Introducing the Hexordia Syslog Monitor Tool
The iOS System Logging feature enables real-time monitoring of backend device operation. This feature was released for developers yet may provide valuable information as a secondary forensic data source. The Hexordia Syslog Monitor Tool is a convenient real-time Syslog monitor. Rather than generating the log on an iOS device and then extracting it to a PC, the tool establishes a debugging connection to continue monitoring the device.
Figure 1: Screencapture of the Hexordia Syslog Monitoring Tool recording data live from an iOS device
A log may be gathered from locked devices and sleeping devices permitted the device is connected to, and authenticated with, a PC.
Tool UI
Figure 2: Depiction showing each button on the interface
Table 1: Button prompts and their actions.
Tool Functionality
Figure 4: Zoom of screencapture showing the timestamps recorded by the tool
Notice that each line contains two datetime strings at the beginning. The second datetime string is provided by the connected device in <<Month, Day, HR:MIN:SEC>> format. If the device time is set incorrectly, this time will be incorrect.
The timestamp appended to the very beginning of the line is a UTC timestamp provided by the host PC. This timestamp will provide a true time of log collection in the case that the device time is incorrect.
For a deep dive into Sysdiagnose log artifacts, consider heading over to our HEX-222 Sysdiagnose Logs course: (Coming Soon)
Support and Compatibility
The tool supports mobile iOS devices running iOS 10 and greater. It has not yet been tested with Apple Watch and Apple TV devices although both support Sysdiagnose logs.
The tool is operable on Windows operating systems.
