Chapter 5: Pattern-of-Life Forensics

In the previous chapter, we learned all about different kinds of artifacts that can be found on iOS devices, such as SQLite databases and plists, and how to manually analyze these files. In this chapter, we will use this knowledge to work with some of the most interesting databases from a forensics perspective, such as the KnowledgeC database, which is the go-to solution for pattern-of-life forensics.

Pattern-of-life data is all about the habits that the device owner carries out in their day-to-day life. When it comes to smartphones, this includes what apps have been used at any given point in time and for how long, when the device was unlocked, what the battery temperature was, and what webpage the user ...

Get iOS Forensics for Investigators now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

iOS Forensics for Investigators by Gianluca Tiepolo

Chapter 5: Pattern-of-Life Forensics

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly