# Document Revisions

## Overview

**Evidence:** Document Revisions\
**Description:** Collect Document Revisions\
**Category:** System\
**Platform:** macos\
**Short Name:** drvs\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

macOS DocumentRevisions-V100 stores prior versions of documents for autosave. This data is essential for recovering prior content and tracking edits over time.

## Data Collected

This collector gathers structured data about document revisions.

### Document Revisions Data

| Field             | Description      | Example                   |
| ----------------- | ---------------- | ------------------------- |
| `FileINode`       | File I Node      | 123                       |
| `StorageID`       | Storage ID       | 123                       |
| `FilePath`        | File Path        | Example value             |
| `ExistsOnDisk`    | Exists On Disk   | true                      |
| `FileLastSeen`    | File Last Seen   | 2023-10-15 14:30:25+03:00 |
| `GenerationAdded` | Generation Added | 2023-10-15 14:30:25+03:00 |
| `GenerationPath`  | Generation Path  | Example value             |
| `Source`          | Source           | Example value             |

## Collection Method

This collector copies the DocumentRevisions database and queries for files and generations, recording into `document_revisions`.

## Forensic Value

This evidence is crucial for forensic investigations as it can reveal previous versions of altered or deleted documents.