The evidence is iPhone 5s with iOS 9.1 and not jail breaked. I use UFED to do advanced logical extraction just now. All I know is that suspect did use Naver LINE a lot.
Unfortunately I did not recover any deleted LINE chat messages after advanced logical extraction. Only few messages left and those messages have nothing to do with this case. Where are those deleted messages now???
My colleague reminds me that the latest version of Naver LINE is 5.8.0 for iOS. Since LINE 5.3 and above, LINE added a new feature called "True Delete" which means wipe all deleted chat messages. Finally I realize that's the reason why I could not recover any deleted chat messages extracted by UFED.
浙公网安备 33010602011771号