hi, I have analyzed an iphone with its applications and have some apps with only have a .plist for example an app called "Ireshet" which is shown under "com.yourcompany.iReshet".
I checked on itunes and the app is By Applicaster Ltd.
check on whois to see who is "yourcompany.com" and got this
Reverse Whois "Whois Privacy Services Pty Ltd" was found in about 520,065 other domains Email Search is associated with about 836,162 domains
Registrar History 2 registrars NS History 23 changes on 13 unique name servers over 11 years. IP History 66 changes on 33 unique IP addresses over 9 years. Whois History 237 records have been archived since 2003-05-24 . Reverse IP 878 other sites hosted on this server. Join DomainTools to start monitoring this domain name Preview the complete Domain Report for yourcompany.com
Domain Name yourcompany.com
Registry Domain ID
Registrar URL http//
Updated Date 2012-06-18T121732Z
Creation Date 1998-01-28T050000Z
Registrar Registration Expiration Date 2018-01-27T000000Z
Registrar FABULOUS.COM PTY LTD.
Registrar IANA ID 411
Registrar Abuse Contact Email
Registrar Abuse Contact Phone +61.730070015
Reseller N/A
Domain Status clientDeleteProhibited
Domain Status clientTransferProhibited
Registry Registrant ID N/A
Registrant Name Domain Hostmaster, Customer ID 64451706100617
Registrant Organization Whois Privacy Services Pty Ltd
Registrant Street PO Box 923
Registrant City Fortitude Valley
Registrant State/Province QLD
Registrant Postal Code 4006
Registrant Country AU
Registrant Phone +61.730070090
Registrant Phone Ext N/A
Registrant Fax +61.730070091
Registrant Fax Ext N/A
Registrant Email
Registry Admin ID N/A
Admin Name Domain Hostmaster, Customer ID 64451706100617
Admin Organization Whois Privacy Services Pty Ltd
Admin Street PO Box 923
Admin City Fortitude Valley
Admin State/Province QLD
Admin Postal Code 4006
Admin Country AU
Admin Phone +61.730070090
Admin Phone Ext N/A
Admin Fax +61.730070091
Admin Fax Ext N/A
Admin Email
Registry Tech ID N/A
Tech Name Domain Hostmaster, Customer ID 64451706100617
Tech Organization Whois Privacy Services Pty Ltd
Tech Street PO Box 923
Tech City Fortitude Valley
Tech State/Province QLD
Tech Postal Code 4006
Tech Country AU
Tech Phone +61.730070090
Tech Phone Ext N/A
Tech Fax +61.730070091
Tech Fax Ext N/A
Tech Email
Name Server ns1.above.com
Name Server ns2.above.com
DNSSEC unsigned
URL of the ICANN WHOIS Data Problem Reporting System http//wdprs.internic
on the plist file I got this
bplist00ß
"#""$%&'()&+,-.&012&4_kAPRaterReminderRequestDate_"WebKitShrinksStandaloneImagesToFit_WebKitCacheModelPreferenceKey_'WebKitOfflineWebApplicationCacheEnabled_WebKitMediaPlaybackAllowsInline_kAPRaterUseCount_kAPRaterCurrentVersion\ShowMoreApps\ShowFeedback_AppoxeeDidBecomeActivedLastTime_'WebKitDiskImageCacheSavedCacheDirectory_WebKitAllowMultiElementImplicitFormSubmissionPreferenceKey_+WebKitLocalStorageDatabasePathPreferenceKey_kAPRaterSignificantEventCount_AppoxeeWillResginActiveLastTime_3com.facebook.sdklastAttributionPing163662390370514_kAPRaterDeclinedToRate_UDID_USER_DEFAULTS_KEY_kTargetTokenKey_APLocalizationLanguage_APFlurryAnalyticsAccountIDKey_&WebKitMediaPlaybackRequiresUserGesture_WebDatabaseDirectory_kAPRaterFirstUseDate_APSystemAnalyticsAccountIDKey_kAPRaterRatedCurrentVersion_APVersionNumberAddition_QuincyKitActivated# X24.0.4.43A¶¥äžÔP_L/var/mobile/Applications/BD7DC834-0346-4DDE-90A0-7FE92EA1FE07/Library/Caches3A¶¨éõŒ3A¶¢ð[Ó‘_$8246DCB0-2536-47DC-9D7C-971025144A14_@1a255880af5d335dc5c19e0ed4298628410731a947b08f152fb5f51594203cc5Rhe_DFDDJFRZC82RMWRRC4R9_L/var/mobile/Applications/BD7DC834-0346-4DDE-90A0-7FE92EA1FE07/Library/Caches#AÔ8Û‚.P C a † ¦ Ð ò+8Z„Áï1g€™«Ää
$;[y“¨±²´µ¶¸ÁÊËÌ$-.U˜›²³
6
I can't find the application on my UFED physical analyzer and can't make any sense of it.
Is there a way on UFED to see deleted files, I tried through Timeline but it doesn't have applications there.
I am trying to figure out if it was a malware or spyware here???
thanks in advance.