War against the iPhone’s consolidated.db

Individuals familiar with iPhone forensic analysis will be quite familiar.  As far as my research has taken me, I am able to gather previous locations of the iPhone from the database, all contained in the ‘CellLocationLocal’ table.  But the database has more tables…interesting…

So I’ve been looking at the ‘WifiLocation’ and ‘CellLocation’ table, and discovered a few interesting things.  Some of the results gave me locations in countries such as Turkey, which I haven’t actually ever been to.  It’s common knowledge with this database that the time stamps are generated as some kind of batch method in these tables, because the time stamp value can be the same for multiple  geolocations.  I find this very very interesting.

To further matters, tables such as ‘CellLocationBoxes_node’ appear to store some kind of data as a hex string.  Further research is needed!

My theory is, for the moment, that these values are not locations of the phone, but instead locations looked at by the device, via the Google maps app or other applications.  Looks like I’ve got my second piece of research for my summer break!  I’ll post my findings and see if I can finally get to the bottom of all the data stored in this database.

About these ads

17 thoughts on “War against the iPhone’s consolidated.db

  1. Stephen Payne says:

    Actually this data collection was explained last year in WWDC 2010 by several Apple Devs. It is by design to enhance GPS features on the phone. The device keeps a DB of the Wifi and Cell tower locations. Assuming most people travel about the same course, when they use the Maps feature or other location based apps, the apps are fire up CLLocationManager. The results from this Class is much faster with the these DBs in place. Maybe in the future this data will by encrypted…?

  2. Stephen Payne says:

    Another note I forgot after posting. One of the features of iOS 4+ is enhanced battery life. Apple looked at what task/process uses the most juice. Firing up the different antennas was the clear winner. By keeping a geo DB of towers and APs the device can spend less time with the antennas fired up, subsequently reducing battery draw.

  3. [...] feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe they’re doing it because [...]

  4. [...] feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe they’re doing it because [...]

  5. [...] the first to have noticed the file, as their FAQ notes. Ryan Neal, a computer forensics student, has begun researching this file, with which, he says, “Individuals familiar with iPhone forensic analysis will be quite [...]

  6. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it [...]

  7. [...] feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe it’s a just a consequence of the [...]

  8. [...] feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe it’s a just a consequence of [...]

  9. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it [...]

  10. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it [...]

  11. [...] Levinson — Right from launch, we had an FAQ pointing to articles by people like Ryan Neal and Paul Courbis who had found this file (consolidated.db) before, but hadn’t understood or [...]

  12. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it [...]

  13. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make [...]

  14. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it [...]

  15. [...] the first to have noticed the file, as their FAQ notes. Ryan Neal, a computer forensics student, has begun researching this file, with which, he says, “Individuals familiar with iPhone forensic analysis will be quite [...]

  16. [...] feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe it’s a just a consequence of the background [...]

  17. [...] “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s