This section covers mobile devices created by Apple, which utilize the iOS operating system. Based on Unix, iOS is similar to Apple macOS but specifically designed for mobile devices. It includes a range of security features, such as encryption, secure boot, and more to protect user data. Since Apple devices do not support SD cards, all the data is stored on the internal NAND flash drive. The most common data formats you will see when analyzing iOS devices are SQLite and Plist.

9.1 File System

Modern iOS employs the Apple File System (APFS), a modern and efficient file system that was introduced in iOS 10.3.¹ APFS is designed to leverage the latest storage technologies, such as solid-state drives (SSD) and flash storage, and is optimized for SSDs with low latency in mind. APFS has become the de facto file system for iOS, tvOS, and watchOS. Security features include full disk encryption and file-based encryption.

The iOS file system is organized in a hierarchical structure, with directories and files arranged in a tree-like pattern, similar to Linux, with (“/”) being the root directory. Here are some of the key directories within the iOS file system includes:

• /Library: This directory contains system-wide resources, such as fonts, preferences, and configuration files.
• /Applications: This directory holds the built-in applications that come preinstalled on iOS devices.
• /private/var: This directory is used for storing variable data, such as caches, temporary files, and user-specific ...