DFIR Review

iOS Mobile Installation Logs

0
Updated

Research

White papers
  • Apple
  • DFIR Review
  • iOS

In the last two blog posts I wrote about ways of obtaining a list of currently installed apps and their corresponding app directories from an iOS file system extraction. My usual method is to query the contents of the applicationState.db file to find the app bundle id and what directory GUID like name corresponds to it. By finding the proper directory one can focus on the data stores it contains for parsing of user generated data when our forensic tools are not aware of them.

Attachments

  • File Description
    File Size
    File Type
    Downloads
  • iOS Mobile Installation Logs
    1 MB
    14