top of page

Keep in mind that iPhones use a particular method to track the smartphone's location known as 'significant locations'. This function can be accessed under Privacy and Security in Location Services.




. . . after the list of app specific settings in Location Services you'll find 'System Services' [note the color coded flag of a gray arrow showing that an app has tracked the phone's location in the last 24 hours and a purple arrow when an app has tracked the location very recently.]




Scroll down and you'll see the 'Significant Locations' option.





Apple states that the location data is encrypted, and that it cannot access it itself - (unless it is subpoenaed to produce it??).




The Apple policy linked to under 'Significant Locations' states that it uses the data to track the movements of groups of people and automobile traffic. Note that Apple also reserves the ability to estimate your location based on your IP address.





If you have a flash drive or disc from which you want to access a program when booting up in BIOS, the data can be saved in an .iso file - which acts as a virtual drive. The .iso image file holds the data in binary format. However you cannot download an .iso file and simply copy it to a flash drive, the standard way in Windows Explorer. To save an .iso file to a flash drive, use a free utility named Rufus, which is available here. Use the portable, or standalone version, which does not need to be installed:



[FWIW, I scanned it using Bitdefender and it was clean.] Rufus will run from the downloaded executable file and give you the option to select which flash drive you want to add an .iso image to



Rufus may take 15 minutes or more to copy an .iso file to flash drive. I used it to add the .iso file for Hiren's BootCD PE to the flash drive - it downloads from the site as a single file, 'HBCD_PE_x64.iso'. [Hiren's includes several data recovery tools, and I needed to use it to check if the drive of an old laptop I was decommissioning had been successfully wiped.].



It will take Rufus longer than an hour to add a 3 GB file to a flash drive.


When the Hiren Boot .iso file is added, you will see multiple files and folders.

I inserted the flash drive into the laptop that I wiped, and pressed F12 [the laptop was a Toshiba - other hardware may require another function key] to enter BIOS - the firmware. The flash drive was recognized:

. . . .Hiren's BootCD PE successfully ran:



  • Mar 20, 2024

If you're curious as to whether or not a forensic examination of a computer can determine if

folders were renamed or deleted, or even simply accessed on a device inquire about the possibility of analyzing shellbags. Shellbags are stored in a file named UserClass.dat in the Windows Registry . The timestamps and other data are encoded in hexadecimal - the numbering system employed by developers that uses 16 symbols (0-9 and A-F) rather than the standard decimal system.


Companies such as Privazer have applications which cannot only display last accessed and modified times for directories which are stored in shellbags but also erase that data as well.


Shellbag data is hard to remove. A new folder or zip file which is created in place of an old one with the same name will inherit its shellbag data. Opening a folder, copying a folder, renaming a folder, deleting a folder, or even simply selecting or right clicking on a folder will generate shellbag data.

Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page