@inproceedings{de600a8737654145ba99a20bd59d68da,
title = "Analysis of iOS SQLite Schema Evolution for Updating Forensic Data Extraction Tools",
abstract = "Files in the backup of iOS devices can be a potential source of evidentiary data. Particularly, the iOS backup (obtained through a logical acquisition technique) is widely used by many forensic tools to sift through the data. A significant challenge faced by several forensic tool developers is the changes in the data organization of the iOS backup. This is due to the fact that the iOS operating system is frequently updated by Apple Inc. Many iOS application developers release periodical updates to iOS mobile applications. Both these reasons can cause significant changes in the way user data gets stored in the iOS backup files. Moreover, approximately once every couple years, there could be a major iOS release which can cause the reorganization of files and folders in the iOS backup. Directories in the iOS backup contain SQLite databases, plist files, XML files, text files, and media files. Android/iOS devices generally use SQLite databases since it is a lightweight database. Our focus in this paper is to analyze the SQLite schema evolution specific to iOS and assist forensic tool developers in keeping their tools compatible with the latest iOS version. Our recommendations for updating the forensic data extraction tools is based on the observation of schema changes found in successive iOS versions.",
keywords = "Mobile forensics, SQLite schema, iOS SQLite database evolution, iOS app forensics, iOS data extraction",
author = "Shimmi, {Samiha S.} and Gokila Dorai and Umit Karabiyik and Sudhir Aggarwal",
note = "Funding Information: VI. ACKNOWLEDGEMENT This project was supported in part by an extension to Award No. 2016-MU-CX-K003, awarded by the National Institute of Justice, Office of Justice Program, U.S. Department of Justice. The opinions, findings and conclusions or recommendations expressed in this publication/program/exhibition are those of the author(s) and do not necessarily reflect those of the Department of Justice. Publisher Copyright: {\textcopyright} 2020 IEEE.; 8th International Symposium on Digital Forensics and Security, ISDFS 2020 ; Conference date: 01-06-2020 Through 02-06-2020",
year = "2020",
month = jun,
doi = "10.1109/ISDFS49300.2020.9116208",
language = "English (US)",
series = "8th International Symposium on Digital Forensics and Security, ISDFS 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
editor = "Asaf Varol and Murat Karabatak and Cihan Varol and Songul Karabatak",
booktitle = "8th International Symposium on Digital Forensics and Security, ISDFS 2020",
}