As discussed in section 3, ArtEx is an open-source tool that is great for triage and forensic validation. In this example, we used ArtEx to validate our predictions on when an iPhone X running iOS 14.2 was wiped. As the slide shows, we select Device Wipe and are presented with a datetime for the wiping activity. Additionally, we can click on the file under Source and examine the native data. On the highlighted line, you will see the magic words, �this is an erase install.� A very important aspect of this file that was detected by Heather Mahalik and Ian Whiffin, as stated in their blog, is that this file stores all data in Pacific time.¹�It must be converted manually to the local time for the user. This log shows the time of 13:26:30 but the device was wiped at 16:26:30 since the user lives in Eastern time.

Reference:

[1] https://for585.com/wipeartifacts