Using a Lantern Acquisition in Windows

June 6, 2011 — Forensics, iOS Forensics, iPad, iPhone, iPhone Forensics, Lantern 2.0

My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?”  I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well.  So here it is using a case folder using the new Lantern 2.  This will also work using FTK.  Unfortunately I do not have FTK running in my VM, so this method can also work the same way.  For this demonstration I am using Parallels.  Just like it better now, but again, if you have VMware Fusion, this will work also.

1. Acquire an iDevice using Lantern.

2.  Start you Windows virtual machine

3. Depending on your VM software, set up file sharing

4. Copy the Lantern case file (the icon that looks like a briefcase) and bring it into Windows.  As you see in the following figure, the case file looks like a file folder.  The Lantern case file in 2.0 is an Apple/Mac package.  Basically a folder.  Windows 7 sees this package as a folder.

5. Open You windows base forensic tool, in this demonstration open Encase and create a case.

6. Then just drag and drop the Lantern folder into Encase as seen below,

7. Then you can run whatever process you care to do at this time.  It is just that simple!

For older Lantern version 1 case files.  It is essential a Zip file.  Just unzip the files and bring them into Encase or FTK using the same method as described above.  If you have any questions drop me an email.  info@katanaforensics.com