Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMP47370 Data and Database Forensics > Lecture 12: Case study 2: iOS Forensics > Flashcards

Lecture 12: Case study 2: iOS Forensics Flashcards

1
Q

What can we find in iOs?

A
  • Contacts: Addressbook.sqlite
  • Call History: call_history.db
  • Chats: ChatStorage.sqlite
  • Calendar: Calendar.sqlitedb/Extras.db
  • SMS: sms.db
  • Location: consolidated.db
  • notes.sqlite
  • photos.sqlite
  • voicemail.db
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to recover contact information?

A
  1. Examine the schema of ABPerson table
  2. Retrieve all information from the ABPerson
  3. Examine the schema of other tables– ABMultiValue, ABMultiValueEntry, ABRecent, …
  4. Retrieve information from the ABPerson,
    ABMultivalue, ABMultiValueEntry,
    ABMultiValueLabel tables
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Retrieving Call History Information

A

call_history.db (changed to: Callhistory.storedata)
important table = call (ZCALLRECORD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Retrieve type of call

A
  • 4: incoming
    – 5: outgoing
    – 8: blocked
    – 16: Facetime

ZORIGINATED = 0 THEN Incoming
ZORIGINATED = 1 THEN Outgoing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Retrieve sms info

A

sms.db
Important tables : message, sqlite_sequence, msg_group, group_member, msg_pieces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

COMP47370 Data and Database Forensics (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions