Add new and update existing references

content/posts/knowledge/Mobile Verification Toolkit for Android and iOS.md

@@ -9,7 +9,7 @@ One of the key principle components involved in maintaining both strong privacy
 
 Building on this, both independent and mainstream media are constantly awash with stories regarding the frequent discoveries of sophisticated malware installed on users phones that have the ability totally compromise a device by giving external parties effectively root access. The most well-known of these variants of spyware target hitherto unknown zero-day exploits as thoroughly discussed by [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) and [The Citizen Lab](https://citizenlab.ca/).
 
-For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [6](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [7](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [8](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [9](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [10](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [11](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), [Cytrox](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), and [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/).
+For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) [6](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [7](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [8](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [9](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [10](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [11](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [12](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/), [13](https://citizenlab.ca/2023/05/cr1-armenia-pegasus/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), [Intellexa](https://blog.talosintelligence.com/mercenary-intellexa-predator/) ([Cytrox](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/)), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), and [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/).
 
 It should also be recognised and stressed that being targeted by complex mercenary spyware is an expensive undertaking and so the overwhelming majority individuals are very unlikely to be affected. The confirmed targets involve politicians, activists, developers of AI-based guidance systems, lawyers, journalists, and whistleblowers. See The Citizen Lab's [publication list](https://citizenlab.ca/publications/) for more references.
 
@@ -22,8 +22,8 @@ Fortunately, [Amnesty International Security Lab](https://www.amnesty.org/en/tec
 MVT analyses your device for a broad range of known historical indicators of compromise obtained from a wide range of sources including [Amnesty Tech](https://github.com/AmnestyTech/investigations) and [Echap](https://github.com/AssoEchap/stalkerware-indicators). As such, use of this tool can not provide any sort of guarantee against an attack from a sophisticated actor as they would be well-aware of what MVT is capable of detecting. Note the tool is currently only accessible using the command line interface.
 
 The software can be installed from some of the following sources:
-- Arch Linux [package](https://archlinux.org/packages/community/any/mvt/)
+- Arch Linux [package](https://archlinux.org/packages/extra/any/mvt/),
-- GitHub [repository](https://github.com/mvt-project/mvt)
+- GitHub [repository](https://github.com/mvt-project/mvt), and
 - PyPi [package](https://pypi.org/project/mvt/)
 
 For iOS/iPadOS devices, if you decide to back up data with `libimobiledevice` instead of iTunes, you may need to install from source using a `git clone` of the [repository](https://github.com/libimobiledevice/libimobiledevice) as opposed to using the latest [release](https://github.com/libimobiledevice/libimobiledevice/releases) in order for it to be compatible with more recent iOS/iPadOS releases as there can often be a large time delay between `libimobiledevice` releases.
@@ -49,9 +49,9 @@ Overall, the disclaimer is more than reasonable since on the balance of probabil
 
 Therefore we highlight a few strict requirements prior to using `mvt`. First ensure you have full control over the desktop/laptop used to conduct the scan, do not use shared or work computers. The desktop/laptop operating system must also be hardened as much as feasibly possible.
 
-Next, for transferring internal mobile device content, ensure the data is only ever copied to encrypted storage media. Never under any situation use a unencrypted device to store and analyse the mobile device data since data recovery of ‘deleted’ files is very mature profession [[12](https://en.wikipedia.org/wiki/Data_recovery), [13](https://en.wikipedia.org/wiki/Data_erasure), [14](https://docs.bleachbit.org/doc/shred-files-and-wipe-disks.html)].
+Next, for transferring internal mobile device content, ensure the data is only ever copied to encrypted storage media. Never under any situation use a unencrypted device to store and analyse the mobile device data since data recovery of ‘deleted’ files is very mature profession [[1b](https://en.wikipedia.org/wiki/Data_recovery), [2b](https://en.wikipedia.org/wiki/Data_erasure), [3b](https://docs.bleachbit.org/doc/shred-files-and-wipe-disks.html)].
 
-For maximum privacy the author advises the use of [VeraCrypt](https://www.veracrypt.fr/en/Home.html) volumes as these enable robust cross-platform compatibility allowing the seamless construction of containers with predetermined size using unmodified existing desktop OS installations. Additionally, while there are countless alternatives methods to securely store data such as other disk encryption software or even the use of RAM disks, we ultimately leave this decision to the reader. Regarding the recommendation of VeraCrypt, there exists substantial evidence from very experienced and well-established ([nation-state-sponsored](https://www.elcomsoft.com/company.html)) practitioners [[15](https://blog.elcomsoft.com/2020/01/a-comprehensive-guide-on-securing-your-system-archives-and-documents/), [16](https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/), [17](https://blog.elcomsoft.com/2021/06/breaking-veracrypt-obtaining-and-extracting-on-the-fly-encryption-keys/)] detailing its strengths (despite some theoretical limitations discussed across various online forum threads). In short, the 75 possible unique combinations of [symmetric encryption algorithms](https://www.veracrypt.fr/en/Encryption%20Algorithms.html) and [hashing algorithms](https://www.veracrypt.fr/en/Hash%20Algorithms.html) (without any of their respective specifics being stored in the disk header), variable [PIM](https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20(PIM).html) selection, and also the ability to create [hidden volumes](https://www.veracrypt.fr/en/Hidden%20Volume.html) are only some of the reasons that make VeraCrypt a good default choice.
+For maximum privacy the author advises the use of [VeraCrypt](https://www.veracrypt.fr/en/Home.html) volumes as these enable robust cross-platform compatibility allowing the seamless construction of containers with predetermined size using unmodified existing desktop OS installations. Additionally, while there are countless alternatives methods to securely store data such as other disk encryption software or even the use of RAM disks, we ultimately leave this decision to the reader. Regarding the recommendation of VeraCrypt, there exists substantial evidence from very experienced and well-established ([nation-state-sponsored](https://www.elcomsoft.com/company.html)) practitioners [[1c](https://blog.elcomsoft.com/2020/01/a-comprehensive-guide-on-securing-your-system-archives-and-documents/), [2c](https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/), [3c](https://blog.elcomsoft.com/2021/06/breaking-veracrypt-obtaining-and-extracting-on-the-fly-encryption-keys/)] detailing its strengths (despite some theoretical limitations discussed across various online forum threads). In short, the 75 possible unique combinations of [symmetric encryption algorithms](https://www.veracrypt.fr/en/Encryption%20Algorithms.html) and [hashing algorithms](https://www.veracrypt.fr/en/Hash%20Algorithms.html) (without either of their respective specifics being stored in the disk header), variable [PIM](https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20(PIM).html) selection, and also the ability to create [hidden volumes](https://www.veracrypt.fr/en/Hidden%20Volume.html) are only some of the reasons that make VeraCrypt a good default choice.
 
 If using VeraCrypt, simply create a new volume prior to a scan and only use this volume for all `mvt` related data. For typical devices the required VeraCrypt volume size for `mvt` outputs depends on the length of history of the device, allocating 1GB should generally be more than sufficient for most cases involving Android devices. For iOS/iPadOS devices, since the entire contents of the devices must also be transferred, allocated volume size must be sufficiently greater than double the size of the all data stored on the mobile devices.