Index based desktop search tools have become the primary means for finding files or launching applications on desktop computer systems. Every major operating system ships with one. Spotlight is the default desktop search app on macOS (formerly OSX) that searches files based on metadata and content.

This paper explores the format of the spotlight metadata cache database and opens up another avenue of data previously unavailable to a forensic investigator. With the format now available, and a script to explore and read this database, it is now possible to investigate spotlight metadata on any platform.

中文翻译：

---

调查Spotlight内部以提取元数据

基于索引的桌面搜索工具已经成为在台式计算机系统上查找文件或启动应用程序的主要手段。每个主要操作系统都附带一个。Spotlight是macOS（以前称为OSX）上的默认桌面搜索应用程序，可基于元数据和内容搜索文件。

本文探讨了Spotlight元数据缓存数据库的格式，并开辟了以前法医调查人员无法获得的另一种数据途径。现在有了可用的格式，并且有一个探索和读取此数据库的脚本，现在可以在任何平台上研究Spotlight元数据。