• Originally presented as the first ever Objective by the Sea - Mac Security Conference in 2018
• Presentation Slides: From Apple Seeds to Apple Pie
• Presentation Slides: Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis

• This is your warning. I've tested a few modules but there is much more testing to be done.
• Find a bug or a better query, let me know!
• Extra warning on PowerLog modules, timestamps may be in the past and/or future - testing these.
• Many more modules to come!
• Python 3 (omg, finally!)

• SimpleKML - Copy the simplekml directory to the directory where apollo.py is being run from.

python apollo.py -o {csv, sql} -p {ios, mac, yolo} -v {8,9,10,11,12,yolo} <modules directory> <data directory>

• csv - CSV
• sql - SQLite Database

• ios
• mac [Offical support coming soon!]
• yolo - Just parse whatever. Use for ARTEMIS parsing.

• iOS 8, 9, 10, 11, 12
• yolo - Just parse whatever. Use for ARTEMIS parsing.

• Check database permissions - Use chmod to give some databases with "all blank" permissions some sort of permission. (Happens with many types of physical-logical extractions.)
• Check database ownership - Use chown to take ownership of the files.

• Thanks to Sam Alptekin of @sjc_CyberCrimes, script is much, much faster than original.
• Thanks to @AlexisBrignoni for Python 3 support and ARTEMIS!

• Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
• Knowledge is Power II – A Day in the Life of My iPhone using knowledgeC.db
• On the First Day of APOLLO, My True Love Gave to Me - A Python Script – An Introduction to the Apple Pattern of Life Lazy Output’er (APOLLO) Blog Series
• On the Second Day of APOLLO, My True Love Gave to Me - Holiday Treats and a Trip to the Gym - A Look at iOS Health Data
• On the Third Day of APOLLO, My True Love Gave to Me – Application Usage to Determine Who Has Been Naughty or Nice
• On the Fourth Day of APOLLO, My True Love Gave to Me – Media Analysis to Prove You Listened to “All I Want for Christmas is You” Over and Over Since Before Thanksgiving
• On the Fifth Day of APOLLO, My True Love Gave to Me – A Stocking Full of Random Junk, Some of Which Might be Useful!
• On the Sixth Day of APOLLO, My True Love Gave to Me – Blinky Things with Buttons – Device Status Analysis
• On the Seventh Day of APOLLO, My True Love Gave to Me – A Good Conversation – Analysis of Communications and Data Usage
• On the Eighth Day of APOLLO, My True Love Gave to Me – A Glorious Lightshow – Analysis of Device Connections
• On the Ninth Day of APOLLO, My True Love Gave to Me – A Beautiful Portrait – Analysis of the iOS Interface
• On the Tenth Day of APOLLO, My True Love Gave to Me – An Oddly Detailed Map of My Recent Travels – iOS Location Analysis
• On the Eleventh Day of APOLLO, My True Love Gave to Me – An Intriguing Story – Putting it All Together: A Day in the Life of My iPhone using APOLLO
• On the Twelfth Day of APOLLO, My True Love Gave to Me – A To Do List – Twelve Planned Improvements to APOLLO