iLEAPP: an iOS logs, events, and plists parser
iLEAPP is a good iOS forensic tool developed by Alexis Brignoni. It’s composed by a set of python script previously developed by Alexis, collected in a single, useful, tool.
iLEAPP  is developed in order to help forensic analyst during the processing of iOS artifacts, and currently has this parsing capabilities:
- Mobile Installation Logs.
- Nested bplists inside a iOS KnowledgeC.db field.
- iOS version 11, 12, & 13 Notifications content
- ApplicationState.db bundle ID to app GUID parsing and correlation.
- Cellular Wireless Information Plists
First, clone the repository:
$ git clone https://github.com/abrignoni/iLEAPP
$ sudo apt-get install python3-tk
Finally, install dependencies:
$ cd iLEAPP $ pip install -r requirements.txt
If running the binaries provided in the version releases  no dependencies are needed.
$ python ileapp.py -t <zip | tar | fs | gz | itunes> -i <path_to_extraction> -o <path_for_report_output>
For installation and usage on macOS, please refers to this useful video by 13cubed: