Forensic analysis of iOS binary cookie files

Hudan Studiawan*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


iPhone operating system (iOS) devices utilize binary cookies as a data storage tool, encoding user-specific information within an often-neglected element of smartphone analysis. This binary format contains details such as cookie flags, expiration, and creation dates, domain, and value of the cookie. These data are invaluable for forensic investigations. This study presents a comprehensive methodology to decode and extract valuable data from these files, enhancing the ability to recover user activity information from iOS devices. This paper provides an in-depth forensic investigation into the structure and function of iOS binary cookie files. Our proposed forensic technique includes a combination of reverse engineering and custom-built Python scripts to decode the binary structure. The results of our research demonstrate that these cookie files can reveal an array of important digital traces, including user preferences, visited websites, and timestamps of online activities. It concludes that the forensic analysis of iOS binary cookie files can be a tool for forensic investigators and cybersecurity professionals. In the rapidly evolving domain of digital forensics, this research contributes to our understanding of less-explored data sources within iOS devices and their potential value in investigative contexts.

Original languageEnglish
JournalJournal of Forensic Sciences
Publication statusAccepted/In press - 2024


  • binary cookie
  • forensic analysis
  • iOS device
  • reverse engineering


Dive into the research topics of 'Forensic analysis of iOS binary cookie files'. Together they form a unique fingerprint.

Cite this