iMessage

Overview

Evidence: iMessage Description: Collect iMessages Category: System Platform: macos Short Name: imsg Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

iMessage chat database stores messages, attachments, and metadata per user. This data is essential for communications analysis and timeline reconstruction.

Data Collected

This collector gathers structured data about imessage.

iMessage Data

Field

Description

Example

User

User

Example value

MessageID

Message ID

123

Conversation

Conversation

123

Text

Text

Example value

Contact

Contact

Example value

Direction

Direction

Example value

Account

Account

Example value

Date

Date

2023-10-15 14:30:25+03:00

DateRead

Date Read

2023-10-15 14:30:25+03:00

DateDelivered

Date Delivered

2023-10-15 14:30:25+03:00

IsFromMe

Is From Me

123

IsRead

Is Read

123

DestinationCallerID

Destination Caller ID

Example value

AttachmentPath

Attachment Path

Example value

AttachmentName

Attachment Name

Example value

AttachmentSize

Attachment Size

123

Collection Method

This collector copies user chat.db files and queries messages, attachments, and related tables, recording into imessage.

Forensic Value

This evidence is crucial for forensic investigations as it reveals communications content, participants, and attachment artifacts.

PreviousHomebrew Logs NextInstall Logs

Last updated 3 days ago

Was this helpful?