I have full physical possession of the iPhone and can also supply complete Apple-ID and carrier-portal credentials. I need a certified mobile forensics specialist to perform a deep-dive examination that tells me, with defensible certainty, whether the device, the account, or the carrier introduced any unauthorized changes. Primary concerns • Call-forwarding or call-routing rules: when they were enabled, the exact numbers involved, and whether the action originated from the handset UI, an iCloud session, or a carrier-side request. • Presence of malware, spyware, or stalkerware: side-loaded apps, enterprise certificates, configuration profiles, jailbreak remnants, persistence daemons, or suspicious network activity. • SIM or eSIM manipulation: swaps, reprovisioning, or ICCID/IMSI anomalies that could affect messaging or voice traffic. Scope of work 1. Acquire the handset with forensically sound tools (e.g., Cellebrite UFED, Magnet AXIOM, or equivalent) and generate a hash-verified image. 2. Collect iOS sysdiagnose, analytics, and network logs, plus any carrier billing or call-detail records that can be pulled via the account. 3. Correlate timestamps to build a readable timeline of events, highlighting any configuration changes, provisioning updates, or suspicious binaries. 4. Preserve each artefact in an evidence folder structure with SHA-256 hashes. Deliverables (acceptance criteria) • A written report (PDF) explaining findings, methodology, and conclusions, suitable for legal proceedings. • An evidence package containing raw extractions, log files, and hash manifests. • Executive summary that clearly states whether unauthorized access or configuration changes were detected and how they occurred. Please confirm your certification level, preferred tooling, and estimated turnaround time.