Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS

03/17/2019
by   Tajvinder Singh Atwal, et al.
0

Spotlight is a proprietary desktop search technology released by Apple in 2004 for its Macintosh operating system Mac OS X 10.4 (Tiger) and remains as a feature in current releases of macOS. Spotlight allows users to search for files or information by querying databases populated with filesystem attributes, metadata, and indexed textual content. Existing forensic research into Spotlight has provided an understanding of the metadata attributes stored within the metadata store database. Current approaches in the literature have also enabled the extraction of metadata records for extant files, but not for deleted files. The objective of this paper is to research the persistence of records for deleted files within Spotlight's metadata store, identify if deleted database pages are recoverable from unallocated space on the volume, and to present a strategy for the processing of discovered records. In this paper, the structure of the metadata store database is outlined, and experimentation reveals that records persist for a period of time within the database but once deleted, are no longer recoverable. The experimentation also demonstrates that deleted pages from the database (containing metadata records) are recoverable from unused space on the filesystem.

READ FULL TEXT

page 1

page 2

page 3

page 5

page 6

page 7

page 8

page 9

research
07/14/2019

Metadata Extraction from Raw Astroparticle Data of TAIGA Experiment

Today, the operating TAIGA (Tunka Advanced Instrument for cosmic rays an...
research
06/21/2023

A Hierarchical Approach to exploiting Multiple Datasets from TalkBank

TalkBank is an online database that facilitates the sharing of linguisti...
research
09/12/2018

Evaluation of Semantic Metadata Pair Modelling Using Data Clustering

Metadata presents a medium for connection, elaboration, examination, and...
research
05/13/2021

Forensic Analysis of Video Files Using Metadata

The unprecedented ease and ability to manipulate video content has led t...
research
07/18/2022

ir_metadata: An Extensible Metadata Schema for IR Experiments

The information retrieval (IR) community has a strong tradition of makin...
research
02/06/2019

Close-reading of Linked Data: a case study in regards to the quality of online authority files

More and more cultural institutions use Linked Data principles to share ...
research
06/20/2019

Cleaning Noisy and Heterogeneous Metadata for Record Linking Across Scholarly Big Datasets

Automatically extracted metadata from scholarly documents in PDF formats...

Please sign up or login with your details

Forgot password? Click here to reset