Episode 5: I Beg to DFIR – How KnowledgeC.db Can Impact Your Investigation
Ronen Engler – Senior Manager, Technology and Innovation at Cellebrite
Heather Mahalik – Senior Director of Digital Intelligence at Cellebrite
Paul Lorentz – Senior Solutions Engineer at Cellebrite
Matt Goeckel – Solutions Engineer at Cellebrite
In this episode, we will talk about the importance of knowledgeC.db and how it can impact your investigations. KnowledgeC.db is probably one of the most important databases you can hope to recover from an iPhone.
Important data such as application usage, battery logs, media, and internet history are obtainable through this database. The application holds a treasure trove of information and it can ultimately help you discover a true “pattern-of-life” about a user.
Maybe you want to find out specifically what a user was doing on the device at a given time or how they were moving around on a device—from app to app, or who they’re talking to. Even discovering minute bits of data like if their backlight was on, or if the phone was in portrait mode or landscape mode can be revealed.
All of this data is contained in this one database. We want to bring your attention to it because if knowledgeC.db is something you aren’t specifically exploring in your investigations; you could be missing out on a ton of important information.
Register for the next iBeg to DFIR episode here.