ios-forensics-mcp
The iOS Forensics MCP Server is a tool for performing digital forensic analysis on iOS file systems. It allows users to interact with AI assistants to explore data extracts from iOS devices, focusing on tasks such as file system analysis, database parsing, and forensic reporting. It is designed as an educational tool in the field of digital forensics.
iOS Forensics MCP Server
A forensic analysis server for iOS file systems using the Model Context Protocol (MCP). This project enables AI assistants like Claude to access and analyze extracted iOS file systems for digital forensics purposes.
🔍 Overview
The iOS Forensics MCP Server provides tools for analyzing iOS device extractions, focusing on:
- File system analysis
- SQLite database parsing with WAL forensics
- Property List (plist) parsing
- iOS artifact analysis (messages, call logs, contacts, locations, etc.)
- Timeline generation
- Forensic reporting
This is designed as an educational/learning tool, allowing users to interact with an AI assistant to explore and analyze iOS data.
🚀 Features
-
File System Tools
- Directory navigation with metadata analysis
- File content viewing with type recognition
- File searching with content and pattern matching
-
SQLite Analysis
- Database discovery and schema analysis
- Secure query execution with WAL handling
- Deleted record recovery from freelist pages
- Database carving for deep forensic analysis
-
Plist Analysis
- Binary and XML plist parsing
- Value extraction with query paths
- Timestamp analysis
-
Specialized iOS Parsers
- Messages analyzer (SMS/iMessage)
- Call log analyzer
- Contacts analyzer
- Location data analyzer
- Browser history analyzer
- Photo geolocation extractor
- App data analyzer
-
Advanced Analysis
- Timeline generation across multiple data sources
- Pattern recognition for user behavior analysis
- Deleted data recovery
- Comprehensive reporting