Knowledge Store (knowledgeC.db)
Location
private/var/mobile/Library/CoreDuet/Knowledge/knowledgeC.dbDescription
CoreDuet SQLite database that serves as the central knowledge store for iOS, recording a wide range of user activity events including app usage with foreground/background state, device lock/unlock events, media playback, Safari browsing, device plug-in state, and Siri interactions. Each event record contains start and end timestamps, the source bundle ID, and structured metadata specific to the event type.
Forensic Value
knowledgeC.db is one of the most forensically valuable databases on iOS, providing a comprehensive timeline of device usage that spans app foreground time, screen on/off events, device locked/unlocked transitions, and active media playback. App usage records with start and end timestamps reveal exactly which applications were being used at any given time, enabling reconstruction of the user complete device interaction timeline. Lock/unlock events establish when the device was actively in use. This database retains historical data for extended periods and is particularly valuable for establishing device usage patterns and proving that specific apps were actively used at specific times.