah, so this is some interesting project that I
forgot who sent it to me.
I'm the worst, but somebodysent me a message saying, hey,
have you checked this projectout?
And I'll be like, well, no, Ihaven't, let me check it out and
it was actually pretty, prettygood.
It's Python-based but it has anice graphical user interface
and, as of today, it runs onlyon Linux and Mac.

(23:32):
There's some issues with theGUI libraries that Windows
doesn't play nice with them, sofor now, that's the case.
That being said, yeah, keepthat in there.
That's perfect.
I want to make a, I believe so.
I believe that you want to.
If you can work with yourdevice in the environment that's

(23:53):
most similar to it.
Okay, for example, we knowandroids and ios's right um come
from a unix, linux background.
That code okay.
When you work with a appledevice in a Windows computer,
there's nothing wrong with it,but it's not a similar
environment, so you got to becareful when you do that.

(24:13):
Okay, I'd rather do that typeof work on a Mac.
And obviously, tools forensictools are kind of moving,
gravitating more towards Windowsenvironments before you have a
little bit of competition inregards to tools running for Mac
for doing forensics and toolsrunning on Windows for forensics
.
But I think we need to revivethat and that's why my projects

(24:34):
I make the point of making themcross-platform, and I'm going to
go off the topic for a second.
Give you an example.
Folks that are listening andwatching.
When you pull out a file foranalysis, let's say a media file
, from an, an ios device, thefile system that the ios has is

(24:54):
apfs, right apple double filesystem device.
Okay, there's metadatacontained within that file
system.
If you move that from youriphone and drop it on your
Windows box, what's going tohappen?
Heather?

Speaker 2 (25:06):
You're going to lose some of that metadata.

Speaker 1 (25:08):
You're going to lose it because NTFS, the file system
for Windows, or even if youhave FAT whatever or XFAT,
doesn't matter does not know howto deal with that information
because it has no way toaccommodate it to its own file
system.
An example of that is extendedattributes in APFS file systems.

(25:29):
Okay, it's kind of funnybecause you know APFS is Apple
File System, so I'm saying filesystem twice, apfs, apple File
System, file system.
Anyways, I digress, but yeah, Imean.
So extended attributes aresuper important.
It tells you a lot about thatfile, possibly where that file
came from, some maybe usernames,like if you're dealing with

(25:52):
files that are coming throughthe Bluetooth technology with
AirDrop, right, if you pull thatdata out and you dump it on a
Windows box, you're going tohave issues.
Another simple example you wantto look at that picture, dump
it on a Windows box, you'regoing to have issues.
Another simple example you wantto look at that picture and
it's a I don't know how topronounce this.
It's HIC or HIC, I don't knowH-A-I-C extension files, right,

(26:14):
if you dump it on a, you dropthat file on a Windows box.
You'd be like I don't know whatthis is.

Speaker 2 (26:19):
Not even opening it.

Speaker 1 (26:20):
Yeah, exactly, but if you put it on a Mac box, you'll
be able to actually look at it,right?
Right, and let me tell you, ifyou really want to squeeze that
case and get all the data,sometimes you might have to pull
some files out of yourextraction to do some further
by-hand analysis.
So you want to do that withinthe file system.

(26:41):
That's more like the systemthat you're examining, okay, in
this case.
Going back to the tool.
All that being said, going backto the tool, this tooling runs
on Mac and I love it because itgenerates not only an extraction
, it generates extraction andpulls logs as well.
What you see here on screenright now, it's a little bit of
the interface.
It's a classical kind of Linuxinterface.

(27:02):
When you set it up, I love it.
It's a classical kind of Linuxinterface.
Like when you set it up, I loveit.
It works really well.
And when I put my test phone, mytest iOS device, at first, it
didn't find it because I neededto make sure to put in the PIN
code and make sure it recognizedthat you could pair it with
that computer.
Okay, this tool will not breakyour encryptions or nothing like

(27:24):
that, right?
Well, let me step back.
There's some brute forcecapabilities, but that's for a
little bit later.
You have to have access to yourphone, you have to be able to
pair with it and it tells youthere all the information about
that device.
Let's go to the next slide andthen it gives you a menu of
options, and this is the meatand potatoes of this program.
You can save the deviceinformation to text, which you

(27:46):
saw in this previous screen.
You can do an iTunes-stylebackup.
You can do a Logical Plusbackup, which is kind of like
that iTunes-style backup withadditional information from like
phone call logs and stuff likethat.
Or you can do it UFED-style,and UFED for those who are

(28:11):
familiar again with seller bytools, it's the type of the
format that UFED for PC gave uswhen we made our advanced
logical extraction we werementioning a little bit ago.
It's kind of funny, right?
This has been the advancedlogical extraction week.
We didn't plan it that way, itjust happened.

Speaker 2 (28:22):
Still go for your full file system.

Speaker 1 (28:24):
Yeah, well, of course , if you can and I have a meme
for that right Whenever there'sa new file system, you go and
you say hey, you know, tool,what can you give me?
And the best I can give you isadvanced logical.

Speaker 2 (28:38):
Yep.

Speaker 1 (28:39):
Because we don't have support for full file systems
yet.

Speaker 2 (28:41):
Exactly.

Speaker 1 (28:42):
Yeah, so yeah, because we don't have support
for full file systems yet.
Exactly, yeah.
So again, this is the thingFull file system is the
preferred extraction, but youwill not always get it.
There will always be some lagtime between the new version of
the tool I'm sorry, the newversion of the operating system
and a new version of the toolthat actually gives you full

(29:03):
file system access to it.
That's just the.
That's just how this game isplayed, so advanced logicals
will still be relevant to yourinvestigations oh, yeah,
definitely yeah, and thisparticular tool gives you that
ufit style, which means it hasthe the uh ufd file there that
has all the metadata data in it.
I don't know if I don't think Iadd that to the screen.

(29:24):
But that's fine, let's go tothe next slide.
So when you run it, I ran theUFED style backup.
So it does logical backup.
It's a nice progress bar.
And then after it goes, it doesan AFC extraction of media
files, which I kind of mentionedpreviously, like the AFC
conduit, pulls those in and thebackup is complete.

(29:45):
When the backup is complete,what you're going to get is a
nice collection of files whichwe'll show in a minute.
Another option is to collectunified logs.
Heather's going to talk aboutunified logs more in a second
another method, but this methodI found it, as of today, to be
the most painless way of gettingunified logs from my device so
far.
You literally hit option numberfive collect unified logs.

(30:08):
You hit okay, it takes sometime, you sit there tight, you
wait and then, after it's done,you have a nice log archive with
everything you need there andagain talking about using like
environments to do your analysis.
If you dump that log archiveinto a Windows box, you're dead
in the water.

(30:28):
There's nothing you can do withit.
But if you do it on a Mac, on amacOS device, you can then use
the macOS viewer that comes withMacs and really look at all
that data within that logarchive, All right.
And when the full backup isdone, you can feed it like you
can see there on the screen, forexample in this case to
Physical Analyzer, and it worksjust like any other extraction

(30:52):
that you have done.
This is great because the costof this is it costs as much as
our tooling costs, which is zero.

Speaker 2 (31:00):
Zero is nice Everybody likes that price Zero
is nice Everybody likes thatprice.

Speaker 1 (31:07):
Yeah, so yeah, and it works really well.
The author is Christian Peters,I believe he's from Germany and
he's adding some othercapabilities in regards to doing
, possibly, screenshotting ofthings within your device.
So he didn't give me details,so maybe I'm saying that wrong.
Hopefully not, but he's still.
The point is he's working onmore developments on the tool,

(31:31):
so I'm really happy to see notonly decoding things like what I
do, but also some extractionthings that folks are getting
into that space and making itopen source, so I'm really happy
to see that.

Speaker 2 (31:41):
I thought it was cool too.
He wrote this script for hismaster's thesis, so for his
schooling.
I just thought that was a coollittle detail.

Speaker 1 (31:50):
Yeah, I think they should give him the diploma
right now.
Yeah, definitely.
Why are we waiting until theend of the semester?
Give that man his diploma.

Speaker 2 (32:03):
Speaking of the Unified Logs, so I tested out a
out a unified logs tool thisweek too.
Um, created by lionel notari,and I actually have a link here
to his blog his blog about awhole bunch of other topics as
well, but the unified log is, um, his first digital forensic
tool.
He did a LinkedIn post talkingabout his very first digital

(32:26):
forensics tool, which is awesome.
The tool allows you to extractthe unified logs from an iPhone
and in a forensically soundmanner.
You need to run it on a Mac andthen, after installing the
dependencies that he provides,when you request a copy of his
tool, there's just a simplecommand that launches the tool.
So I request a copy of his tool.
There's just a simple commandthat launches the tool.

(32:46):
So I have some pictures of thishere and here is the command.
And I screwed it up because Ialways screw everything up the
first time and I did not put thepath in where the script was
and I couldn't figure out whatwas wrong.

(33:08):
So I had to email him and hewas trying to figure out what
was wrong and I figured it outin the meantime, thankfully.
But you put in the command,enter your password and here's
when I add the path and get itright.

Speaker 1 (33:22):
Look, look, look.

Speaker 2 (33:24):
When.

Speaker 1 (33:24):
I opened.
I make code to open thousandsupon thousands of files right,
and every time I need to open afile in Python I have to be like
what's the with open command?
Again, how is the full?

Speaker 2 (33:34):
command again.

Speaker 1 (33:35):
And I have to Google it every single time, even
though I've done it a thousandtimes, so don't feel bad about
it.

Speaker 2 (33:42):
I like to share the things I screw up because it
happens on a daily basis, so Idon't know.
Hopefully there's others likeme, I guess.

Speaker 1 (33:51):
I mean, there is and we'll talk about more of that in
the end part of the show.

Speaker 2 (33:57):
So it opens up this nice interface and hook the
phone to the Mac Enter, whetherit's locked or not, who's
performing the extraction.
So it gives you a chance to putyour name in the name of the
device, what you want to namethe log archive file, where you
want to put it, and then youjust click this initiating log

(34:18):
collection at the bottom andthere's my information and you
end up with whatever you namedthe log archive and again you
can view it right with Mac'sinternal console to view it and
I thought it was really easy touse, was super quick and really

(34:38):
cool and awesome.
To Lionel for his first digitalforensics tool.

Speaker 1 (34:42):
Oh, it's fantastic.
I mean, we went from having tojump 20 hoops to get this log
archive out of iPhone so now wehave two tools to do this type
of work.
You know, I say a really slightcritique that I'll give is that
his code it's encrypted and hesaid that it's because it's not

(35:05):
done yet.
And again, he doesn't have toexplain us why he did that,
because he wants to right.
Maybe he wants to protect thatintellectual property and that's
fine, I'm not against it.
But my smallest critique is just, it's a personal preference.
I like to see that code, ifpossible, and to learn from it
and also to validate some ofthat stuff.
It makes it easier, but it'snot a necessity, it's more of a

(35:27):
personal preference.
So you know you have to, likeHeather was showing in the
screenshot, you have to makesure that you use the encrypting
, the crypting libraries beforeyou execute the program or it's
not going to work because ofthat function but issue.
But that's not an issue, justbecause that's how we decided to
do it.
But nothing wrong with it, it'sjust.

(35:47):
My personal preference is thathopefully it would be open
source.

Speaker 2 (35:50):
But people make choices and we respect those
choices what do we have allright, all right, so so yeah,
it's up for my.

Speaker 1 (36:04):
Although I I talk about so much this show right,
next show, it will be your timeto rant.

Speaker 2 (36:09):
I ranted last time.

Speaker 1 (36:11):
That's true.
So I'm not ranting today, but Iwill say a lot of things that
are in our minds, right.
So I've been thinking about afew days to the concept of
building brands.
Right, and when I say that Imean it in the context of
digital forensics.
We're familiar with personalbrands.
Right, and when I say that Imean it in the context of
digital forensics.
We're familiar with personalbrands.

(36:32):
Right, we know that.
You know obscure back thenobscure family of a lawyer, the
wife and daughters.
They became influencers and arereally famous people.
Right, we know who those arethe Kardashians right.
So when we think about brandingand influencer, we think about
them.
Right, and obviously I'm notsaying you should be or think

(36:54):
about being the Kardashians ofthe digital forensics world.
I don't think we want to seethat either, but no, please
don't.
I think there is value in havingthat kind of like a personal
brand, right, in regards to thethings that you do and the
things that you care about.
So I want to spend some timetoday maybe all the way to the

(37:16):
end of the show pretty muchdiscussing why we believe this
is important and how can we getto it right, and you know, the
first part I wanted to mentionabout is why is this important?
Right, and I was thinking abouthow you spend so much time,
let's say, at your workplace,developing a good reputation or

(37:36):
being a hard worker, or beingknown for the work that you do,
right, and if, all of a sudden,something changes, if you're
laid off, if you move to anotherunit, if you have to move
across the country to getanother job or whatever it is,
you're starting again, buildingthat credibility from scratch.
All right, and that's usuallyhow it happens.
You find yourself having toprove yourself constantly, and
there's nothing wrong with thatin a sense, but I believe that

(37:59):
if you have a brand, that havingto prove yourself is less,
because you are a known quantity.
Where you go, when you have apersonal brand.
A personal brand, I believe, isportable you can take from one
place to another place toanother place, because it
precedes you as well as itfollows you.

(38:19):
Having a personal brand, I alsobelieve that shows that you're
resilient, that you're adaptable, that you're up to date, and
that's something that's reallyimportant, especially if you're
coming new into this space.
You need to build a brand toshow that you're malleable, that
you can learn, that you arekeeping up with the

(38:40):
conversations that are happeningwithin the community, and these
conversations are conversationskind of cutting edge
conversations what's the latestthings that are happening?
Okay, having a personal brandmakes you visible, and when you
have visibility within thecommunity and your workspace,
that leads to opportunities, andthose opportunities need to
lead to new responsibilities andthose responsibilities

(39:02):
hopefully also lead to more pay.
I mean, there's nothing wrongwith getting more pay, right.

Speaker 2 (39:09):
No, nothing at all.

Speaker 1 (39:11):
And you know, I mean neither Heather and myself are
motivated extremely by pay butpay is important?
Yeah, all right.
So the idea is so, how do webuild a brand?
Right, and you might say, well,why?
What credibility do you haveabout building a brand?
Look, I've been doing this forover a decade in regards to the

(39:31):
digital forensic stuff, and I'vebeen doing law enforcement, for
in September it will be 17years, okay, and even before
that I was doing computers as anassistant administrator and all
sorts of things, so that if Iadd that time, it will be about
23, 20, almost sorts of things.
So that if I add that time, itwill be about 23, 20, almost 25

(39:53):
years of experiencing IT relatedthings.
Okay, and throughout thoseyears I tried to kind of share
with the community and that ledwith me noticing it, to kind of
having a little bit of aplatform that has served me well
and has served others well,right, so that's why I think I
could speak on we can both speakon the topic.
And Heather I didn't tell thisHeather before the show, so, but
no, whatever I'll say it, Iknew of Heather before she even

(40:18):
knew of me, okay, becauseHeather was super active and she
had her own brand within theISIS listserv.
Everybody knew that whenHeather asked a question in the
listserv.
It's going to be a reallyincisive question, right?
Everybody knew that whenHeather gave an answer, it would
be an answer to the actualquestion, okay.
So when I met Heather last yearin person for the first time

(40:40):
when we taught the basic mobiledevice course in IASIS, I knew
who she was before.
She knew me right and that ledto us coming together and doing
the show, among other thingsthat we do together right in the
forensic space.

(41:00):
So you build that brand and youwill get that and people knowing
you and bringing you intothings, because you have that
brand and you build it right.
And before I get into the steps, I want to say one more thing.
You build that brand not onlythrough the internet and social
media.
You build it with your workers.
You build it right.
And before I get into the steps, I want to say one more thing.
You build that brand not onlythrough the internet and social
media.
You build it with your workers.
You build it with your bosses.
You build it with the folksthat you interact outside of the
organization.
In my case, I have to build thatbrand with my prosecutors right
that to make sure theyunderstand the work that I do,

(41:22):
where I specialize on and whatthe the quality of my product
right, and that spreads aroundand you build that brand within
your workspace.
Okay, and that's superimportant if you want to be
successful and happy at your job, right?
So did I tell you that beforethat I knew you from the?
I see I told you before that,right?

Speaker 2 (41:41):
I think I knew of you , though Everybody knew of you.

Speaker 1 (41:47):
It's the branding, and also me being annoying as f,
so yeah, so.
So how do you do this, right?
How do you?
How are you like heather, thatI knew about her before she knew
that I knew about her and viceversa, right, she knew about me
for being annoying, right?
So how do we?
How do you create that?

(42:08):
Well, the first thing is is tothink about what is unique about
you, right, and that doesn'tmean that.
Well, I discovered how.
I discovered how to parse JSON.
I was the first person in theuniverse to do a SQLite query.
Like you, don't have to be thatperson.
The uniqueness doesn't meanthat you have to be the first
person or the only person to doX.
All right, the fact of thematter is that you're unique for

(42:35):
being you, because there'snobody else like you and there
will never be anybody else likeyou, and in my case, thank
goodness, you bring yourexperiences, you bring your life
.
I mentioned how I came from acoding background and what's my
uniqueness?
I believe I have.
I come from that codingbackground and what's my
uniqueness?
I believe I come from thatcoding background and I came in,
I discovered I like mobileforensics a lot and I said, well

(42:56):
, how can I also necessity right, how can I make these things
better?
And I took what I like frommobile forensics and forensics
in general, added it with mycoding and that's where the Leap
project came to be, which againhas open opportunities that I
never imagined that would happenand the projects being used
worldwide, right.
So how do you do that?
Right?
How to bring those?
Not a lot of people know Imentioned this like three or

(43:17):
four years in an interview withJessica Hyde in the Magnet
podcast.
Before I became an examiner anda computer person, I was a
seminarian and I know that'shard to believe.
I didn't believe it when youtold me I was six months away

(43:37):
from finishing seminary school.

Speaker 2 (43:41):
I still can't believe it.

Speaker 1 (43:44):
But I bring those experiences too right, that love
of helping people, of makingthe world better, of preaching
in a sense, and with my rantsSee a couple of people in the
chat saying what.

Speaker 2 (43:58):
I agree with Mary and Lori.
What it's exactly my response?
I had no idea.

Speaker 1 (44:04):
The chat is going crazy.
Now saying what?

Speaker 2 (44:06):
I was.

Speaker 1 (44:09):
I used to preach, yeah, like professionally.
Now I do computerprofessionally, but you bring
those experiences to yourworkplace, because you're a few
human being, right?
I mean that uniqueness, heather, what do you think?

Speaker 2 (44:25):
Yeah.
So I think there's uniquequalities about each and every
person.
In this field, Everyone hassomething to offer.
A lot of times I have troublefiguring out what sets me apart
and what's unique about me.
And then, of course, I comehere every two weeks and Alexis
does his intro for me and I'mlike, oh, is that it?
But even if you don't see inyourself what's unique about you

(44:50):
, other people are going to seeit and they'll point that out to
you.
Which has been done for me, Imean definitely.

Speaker 1 (44:59):
Look, you're so unique that I know that we could
do the show for the next 20years and I will always have
something new to say every showabout you, like, like,
guaranteed, and I will alwayshave something new to say every
show about you like, guaranteedWell, thank you, Thank you.
I want to share this thoughtfrom Brett.
Brett says he might not be aseminarian, but he prays during
every acquisition.

Speaker 2 (45:20):
I think we might all do that.
We all join you.

Speaker 1 (45:30):
Even if you're a non-believer, like I am now, you
will still, just in case, maybelight a few candles too on the
way.
Yeah, we want that thing too.
We want those hashes to match.
Please, universe, make thehashes match.
So, yeah, so you bringuniqueness right, we bring that
to the table right, and thatuniqueness needs to be framed

(45:52):
and with that, I think it needsto be framed within what are
your values?
Okay, and values, uh, you knowand this is something that I
kind of thought about throughoutthe years and and read some
books that are on the topicvalues are the things that that,
uh, that you value.
Obviously it's a value, butit's what gives you purpose.
That's what I said.
It's what gives you purpose.
That's what I said.
It's what gives you purpose.
Why are you doing what you'redoing?
Right, and these things areimportant, right, for some

(46:15):
people is money important?
For some folks it is.
It might be really, reallyimportant to have money, and
there's nothing wrong with it.
Money allows us to do otherthings and get something wrong
with that, but allows us to doother things and get something
wrong with that.
But it might not be money.
It might be something elseright, or maybe not only money,
it might be one of those.
So what other things are thanmoney?
Because this is work.
That's why I mentioned moneyfirst.
We're not going to do this forfree.

(46:37):
We need certain things rightthe pyramid of needs, right.
We need food, we need shelter,we need clothes, we need health
and what else and some otherbasic necessities right, so we
need those.
But what are your values, right?
Um, I value justice, right.
That's why I'm in this field,in the law enforcement field.
I value service, I value thefact that I came to this planet

(47:01):
and that, hopefully, when Ileave it, I will leave it at
least a tiny bit better than howI found it.
And I value curiosity and Ivalue the truth.
And this is different frombeliefs, because when we talk
about beliefs, we're talkingabout the things that you think
are true, and it's okay to baseyour value in beliefs, because

(47:28):
you're not going to base it onthings you think are false.
Right.
But the thing with beliefs andvalues is an important
difference, because belief iswhat you believe is true, but
values should inform yourbeliefs.
If you base your value only onbeliefs, anything that comes
into conflict with your beliefswill be a threat, because if
something comes in contact withyour beliefs that's contrary to
what you believe in, you run therisk of being wrong, and nobody

(47:52):
wants to be wrong, right.
But if I value truth, well,guess what?
I will take that value and thatvalue enforce my belief and I
will change my belief.
And I say that because theconversation in our circle says
well, you're examiners, you needto be unbiased and impartial.

(48:13):
And we constantly declareourselves to be unbiased and
that's ridiculous, right?
The fact that you're sayingthat you're unbiased, it's in
itself a bias.
I mean, come on, man, it's likeyou cannot declare yourself
unbiased or impartial becausewhen you declare it, you're
obviously not right.
I think the conversation is tomove more into the value sphere.

(48:36):
What do you value?
I value truth, I value justice,I value honesty, I value the
correctness of the evidence, andthose values will inform my
beliefs If I might be believingthis person is guilty.
But as truth comes, I willchange that belief.
Right, we have a scientificmethod within our science.
Right, our digital forensicsfield that guarantees that our

(48:59):
values shine through and ourbeliefs are accommodated to the
facts of the case, the facts ofthe planet, of life, of the
universe, and this is important.
We're all biased in certain ways.
In certain things we're human,it's there.
But we value something beyondthat, beyond what we believe at
the moment.
We value being andunderstanding what the truth is,

(49:23):
no matter the cost.
So that's why I'm not afraid inlooking at an exam and coming
across a piece of data thatcontradicts the theory of the
case, and I have no fear, I feelnothing bad about bringing that
up.
Simple as that, because I'm nothere to confirm your beliefs.
I'm here to express thosevalues, to make our beliefs

(49:46):
change as needed, right?
Does that make sense, heather?

Speaker 2 (49:48):
values to make our beliefs change as needed.
Right?
Does that make sense?
Heather?
That does make sense.
So I'm wrong often, but you'recompletely right, I need to be
wrong to get to that rightanswer.
When I'm working through a case, I think just don't be afraid
of being wrong.
Open yourself up.
That'll open you up to learningmore.

Speaker 1 (50:11):
I mean being when you're new.
I guess we get all of this for10, 20 years.
We forget that beginner'smentality.
Right, oh, I'm a black belt nowI know all there is to know
about the digital forensics kungfu.
And we forget that beginner'smentality when you have to
commit so many mistakes to getto the right place.
You need to be, and that's howlearning happens.

(50:32):
You have to have thatbeginner's mentality at all
times.
You need to always be a whitebelt, even if you have 20 black
belts in this field.
Right, and again, I'm not sayingthat you're going to go and say
, uh well, I am totally biased.
Right, I'm here, I'm notimpartial at all.
Right, I'm not saying that.
Right, you are biased to truth.
You are partial to the reality,you're partial to the facts.

(50:57):
That's what you're partial to.
Right, those are your values,right?
So that's what I'm saying.
And you're biased, everybody'sbiased, but if there's a bias
that I want to really underline,it's the value of truth.
That's what I'm biased towards,I'm biased towards the facts,
and that I feel comfortablesaying every day, at any time of
the week, because that's what Ivalue and I strive, and our

(51:19):
science guarantees it.
The detoxification processguarantees that those values
shine through, if you let it,because if you don't and I'm not
going to say any specifics, butwe know cases where folks are
so tied to their beliefs thateven when the evidence shows,
for example, that the person isinnocent, they persist that
they're guilty.

(51:39):
And you're like come on, areyou not seeing this?
And actually I was reading abook.
I'm sorry, quick, quick,tangent.
I'm going to be sorry.
Folks stay with us 10 or 15minutes after the hour because I
want to stress these points.
I was reading a book by AdamGrant called Rethink or Think
Again.
I think it's Think Again.
He was mentioning in somestudies where folks that lost

(52:01):
their eyesight right, and theyto themselves believed they were
not blind.
They were like oh no, the roomis too dark, we need to kind of
turn the lights on more, or no?
I don't have my glasses.
It's not that the lights wereoff, they were blind, they lost
their vision.
If you had to punch them in theface they would inflinch, right
, but they did not want toaccept those facts because it

(52:24):
contradicted those internalbeliefs.
And some of those persons didhave some.
You know, brain development hassome issues with that right and
that you know that's the case,but sometimes we're like we
could be like that, right, wecould be blind and not want to
accept that we are right.
So we need to constantly focuson values and and those, and

(52:46):
then let the beliefs you knowchange, need to right.
So that's the second part.
You have to live your value.
You have to know what yourvalues are, because when you
know your values then you canactually act upon them and
contribute, which is a thirdstep.
You need to have contributions.
So, in order to build your brand, let me just kind of again
recap that you have to recognizethat you're unique and what

(53:10):
makes you unique.
You got to recognize what yourvalues are and put those into
actions and then put in frontwhat are your contributions?
Okay, what are you doing withyour values that makes you
unique?
Right, and you know, are yousharing those contributions?
And I understand you can't goand say, well, yeah, we just
solved this triple murder caseand give all the details of the

(53:31):
case and we're going to trialnext week, like you cannot do
that.
But what you can do is say,look, there's these artifacts or
these things I've beenresearching.
Or look, even if you're abeginner.
Something as simple as takingan article that somebody put out
and making comments on it isenough.
Like I said, I knew Heatherfrom her contributions on the

(53:53):
listserv and I don't think shewas doing it to get recognition.
I don't think I know she didn'tdo it to get recognition
because I know her pretty wellby now, but that's a byproduct
of it.
You get that recognition.
You build that brand Notbecause you're so much trying to
build it.
It a byproduct of it.
You get that recognition.
You build that brand Notbecause you're so much trying to
build it.
It's because you're actuallysharing your contributions.
It could be as simple as thatParticipating with an article.

(54:14):
My first big contribution, atleast that falls to my mind, was
with Discord.
I had a case I was helping thelocals with an individual that
had coerced a miner to travelwith him that they met through
Discord and nobody knew Discordwhat it was.
They had no idea what it isright and I started looking at
it.
And you know, let's be realhere To contribute you do not

(54:38):
need to be an expert.
You do not.
When I started working on thatDiscord did, I went and
consulted with a Discord expertto make sure I was right.
Could I have done that?
There was no Discord expert.
Nobody knew what Discord was.
It's a new app.
The expert didn't exist.
What am I going to sit thereand just wait till the Discord
expert shows up?
Well, guess what?
And let me tell this to folksreal clear you do not declare

(55:06):
yourself to be an expert.
It's not my sense.
Being an expert is not somethingyou declare.
It's something that is said byothers.
It's something that somebodyimbues upon another or upon
yourself.
You don't declare yourself anexpert.
What you do is you put theknowledge out.
You put what you learned out,right.
And guess what?
With enough time, enough, youknow, going through that process
, learning about makingcontributions in a particular

(55:28):
field, you will become an expert, even if you're not looking for
it.
I'm an expert now.
You will never know that you'rean expert.
People will tell you that youare and you say thank you, but
what you do is you keep ontrucking, you keep on
contributing, you keep onsharing what you know.
When I become an expert, youwill never become an expert.
That's on sharing what you know.
And then, when I become anexpert, you will never become an

(55:48):
expert.
That's not something that youdeclare upon yourself.
Does that make sense, heather?

Speaker 2 (55:52):
Yeah, it does.
I would say always share whatyou find, even if you feel that
people in the field already knowit.
Maybe a majority of the peoplewho see whatever you're sharing
will already know it, but youwill be helping somebody.
There'll always be a handful ofpeople that come across your
research, your posts, yourcomments that didn't know what
you're putting out there, andthen you have contributed and

(56:13):
your influence will grow.

Speaker 1 (56:15):
Oh, absolutely, and look like Heather's saying.
Put that what Heather said,what we said at the beginning
right, you're unique.
Your perspective of whatever itis will help others that might
have the same thought process asyou.
Right, and I mentioned at thebeginning of the show.
We mentioned how Ian came outwith a notification about what's

(56:35):
going on with the advancedlogicals.
I did a post on LinkedIn,obviously referencing him, how I
viewed or my synopsis of it andmy steps on how I took his
workarounds, how I use them formyself, right, and that's my
point of view, and a few peoplewere able to write and say, hey,
you know, we appreciate that.
That really helped us.
You know, drive it home, youcan.

(56:55):
I mean, if I do it, anybody cando it.
You remember those old Geicocommercials?
You know it's not Geico, it'snot Geico, but you know like a
caveman could do it or somethinglike that, some caveman.

Speaker 2 (57:06):
What was that?
It's an old commercial.

Speaker 1 (57:07):
Oh, you don't watch TV Actually that's better,
that's all right.
Yeah, not watching TV actuallymakes you smarter.

Speaker 2 (57:12):
Anyways, did you expect me to know that?

Speaker 1 (57:16):
I should ask you about quantum physics.
That's more likely to happen.
But yeah, I mean a cavemancouldn't do it right.
If I can do it, a caveman coulddo it right.
So do that, dude.
Add your voice right.
Create that, put thatcontributions out there, right.
Yeah, you have to also findpeople.

(57:37):
Find people like I've beenlucky enough to find good people
to within this field.
Right, to talk about the thingsthat we like, that we have
shared interests that keep mereal, that they tell me hey,
briggs, you're full of emojipoop on this thing or you're
wrong, because obviously thatreally polish my ideas or add

(57:59):
their ideas to mine and we growtogether.
Right, and I got folks that wehave a conversation within
Discord or conversation withinsome other chatting applications
.
People that we started as plaininterested in the field became
colleagues and eventually webecame really good friends.
I'm looking at you, heather,right, build your tribe right.

(58:21):
When you do that, be part ofthe community right.
Be part of the community right.
Take those contributions andfind people that are like-minded
in those fields, because itwill build your brand but be
more important than the brand.
At that point it makes you abetter human being, right, and
you know, don't get red, butit's true.
I'm a better human being byhaving Medhead right and

(58:44):
hopefully you can do that aswell.

Speaker 2 (58:48):
I'm looking right back at you.
So, since since we started ourfriendship, I have learned so
much more than I thought I everwould.
But um, it's you're teaching methings, but not necessarily
always teaching me things, justpushing me to learn things on my
own.
So with that tribe, you'll getthat extra push and the positive
reinforcement from people inthe community.
That will just just make you abetter digital forensic analyst

(59:12):
or whatever your position is,and it'll just make you better
at your craft look, look, when Ipush you out of the nest.

Speaker 1 (59:17):
when I push you out of the nest it's because I know
you can fly, so so don't, sodon't you worry you.
If you don't fly, you at leastglide, you'll be fine.
Thanks, look.
And the last step, right as youhave making those contributions
, create that content right,make it digestible for others
and make people know that youhave content out.

(59:39):
And it's the typical like Ithink it's Chinese or Japanese
koan or thought processes If atree falls in the forest, right,
and there's nobody to hear thatfile Did it make a sound, right
?
And you can tell well of courseit makes a sound, the sound
waves when it hits it, butthere's nobody there.
So, honestly, if it makes asound or not, who freaking cares

(59:59):
?
And that's the whole point.
And I see a lot of my mentees,especially women.
I see a lot of my mentees,especially women, that they find
it hard to push out and letpeople know about their
successes and contributions.
On the opposite side, I see alot of mediocre men portraying
themselves as the last Coca-Colain the desert and I'm being

(01:00:24):
straight here and like dude,really, I mean, I know you're
full of yourself, but come on,man.
And I see women that are socapable and they're afraid of
putting that content out there,right, um, so you need to be
your own hype, hype person,right?
Hype man, hype girl, um, and besure that, look, you made
something good happen.
Send, send a quick email.
Hey boss, I want to let youknow that we had this.

(01:00:45):
I had this success able to dothese.
I want to let you know that Ihad this success able to do
these things.
And just to make you aware,there's something that we can
build upon.
It could be as simple as that.
Right, we have some successes.
Or I shared this.
Look, there's somethinginteresting that we did, or I
did, right and you have to dothat.
Nobody is going to advocate foryou.
The only person that advocatesfor you is yourself.

(01:01:07):
That's just a fact of life.
And if you think well, theyknow they see me work, coming,
being the first in and being thelast out.
They know I do all this work.
I'm here to tell you.
They don't know because theydon't care, because most people
are self-centered and looktowards themselves, me included,

(01:01:27):
because I'm a human being aswell, right?
So we all fail on that part.
Nobody notices unless you makesure that people notice, right?
I mean, do you think that's toofar off the mark, or what?

Speaker 2 (01:01:38):
Yeah, no, definitely.
I mean the entire build yourbrand section.
Just don't be afraid.
Don't be afraid to put yourselfout there.
I have been in the past andI'll tell you it's so much
better now that I'm out doingthings in the community and
sharing and contributing, andjust don't be afraid.

Speaker 1 (01:01:59):
Yeah, and don't be afraid.
And a good way of not beingafraid.
You know what it is, heather.
It's being consistent about it,right?
You don't have to do a blogpost, a five-page blog post,
every day or every week, but youcan comment, put comments on
somebody's post every day.
You can take at the end of theday, because that's the big
issue.
It's like well, when am I goingto do this?

(01:02:20):
I'm busy.
I got my home life, work life.
Look, take an hour, 30 minutesan hour every day.
Comment on other people's posts, repost things and add your
thoughts to it.
Right.
Be consistent on putting yourcontent and your wins Let people
know about your wins as well.
Look, I got a certificate onsomething you know.
I passed this class.

(01:02:40):
Celebrate with me.
Put it on LinkedIn.
Put it on different socialmedia.
Be consistent with letting knowpeople of your wins on a daily
basis.
When you make it a habit, it'snot scary anymore.
Things that are scary arethings that are mostly unknown,
but when you know that when youpost, people comment or you add
to it, you get a couple of likesand things like that, it's not

(01:03:00):
scary anymore.
Okay, because you're actuallyjust contributing, you're
participating, you're being apart of the community, right,
and obviously you have to enjoywhat you do, right, and that's
not a step, but it's somethingthat's kind of the underpinning
of it.
If you don't like doing any ofthis, building your brand is
going to be a waste of time.
You've got to enjoy the process.
It's not so much.
Well, when I get a brand and Ibecome X, you're missing the

(01:03:24):
point.
Right, you got to enjoy theprocess.
You got to a brand is a dailything that you enjoy because
that's who you are just beingyou, and it will work.
If you don't like what you do,if you don't like doing any of
these things, it's not going towork for you.
At the end of the day.
I want to tell to everybody isthat?
We want to tell you that it'syour turn now, right, heather

(01:03:46):
and myself, we have now thispodcast as part of our brand
because we enjoy it.
We like to share ourcontribution, the contribution
of other people, and that'sgreat.
But I want to see you now.
I want to see you listener,watcher, viewer have your own
podcast or make your ownarticles or, you know, start on
your social media.
Do you start doing yourresearch?
Right, I want to see yourvalues in action, the things
that you believe, be informed bythose and, letting us know,

(01:04:10):
share those contributions.
We're like-minded people, welike to share the road with you
and we're actually lookingforward to seeing your brand and
see what you can put out.
So come on, let's do it.

Speaker 2 (01:04:21):
We're waiting, I'm going to have one less coworker
tomorrow morning.

Speaker 1 (01:04:26):
Oh really.

Speaker 2 (01:04:27):
Yeah.
How come Read the comment.

Speaker 1 (01:04:31):
No, no, no, Read it.
Read it for the folks that arelistening.
What does it say?

Speaker 2 (01:04:38):
Would building a brand be like winning?

Speaker 1 (01:04:39):
the Civilian of the Year Award.
Oh, somebody won that.
Who won that?
Who won it Me?
Hey, how come I?
When did you win this, likelast year?

Speaker 2 (01:04:48):
I didn't hear about it.
No, it was a few years ago.
And they say it in my officeconstantly.
Did you know that Heather gotthe civilian of the year award?
They tell everybody that walksin the office and Kevin Sayloff,
who made the comment and didn'tchange his name to something
else, is no longer going to be acoworker.
Tomorrow, dude, you need to bea co-worker tomorrow.

Speaker 1 (01:05:07):
Dude, you need to use a sock account.
Come on, man, you brought theheat to yourself.

Speaker 2 (01:05:16):
Sorry, I couldn't do nothing for you on that one.
I may even get to work on timetomorrow to be at his desk.

Speaker 1 (01:05:21):
No, no, no.
I'm going to say that somebodythat has said against him that
did it, it wasn't him, okay.

Speaker 2 (01:05:31):
Oh yeah, it's somebody that wants to get at
him.

Speaker 1 (01:05:33):
That's.
That's what happened.
You need to do moreinvestigation to confirm okay
dude, leave the state right now.
Um look, I'm I'm not surprisedthat you got it actually.
Actually, it should be comingagain shortly oh, gee, thanks no
but again I mean folks, and weknow we'll be a little bit over
the hour, but I think all thisis important, especially for all
expertise levels new people,older people or Asian people

(01:05:54):
like myself.
In this field, build your brand.
It's a good thing.

Speaker 2 (01:05:58):
Yeah, definitely.
Okay, we're going to keep goingover the hour a little bit, so
I just wanted to point out arecent LinkedIn post from Xterra
.
So, creators of FTK, let meshare my screen because I have a
picture.
They are now supporting LevelDBfiles.

(01:06:22):
So we talked about those lastweek and I talked about a case
that actually we were able tocomplete due to the LevelDB, the
FCM files.
Let me see if I can find thepicture here.
We go.
All right.
Leveldb looks like in the newversion of FTK.

(01:06:46):
It's FTK 8 and they have aservice pack that you install
right over the FTK 8 that youalready have installed.
So you don't have to do a wholenew install with the database
and everything.
You just install the servicepack and they included the
parsing support for the Firebasecloudbase.
Cloud messaging is what fcmstands for level db files, so it

(01:07:09):
gives you an additional chanceto locate message, messages,
notifications, accountinformation and a ton of other
data that's stored in thosefiles.
Um, let me just put up theirproduct here.
So if you're an ftK user,install that service pack, check
it out.
Let me zoom in a little, and Ithink it's one of the best

(01:07:33):
viewers that I've seen for thelevel DBs.
In my opinion, yeah, it'sreally.

Speaker 1 (01:07:38):
I mean, I think they lay it out nice.
Oh yeah, and as folks who aremore familiar with this artifact
, fcms like Firebase CloudMessaging right, it could be
anything, right, it could bewhatever right.
So I really like the fact thatvendors are taking the time to
present key values that arecoming to clear or are also

(01:08:00):
looking at specific FIRE youknow FCM artifacts and decoding
them for you Because I believethey need to do that.
I appreciate that FTK isleading with that effort because
they listen to the communityfor that and I hope, honestly
hope other vendors follow,because there's so much
pertinent evidence in theseLevelDB files, specifically in

(01:08:20):
Android devices.
At this point I'm up to thedozens of cases that I I mean
not including my own right thatI heard from people that reach
out to me.
I can only imagine how manymore cases are being solved with
SCM data that I never I don'thear about, right, because not
everybody calls me.
Hey, thanks for the leap youknow Right.
So I want you listener, viewer,to benefit in your cases.

(01:08:42):
So you know it might be throughFTK.
It might be through FTK, itmight be using the leaps.
It will have to be by youlearning the artifacts and going
into those data stores andlooking through those for those
in your particular cases.

Speaker 2 (01:08:56):
If you've ever tried to parse them yourself, though,
and then report on them yourself, you will be very thankful for
tools like this.
Arsenal does the level DBs,rabbit Hole does the level DBs,
the Leaps you already mentioned,and now FTK is joining the
party on those, so you will bevery thankful for the tools when
it comes to those files.

Speaker 1 (01:09:16):
Oh, absolutely.
And again, rabbit Hole, one ofmy favorites, arsenal as well.
Again, I do like FTK, becausenow it's not only showing you
the double DB contents, it mightbe vendors, I hope again start
adding a little bit moredecoding, extra levels of
decoding that might be neededfor that FCM content.

(01:09:37):
I don't believe it's there yetacross the board, and that's
fine, but that's why we get paidthe big bucks.
Well, sorry, that's why you getpaid the bucks If you're in
government work.
The word big doesn't go there,but you know what I mean.
Right, let me remove that here.
So what's new with the leaps?

(01:09:58):
A lot, oh, my goodness, it's.
It's so much that I have toremind myself how much.
Um right, so again, I think, Idon't know.
Maybe hopefully I meanhopefully johan is still around.
It's super late up in Europewhere he's at, but if he's
around again, johan, I want tothank you for your work.
With the least what Johan hasdone is and let's show the next

(01:10:24):
slide.
First of all, he took all thecode base and he made binaries
executables, but for Macs.
And this is great, because theonly way you could run the
tooling oh, Johan is here, Okay,good good, awesome.
It's good that you're here, man.
Look, we in the community weappreciate this.
Now you can run the tooling asa binary on a Mac operating

(01:10:45):
system, not only on Intel-basedMacs, not only on Intel-based
Macs, but also on silicon-basedMacs.
I have a I think it's M2, m3here that I'm using to you know,
even screencast right now andit works great.
Right, it's really fast, it'sreally nice.
Again, you're using a likeenvironment, which is a Mac, to
deal with a like device, whichis an iOS, and it's all compiled

(01:11:08):
as binary.
You don't have to really usePython or learn Python to be
able to run the tools in thatenvironment anymore, which is an
amazing improvement.
Second of all, johan took thescreens and he changed them.
So I put here on the upper leftthe old version of how Alib
used to look.
Look, right, you had on theleft the artifacts and then like

(01:11:30):
a tinier kind of screen therefor the log as it's going
through.
So johan took those we'rediscussing and talking about it
and and even from his own umperception he took and he
eliminated the the log windowfrom the artifacts, because when
you hit process and I think Ihave the other slide there, the
whole screen turns into a biglog and I really really like

(01:11:56):
that.
I said it last episode Ifthere's any issues there,
they're going to jump at youimmediately.
Any problems, they're going tobe there and you can review that
log up and down before you openthe report.
Of course, this log is alsocontained within the report, but
I want you to be aware of wherean issue might be so that you
can go dig deeper if it'srelevant to your case and the

(01:12:17):
previous screen, like Heatherwas showing, johan took and made
binaries for all the leaves andtook all the leaves and changed
that interface.
Another benefit of theinterface change is that it's
pure Python code so we don'thave to use libraries that want
to charge you or get your money.
It's all pure Python for thecommunity and that is an amazing

(01:12:41):
job.
The community and me personally.
I'm really grateful to Johanfor the work and he's still
cranking it out.
I see all his, his, uh pullrequests coming in and making
the tool better pretty much on adaily basis.
So we're so we're supergrateful for for those changes
um I mentioned oh, I didn'tmention this for folks that
don't know, the leaps arecomposed for a tool for ios

(01:13:02):
parsing, android parsing uh,returns.
That's what returns.
That's when you get.
You send a search warrant toGoogle, apple or Kik or Snapchat
.
Whatever you get back, the toolwill parse it for you and show
you in a nice report, okay, orGoogle Takeout or stuff like
that.
That's the R-Leap and thenV-Leap, which is for vehicles,
the V-Leap one.
What I have down the pike is,after iasis across during the

(01:13:27):
summer, my plan is to reallyfocus on v leap artifacts from
um end of july all the way tojanuary and maybe the beginning
of next year to really beef upthat capability.
I believe there's a big hole inthat sense, not because there's
no vendors, there's, there'svendors, there's a main vendor
for all the car things.

(01:13:47):
But I think an open source,community driven tool will
really help, you know, withreporting right and and
hopefully motivate vendors inthe space to to up their game to
what the specs that we need.
Again, hopefully that makessense.
I don't want to offend anybody.

Speaker 2 (01:14:08):
I don't think you did .

Speaker 1 (01:14:09):
Okay, good.
So I want to be that healthycompetition in a sense, Also as
a validation tool, because rightnow if like Axiom parses and
Celerbite parses, I sayCelerbite, don't call me on it
but some tools do parse productsfrom vehicle folks that do
dumps and process vehicles, butit's not a validation of that

(01:14:32):
process.
They're just showing you theiroutput within their tool and
that's different from me parsingit myself differently or
separately from you.
Let me see if I can.
Does that make sense, Heather?

Speaker 2 (01:14:43):
Yeah, it does, xry does too.
We'll ingest those, but yes, itmakes complete sense.

Speaker 1 (01:14:49):
Yeah, but it's not like X or Y goes to the image
and pulls the stuff out itself,right?

Speaker 2 (01:14:53):
No, they ingest the file right.

Speaker 1 (01:14:55):
That's what I'm talking about, right?
So they take that out, theproduct of the processing from
tool Y or tool B, and they putit in.
Nothing wrong with that.
But I want us to be another wayof looking at that data, with
independent processes.
Right, we do our own parsing ofthe data.
So you can do that comparison,do that validation, see if

(01:15:16):
you're missing something or not,right?
Or indicate where you need todo some manual analysis.
Kevin is saying what is Kevinsaying?

Speaker 2 (01:15:22):
We need vehicle test data.
I've got a bunch for you, kevin.
Not related to work, by the way, yeah, no, not case related.

Speaker 1 (01:15:32):
Yeah, and we talk about, we talk about two
episodes back how hard it is toget these images right.
Yeah, yeah, I'm lucky that Icame across a whole bunch of and
not came across people I askedand people were kind enough to
share some of those with me.
Some, like heather says, someare not case related.
Some are case related, right.
So some of not case related,some are case related, right.
So some of those you know, Ijust I can work on them.
I cannot share them, right, butbut yeah, it will be.

(01:15:53):
It will be just like that.
We will be, we'll be working.
Geraldine Bly she's awesome.
We'll mention her again in halfa second.
She's also going to be helpingwith that effort.
She's a really good expert withcars.
I depend on her all the time,on her expertise both in working
the cars and teaching me aboutit.
So I really appreciate that.
I think we have a question inthe chat, heather, can you see

(01:16:16):
it there?

Speaker 2 (01:16:16):
Yeah, sorry, I kicked my cord and my battery was
about to die.
I saved it.

Speaker 1 (01:16:21):
Okay, good I disappear, it's because oops
Don't leave me alone.

Speaker 2 (01:16:28):
Are you able to do an install video for the leaps for
m1 max?

Speaker 1 (01:16:35):
um, I guess we can right now with the videos that
we have on how to install it.
They're done by hexordia um,and they work great.
I mean, it's true it's Windows,but I think they are what's it
called.
It works just the same, like Ihaven't had an issue installing
it.
The requirements seems well.
But again, you know, I'll tryto get a clean Mac and run it

(01:16:57):
again, see if there's anythingparticular that's different, and
if so, then I'll come back onthe show and some other means
and let people know.
But yeah, so that should befine.
Mary is saying what?

Speaker 2 (01:17:07):
is Mary saying I'll start dumping my rentals?
All right, Mary, start doing it.

Speaker 1 (01:17:13):
Like I said last time , make sure you can put that
dashboard back on.
Yeah, don't ruin the rentalthat's going to be a really
expensive set of test data.
I don't think our bosses aregoing to pay for it, just saying
yeah, so that's yeah.
So Johan is making a goodcomment here.
Can you share that?
Yeah, so I'm going to read it.

(01:17:36):
Johan says since we removedmagic, there's no issue anymore,
and what that means.
It doesn't mean that we haveactual magic in it.
What that means is that therewas one library that we used to
identify different file types,called Magic, and it was having
some issues with some of the Macinstallations that are
silicon-based.
And thank you for the comment,johan, because obviously Johan

(01:17:57):
flagged that and he proposed asolution and we did it.
We took his solution and thattook care of it.
Thanks for the reminder,because I totally slipped my
mind.
But yeah, that shouldn't be anissue.
That library is not used.
We use another library that'smore general.
I say general, but other, notdistributions, other platforms
can use it and solve thatproblem.

(01:18:18):
So you should be able toinstall it with no issues.
Awesome, all right.
So we have another thing that'snew in the leaps.
I really want to highlight thisout.
So when you do a takeoutarchive and for those people
that don't know, if you have aGoogle account, you can ask
Google to give you all your data, and all your data will include

(01:18:39):
location history, your searchhistory, your pictures,
everything.
Right, you can get that.
It comes in different formats.
Json HTML comes compressed in azip.
The cool thing is that the folksfrom Metadata Forensics have
made a parser for RLEAP thatwill take the location history

(01:18:59):
settings and make them reallyviewable for you, which has a
lot of cool information aboutthe different devices that are
kind of attached to the accountthat you took the Google takeout
from.
And I want to flag it becauseyou know Metadata Forensics.
It's a really now well-knowncompany in the space providing
data forensic services and I'mreally happy to see not only

(01:19:22):
individuals but seeingorganizations really valuing the
effort of the open source toolcommunity and also themselves
participating.
So I want to thank metadataforensics for putting that
content for the community.
And again, if you're notfamiliar with takeout B, you
might be like well, that'ssomething that the user has to
pull.
I don't you know.

(01:19:43):
Yeah, that's true, but I hadcases where I got a cooperating
witness that could give me aGoogle takeout that will break
open the case.

Speaker 2 (01:19:50):
Yes, definitely.

Speaker 1 (01:19:52):
So don't dismiss any data source.
All data sources are good.

Speaker 2 (01:19:58):
We've had a case before where the user of the
phone had actually brought hisown Google takeout down into his
phone.
So use this script in the leapsto parse it right from the
actual evidence item right.
Sometimes people request theirown takeouts and save it right

(01:20:19):
on the evidence.

Speaker 1 (01:20:21):
Just saying, oh wow, that's really wild.
It's like I have an extractionplus plus.
Yes, that's really wild.
It's like I have an extractionplus plus, yeah, yes.
Second of the extraction andthis and the third one request.
I think how you have to do it.
You put it down for me, thankyou exactly, exactly oh wow, I
like that story.
I'm gonna use it.
I'm gonna use it from now on.
It's good again.

(01:20:44):
Never you look.
A forensic device that you'reanalyzing is like a box of
chocolates.

Speaker 2 (01:20:51):
Heather you know what comes next.

Speaker 1 (01:20:52):
The phrase you never know what you're gonna get okay,
good, oh, thank goodness I knowthat one okay, good, okay, if
you if you hadn't, I would havebeen really troubled.
Okay, yeah, look, we have arunning joke here because
Heather doesn't watch too manymovies, but that's another story
for another day.
Okay, we got another coolreport the Media Service
Information Report.

(01:21:13):
This is one for the V-Leap forthe vehicles.
This was done by HeatherGeraldine and it's pretty neat,
so you need to go check it out.
Thanks to her, we can get thatinformation from cars.
And again over the summer Imean after the summer we're
going to be working hard onadding support to the vehicles

(01:21:34):
and really be an important toolwithin the sphere for those
things.
So I think that's it we havefor the V-Leaps, right?

Speaker 2 (01:21:41):
Yes.

Speaker 1 (01:21:41):
And for the Leaps in general.

Speaker 2 (01:21:43):
It is, it is.
So we're to everybody'sfavorite part after we've kept
you for 21 minutes longer.

Speaker 1 (01:21:50):
We're sorry, folks, sorry but, you know what.
This is our brand, so we likeit so hopefully you do too what
do we have next?

Speaker 2 (01:21:57):
so the meme of the week is our last.

Speaker 1 (01:22:00):
Let me get it up here and always the meme of the week
really brings out somefireworks.
Let me bring out my fireworks.
Hold on, oh, I brought thelasers.
I always bring the laser beams.
Oh, that's confetti.
No, there we go, fireworks.

Speaker 2 (01:22:17):
Okay.
So the meme of the week thisweek says when they bring the
phone in a Faraday bag but thecable cord is running outside
connected to power.
So I am sure that everybodythat's still here listening has
seen this before.
Thank you for possibly creatingan antenna for the device to
connect to a network.

(01:22:38):
I appreciate the effort ofputting it in the Faraday bag,
but do better.

Speaker 1 (01:22:45):
The antenna is so good that it not only connects
to the cell towers, now it'sconnected to starlink.
Yeah, the satellites in space.
Thank you very much.
I, I, I, I pick, I pick the.
The meme template is you knowthis?
This poor guy with contrary tosmile, but his eyes are red and
red and he's like about to cryyeah, oh, he's definitely about

(01:23:05):
to cry yeah, well, he's stilltrying to smile.
Yeah, that's me, that's me, andand look, folks, that's why I
talk about putting that contentand being part of the community.
Folks were putting all thesestories in linkedin about
different like whoa, like theguy that, or the folks that put
the telephone in a used potatochip bag yes, I saw that one.

(01:23:25):
Yeah, what look the?

Speaker 2 (01:23:26):
potato chip bag is not.
Oh, I saw that one.

Speaker 1 (01:23:28):
Yeah, what?
Look, the potato chip bag isnot going to work, but really
you could at least clean it.
Now you're giving me a phonethat's compromised and dirty.
Yeah, or more dirty than theyusually are, right.

Speaker 2 (01:23:40):
Right, exactly, maybe the potato chips made it
cleaner actually.

Speaker 1 (01:23:43):
Yeah, it's like a scrub Agent Brignone.
Why are those potato chips onthe phone?
It looks like it's consistentwith it.
I don't know, it wasn't me.
No, and there's a whole bunchof stories of folks you know the
folks that you know.
They leave the phone out andbefore they give it to you, you
just snuck it into the Faradaybag.

(01:24:04):
Yes, yes, and before they giveit to you, you just snuck it
into the Faraday bag yes, yes,you think I'm not going to
notice when I look at this phonethat you put it in the Faraday
bag at the last second.

Speaker 2 (01:24:13):
Right, or a little bit different topic?
Kind of Not really, but theybring it to you and it's AFU,
but it's not because they turnedit on on their ride over, but I
got it powered on.

Speaker 1 (01:24:26):
Of course it's on.
You can't see it uh okay ohlook, if you're not in this
field, you're trying to be slickabout it.
You know, don't?
Just, don't just just just tryto do the best you can with what
we told you and if not, don't.
Don't mess with it right?
Admit your mistake exactly growfrom it, like we were saying.

(01:24:48):
Anyways, I think that's it forthe show.
I think it's the longest showwe had so far.
It is?
it definitely is but I enjoyedit.
Hopefully you did as wellabsolutely every time, alright
everything.
Any last words for the group ofthe order Heather that's it.

Speaker 2 (01:25:07):
Thank you so much for everybody who came and joined
thank you everybody.

Speaker 1 (01:25:11):
We're gonna be back again you know, not this
Thursday that coming up, but theone over that with some, some
topics, some news again.
Thank you everybody andhopefully we'll go back to the
one hour standard.
Back to the one hour standard,yeah we will awesome, and with
that we all bid you uh adieu,see you later night.

(01:25:32):
Thank you good night, bye.

Speaker 2 (01:25:51):
Thank you you.

All Episodes

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

The Breakfast Club

The Joe Rogan Experience

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Apple Is At It Again, Changing Our Logicals!

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}On Purpose with Jay Shetty

The Breakfast Club

The Joe Rogan Experience

All Episodes

Apple Is At It Again, Changing Our Logicals!

On Purpose with Jay Shetty