🍏 iOS Artefacts

Apple Security

Apple is very well known for its value of security and the advanced security mechanisms. I personally found it hard sometimes to understand specific technical controls. This is why I am writing this little article. Smartphones are known to be more secure than desktops for they are also more MOBILE and tend to get lost a lot. That’s why MacBooks tend to get closer and closer to smartphones in terms of security.

Databases

KnowledgeC, CellularUsage and several other databases store a lot of interesting information.

Backups

This is about … .

Geo

/private/var/mobile/Containers/Data/Application/[APPGUID]/Library/Maps/GeoHistory.mapsdata /private/var/mobile/Containers/Data/Application/[APPGUID]/Library/Maps/GeoBookmarks.plist /private/var/mobile/Library/Caches/com.apple.routined/Cache.sqlite /private/var/mobile/Library/Caches/com.apple.routined/Local.sqlite References Expand… Something here

iOS Logs

Same as for macOS. On iOS - /private/var/.fseventsd, for System: /.fseventsd and Developer Patch at /DeveloperPatch/.

Processes

RAM

For mobile platforms (iOS and Android) there is currently no tool available to get a full copy of RAM.

iOS Config

Application Permissions: • HomeDomain-Library/TCC/TCC.db • /private/var/mobile/Library/TCC/TCC.db

iOS Keychain

In this article I’m trying to study how keychain works. Metaphor There once lived a monkey 🐒 George.