Back2Baseline

Case File

Source Archive

sysdiagnose_2024.03.15_14-32-18.tar.gz

Analysis Date

3/15/2024

Artifacts

2,298 files (282 MB)

Archive SHA-256

a3f2c8e91b4d5a6f...

Anomalies detected across 5 artifact families

Total Findings6

2 Critical

4 High

Attack Chain Analysis

5 phases activated — multiple artifact families corroborate anomalies

Findings

6 of 6

CRITICALsuppressionF-040

iMessage end-to-end encryption is NOT active

The system-level PCStatus data shows the private identity certificate required for iMessage encryption is missing. Your iMessages are not encrypted end-to-end, regardless of what the Settings app may display.

Evidence

[logs/PCStatus/PCStatus.plist] identityPrivate: MISSING

[logs/PCStatus/PCStatus.plist] identityPublic: present

[computed] E2E encryption capability: DISABLED

Recommendation

Your messages are currently not encrypted. Use an alternative encrypted messenger (Signal, WhatsApp) for sensitive communications until this is resolved. A full device restore may be required to regenerate encryption certificates.

CRITICALtimingF-030

138 boot records with 0 UUID overlap — timing infrastructure inconsistent

HIGHpermissionsF-031

Unknown app has access to Microphone, Camera, and Location

HIGHexfiltrationF-032

47 routes to unknown servers through cellular baseband

HIGHexfiltrationF-034

47GB sent through cellular baseband — bypasses iOS monitoring

HIGHcollectionF-024

3.2GB of network traffic iOS cannot identify the source of

Network Indicators

Type	Value	Context	Owner	First Seen ↓
IP	`[hidden — scan your device]`	TCP ESTABLISHED	Unknown	3/15/2024
IP	`[hidden — scan your device]`	pdp_ip0 route destination	Unknown	3/14/2024
IP	`[hidden — scan your device]`	pdp_ip0 route destination	Unknown	3/14/2024
Domain	`[hidden — scan your device]`	swcutil registration	Unknown	3/12/2024
Domain	`[hidden — scan your device]`	swcutil registration	Unknown	3/10/2024

Analysis Timeline

F-040CRITICAL

iMessage end-to-end encryption is NOT active

F-030CRITICAL

138 boot records with 0 UUID overlap — timing infrastructure inconsistent

F-031HIGH

Unknown app has access to Microphone, Camera, and Location

F-032HIGH

47 routes to unknown servers through cellular baseband

F-034HIGH

47GB sent through cellular baseband — bypasses iOS monitoring

F-024HIGH

3.2GB of network traffic iOS cannot identify the source of

Forensic Documentation

Integrity Verification

Analysis performed on original archive without modification. Cryptographic hashes enable independent verification.

Analysis Timestamp (UTC)

2024-03-15T14:32:18Z

Tool Version

baseline-engine v2.4.1

Source Archive SHA-256

a3f2c8e91b4d5a6f7c8e9d0b1a2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1

Evidence Preservation

Export and store this report (JSON) securely
Preserve the original archive without modification
Document archive provenance (when/how created)
Record chain of custody

This is sample data demonstrating report format.

Analyze Your Archive