The FBI has managed to access messages from the Signal application deleted from an iPhone through the notification history that is saved locally on the device itself.
The case, reported by the specialized media 404Media, explains a technique of forensic extraction on iPhoneone of the devices that pose the most problems to authorities when recovering information due to solutions such as blocking or hiding applications, Secure Enclave, passwords for applications or restart due to inactivity, among others.
On this occasion, it was intended to access the messages with the application’s self-deletion setting Signal of one of those accused of launching fireworks and vandalizing property at the ICE detention center and shooting a police officer.
The messages could be recovered even after the application messaging would have been deleted from the iPhoneas explained to the aforementioned media by several people present in the FBI testimony during the trial that recently took place.
To obtain copies of the messages, the forensic analysis focused on the iPhone’s ‘push’ notification history, which locally saved copies of incoming messages. This was also possible; the notifications showed the entire message, since the information they could display had not been limited in the application itself.
Signal has an option that allows you to configure the content that is displayed in a notification about incoming messages: el contact name and message textjust the name, no name or message.
