Is it possible to determine when applications are downloaded and deleted in iOS?
Yes it is.
Jailbrake the device and check /var/log/* )
Many apps don't clean up well after removal, the dates of the remnant data could be also a lead.
I was not testing it yet but maybe it's worth a look The tool by
In order to use Apollo, you need a FS which you can only get from a jailbroken device or from a GK / ufed premium dump
In order to use Apollo, you need a FS which you can only get from a jailbroken device or from a GK / ufed premium dump
Not quite. APOLLO requires artefacts included in an encrypted iOS backup - ie Health database etc. It definitely doesn't have to be jailbroken to extract the required databases.
Once the device is jail broken what the best way to look at the root?
Hi,
If you want you can connect yourself to the phone with a gui client like putty or just bare SSH to connect to the terminal.
If you want to take the forensic path, you make an aquisition of the device and work with that.
M.
So the phone is jailbroken iOS 12.2
What is the next step to get a physical image?
You at least have to try and do some of the work yourself. You've literally been provided with all of the answers.