Sarah Edwards has posted her research of knowledgeC.db database. This database can be found on macOS and iOS devices. On Mac systems there is a system context database located in the /private/var/db/CoreDuet/Knowledge directory, and a user context database is located in the user’s ~/Library/Application Support/Knowledge/ directory. On iOS there is only one main knowledgeC.db database located in /private/var/mobile/Library/CoreDuet/Knowledge/. Full post can be found here.
Home Tips & Tricks Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
-
Tools up: the best software and hardware tools for computer forensics
Igor Mikhailov is a digital forensic analyst of the digital forensic laboratory at Group-I… -
Following the RTM
Researchers became aware of the activities of the RTM group in December 2015. Since then, … -
Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)
As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we…
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
