Decoding iOS Data: A Step-by-Step Guide to Installing and Using iLEAPP

Written By Guest User

If you're involved in digital forensics or simply curious about extracting and analyzing data from iOS devices, iLEAPP is an indispensable open-source tool. In this guide, we'll walk you through the entire process of installing and using iLEAPP, so you can effectively parse iOS data. To make it even easier, we've included a helpful video tutorial by Sarah Hayes from Hexordia, so you can follow along visually. Lastly, we will document the steps of how to use the integrated version of iLEAPP on ATRIO MK II.  

What is iLEAPP?

iLEAPP (iOS Logs, Events, and Plists Parser) is a powerful, open-source tool designed to parse and interpret various data artifacts from iOS backups and file system dumps. It helps extract digital data like call logs, messages, location data, and more, presenting it in an easily readable HTML format.

Step 1: Installing Python 

Before we install and run iLEAPP, we need Python. Here's how to set it up:

  • Go to python.org: Head over to the official Python website and click "Downloads" (python.org).

  • Download Python 3: Grab the latest Python 3 release. In the video. Sarah installs 3.11.2.

  • Run the Installer: Execute the downloaded file.

  • Crucial Step: Add to PATH: Make sure you check the box that says "Add python.exe to PATH. "This is essential for iLEAPP to work correctly.

  • Install: Click "Install Now" and confirm any User Account Control prompts.

  • Complete: Wait for the installation to finish and click "Close."

Step 2: Downloading iLEAPP

Now, let's get iLEAPP from GitHub:

  • GitHub Repository: Navigate to the iLEAPP repository (github.com/abrignoni/iLeapp).

  • Download ZIP: Click the green "Code" button and select "Download ZIP."

  • Extract: Once downloaded, extract the ZIP file to a convenient location.

Step 3: Installing Dependencies

iLEAPP relies on a few dependencies. Follow these steps:

  • Open Command Prompt: Open the extracted iLEAPP folder and type "CMD" in the address bar, then press Enter.

  • Install Dependencies: Copy and paste the dependency installation command from the iLEAPP documentation into the command prompt.

  • Troubleshooting pyliblefs: If you encounter an error related to pyliblefs, you'll need to install Visual Studio Community with C++ desktop development tools (visualstudio.microsoft.com).

    • Run the Visual Studio installer and select "Desktop development with C++."

    • Install Visual Studio.

    • Re-run the dependency installation command after Visual Studio is installed.

  • Verify: Ensure the dependency installation completes without errors.

Step 4: Running iLEAPP

It's time to run iLEAPP!

  • Start iLEAPP GUI: In the command prompt, run the command to start the iLEAPP GUI.

  • Select Input: In the GUI, browse and select your iOS backup or file system dump.

  • Choose Output: Choose an output folder for the reports.

  • Select Artifacts: Select the artifacts you want to parse (or select all).

  • Process: Click "Process" and wait for iLeapp to finish.

  • Complete: Click "OK" when processing is done.

Step 5: Viewing the Reports 

iLEAPP generates HTML reports for easy viewing:

  • Open index.html: The index.html file will open automatically in your browser.

  • Navigate Artifacts: Use the left-hand navigation to explore different artifact data.

  • Access Reports Later: To view the reports again, navigate to the output folder and open index.html.

  • Other Exports: The output folder also contains other file exports, such as KML and TSB files.

Congratulations! You've successfully installed and used iLEAPP to parse iOS data. 

Running iLEAPP on ATRIO MK II

ATRIO MK II streamlines the process of using iLEAPP, making iOS data parsing incredibly straightforward. Follow these steps:

Step 1: Connect Your Data Source

  • Plug in the device (e.g., external hard drive, USB drive) that contains your iOS backup or file system dump into ATRIO MK II.

Step 2: Select iLEAPP on ATRIO MK II

  • On the ATRIO MK II keypad, navigate to the "Mobile Device" options.

  • Select "iLEAPP" from the available options.

Step 3: Connect Destination Drive

  • Plug in the destination drive (e.g., another external hard drive, USB drive) where you want to save the iLEAPP results. This is where the generated HTML reports will be stored.

Step 4: Initiate Processing

  • Confirm that the correct source drive (containing the iOS data) and destination drive are selected.

  • Simply select "Go" or "Start" on the ATRIO MK II interface.

Step 5: Review the iLEAPP Results

  • Once processing is complete, ATRIO MK II will generate the iLEAPP results in HTML format.

  • Connect the destination drive to a computer.

  • Open the index.html file in your web browser.

  • The iLEAPP reports will be displayed in an easy-to-navigate and understandable format, allowing you to review the parsed iOS data.

Key Advantages of Using ATRIO MK II:

  • Simplified Workflow: ATRIO MK II automates the complex digital forensics processes, making data accessible to users with minimal technical expertise.

  • Integrated Interface: The platform's user-friendly interface guides you through the process, eliminating the need for manual command entry.

  • Rapid Processing: ATRIO MK II optimizes iLEAPP's performance, enabling faster data parsing on a system that was built with purpose.

  • Organized Output: Results are presented in the familiar iLEAPP HTML format, ensuring easy navigation and data interpretation.

By integrating iLEAPP into the ATRIO MK II, users can transform iOS data parsing into a streamlined and efficient process. Want to learn more? Book a demo with our team today!

Live Demo



Guest User
Previous

Field-Tested Triage: How to Cut Evidence Processing Time in Half During Time-on-Target Operations
Next

Introducing ATRIO-OS 2.0