![]() ![]() These are screenshots of what the app was showing on screen when the user places the app in the background in order to have a different app in the foreground. ![]() One last artifact I wanted to highlight are the application snapshots. I find it easier to visualize the data in a nested columns and rows format. The following is a screenshot of the output of my JSON-to-HTML Python script for the exported JSON data. One technique is to export the data as a JSON file and use Python or other tools to create a report of the contents. The DraftImage object also contains additional metadata as image width and height.Īs you can imagine the analysis of a database made of object can get really difficult pretty fast as more objects are created and stored. The name provided will be the same as the one found in the database. ![]() To confirm one can go to the post and right-click save the image. The DraftImage object has the name of the image in the remoteidentifier field. The accountindentifier is self explanatory. The remoteidentifier is the post number used by Imgur in the website URL. The DrafPost object contains two important properties, the remoteidentifieer and the accounintidentifier. This screen shows the post tile and some metadata about the post. The image post has an entry in the DraftImage object at the top. This database separates the data in the post form the image that goes in the post. The left column identifies the objects and the right pane has the corresponding properties. The data seen in the previous image corresponds to me making a post to Imgur using the app. This application allows us to access the contents of Realm databases. This is due to having already installed Realm Studio. As seen in the next image my macOS computer identifies the datastore with a red and bluish icon. The Realm database we are looking for will be located in the Documents directory. The bottom window shows the application directory folders. Open the application directory for analysis. To figure out which one you want see the applicationstate.db entry for the app you want. See previous links for steps required.Ĭonnected from macOS to the phone via SSH. Locate the applicationstate.db file in order to identify where the Imgur user generated data resides. Open the checkra1n app and install Cydia. In order to locate a particular application folder, in our case the one for Imgur, within our full file system extraction see Nike iOS app example here: Īfter locating the application directory we can exported from the device or from the tar file for analysis. I use it as an example of the type of app that is used by millions of people that might come across your case work and your tools might not have the default capabilities to address at this moment. This post is not an exhaustive study of the Imgur iOS app. ![]() For details on how to approach Realm databases see my previous post on the topic here: The Imgur iOS app is one of the growing number of software development project that have moved from using SQLite databases to the Real database NoSQL data storage type. See the acqusition section for SSH here: ktx images natively.įor details on how to access a full file system of an iOS device see following: It is of note that Magnet Axiom has the capability of displaying. It is of note that Cellebrite Physical Analyzer has a database browser that is compatible with Realm databases.įor details on iOS snapshots and how to visualize them see here: *app folder details on Real databases and how to approach their examinations see here: *app folder GUID*/Library/Caches//default *app folder GUID*/Documents/default.realmĪll images accessed via the app, from images posted by the user to those seen as one navigates through the content the app presents, are found in the following location: The Imgur app keeps user generated post data in the following Realm database: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |