Analysis of iOS SQLite Schema Evolution for Updating Forensic Data Extraction Tools

Samiha S. Shimmi, Gokila Dorai, Umit Karabiyik, Sudhir Aggarwal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Files in the backup of iOS devices can be a potential source of evidentiary data. Particularly, the iOS backup (obtained through a logical acquisition technique) is widely used by many forensic tools to sift through the data. A significant challenge faced by several forensic tool developers is the changes in the data organization of the iOS backup. This is due to the fact that the iOS operating system is frequently updated by Apple Inc. Many iOS application developers release periodical updates to iOS mobile applications. Both these reasons can cause significant changes in the way user data gets stored in the iOS backup files. Moreover, approximately once every couple years, there could be a major iOS release which can cause the reorganization of files and folders in the iOS backup. Directories in the iOS backup contain SQLite databases, plist files, XML files, text files, and media files. Android/iOS devices generally use SQLite databases since it is a lightweight database. Our focus in this paper is to analyze the SQLite schema evolution specific to iOS and assist forensic tool developers in keeping their tools compatible with the latest iOS version. Our recommendations for updating the forensic data extraction tools is based on the observation of schema changes found in successive iOS versions.

Original languageEnglish (US)
Title of host publication8th International Symposium on Digital Forensics and Security, ISDFS 2020
EditorsAsaf Varol, Murat Karabatak, Cihan Varol, Songul Karabatak
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728169392
DOIs
StatePublished - Jun 2020
Event8th International Symposium on Digital Forensics and Security, ISDFS 2020 - Beirut, Lebanon
Duration: Jun 1 2020Jun 2 2020

Publication series

Name8th International Symposium on Digital Forensics and Security, ISDFS 2020

Conference

Conference8th International Symposium on Digital Forensics and Security, ISDFS 2020
CountryLebanon
CityBeirut
Period6/1/206/2/20

Keywords

  • iOS app forensics
  • iOS data extraction
  • iOS SQLite database evolution
  • Mobile forensics
  • SQLite schema

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computational Mathematics
  • Law

Fingerprint Dive into the research topics of 'Analysis of iOS SQLite Schema Evolution for Updating Forensic Data Extraction Tools'. Together they form a unique fingerprint.

Cite this