Sarah Edwards has posted her research of knowledgeC.db database. This database can be found on macOS and iOS devices. On Mac systems there is a system context database located in the /private/var/db/CoreDuet/Knowledge directory, and a user context database is located in the userâs ~/Library/Application Support/Knowledge/ directory. On iOS there is only one main knowledgeC.db database located in /private/var/mobile/Library/CoreDuet/Knowledge/. Full post can be found here.
Home Tips & Tricks Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
-
Triage Image Creation
This episode of “Introduction to Windows Forensics” covers triage image creati… -
Netflix -Windows 10 Appstore Forensics
Justin Boncaldo has written a post about forensic analysis of Netflix app. It seems the ap… -
Efficiently Summarizing Web Browsing Activity
Reviewing web browsing activity is relevant in a wide variety of DFIR cases. With many use…
Load More Related Articles
-
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use âCreate Remote Threadâ e… -
Robust Use of PsExec That Doesnât Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin passwo… -
Beyond good ol’ LaunchAgent – part 0
Pasquale Stirparo has started a post series about macOS persistense mechanisms titled R…
Load More In Tips & Tricks
