ATRIO Integrates Evanole: Real-Time iOS Syslogs

Exciting news in the digital forensics world—ATRIO is now integrating Evanole by Hexordia! This powerful update enhances live iOS system traffic acquisition, giving Digital Forensics and Incident Response (DFIR) examiners even more actionable insights.

What is Evanole?

Evanole is a forensic tool developed by Hexordia to acquire and parse real-time system traffic from iOS devices. By leveraging system logs, Evanole provides examiners with a deeper understanding of device activity, network connections, and system diagnostics—all in real-time.

What is a Syslog?

A Syslog, or iOS System Log, is a critical forensic artifact that captures system functions, application crashes, and networking events. While these logs are often dense and highly technical, Evanole helps streamline the data, highlighting key forensic artifacts relevant to an investigation.

Why is This Integration Important?

While raw system logs can be lengthy and complex, Evanole helps make sense of them by acquiring, parsing, and presenting key information. With ATRIO’s integration, examiners can now expect an even faster, more intuitive workflow, ensuring that crucial device insights are readily available for analysis. Plug the device in, select Evanole 🦎, then select “Go”. The data is then collected, parsed, and presented in an easy to read format.

What Information Can You Expect from Syslogs?

Syslogs can reveal a wealth of forensic data, including:
✅ General system information – Device uptime, reboots, and more
✅ Network connection details – Active Wi-Fi networks, VPNs, and data transfers
✅ Diagnostic application data – App crashes, performance issues, and forensic artifacts
✅ Additional system events – Bluetooth activity, background app refreshes, and more

Why Are Sysdiagnose Logs Important for Investigations?

Sysdiagnose logs capture live, real-time data from an iOS device, providing a critical digital snapshot of system activity at the moment of collection. This is especially valuable when identifying a phone belonging to a victim or suspect, as it can reveal recent network connections, active applications, and device interactions that help confirm ownership, usage, or intent. With Evanole’s ability to parse and extract key forensic artifacts, investigators can uncover relevant details without sifting through overwhelming volumes of raw log data.

Stay Tuned for More Updates!

As ATRIO and Evanole continue to evolve, expect even more powerful features to be added. Keep an eye on upcoming releases and training opportunities to ensure you’re getting the most out of this forensic powerhouse.

Want to see the tool in action? Sign up for a live demo.