# Microsoft Photos

## Overview

**Evidence:** Microsoft Photos\
**Description:** Collect Microsoft Photos History Database\
**Category:** Applications\
**Platform:** windows\
**Short Name:** mph\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Microsoft Photos app stores viewing history, metadata, and organizational information in SQLite databases. These databases track which photos were viewed, when, and any edits or organizational changes made within the app.

## Data Collected

This collector gathers structured data about microsoft photos.

## Collection Method

This collector gathers MediaDb SQLite database files from Microsoft Photos app package directories in user AppData locations.

## Forensic Value

Photos history databases reveal which images were accessed, providing insights into user activity and interests. This can identify viewed evidence, exfiltrated images, or content related to investigations.