π New Release: HEART by Metadata Forensics Version 1.3! π
Weβve added Local Device Time conversions! most Apple Health and Fitness application artifacts are linked to the device recorded the event, the associated time zone is preserved as well. Conversions by activity! github.com/MetadataFore...
My own corner of Apple Health forensics lives on the Metadata Forensics company blog, The Metadata Perspective:
lnkd.in/e6HZCBFq
If youβre in digital investigations and havenβt joined the Summit yet, you still have time (Feb 23β26). Itβs free, eye-opening, and full of practical takeaways:
lnkd.in/ew3taAjV
Looking forward to the rest of the week and continuing the conversation with all of you.
#MVS2026 #DFIRCommunity
Couldnβt start the week better-thank you Christopher Vance for the shout-out in your session, Harping on health data, during the Magnet Virtual Summit 2026! Your Mobile Unpacked series has helped so many of us, and itβs genuinely humbling to have my Apple Health contributions mentioned alongside it.
Ever wondered what secrets are in your Apple Contacts? π± iQueryContacts π΅οΈ is our new advanced SQL query work for the AddressBook.sqlitedb. All the classic data plus some new info including the Chinese lunar birthday! Find out more atΒ github.com/MetadataFore...
𧩠RowIDetectiveΒ π΅οΈββοΈ formerly detailed Lagging for the Win: Querying for Negative Evidence in the sms.db. Now detecting missing messages at the end of Apple sms.db. Because every gap tells a story.
π github.com/MetadataFore...
π New release! HEART by Metadata Forensics (Health Events & Activity Reporting Tool) Version 1.1.0.0!
Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.
β¬οΈ Download: tinyurl.com/v8zesb7h
π Article: tinyurl.com/94rx6vk4
HEART by Metadata Forensics (Health Events & Activity Reporting Tool)
Free tool to parse Apple Health & Fitness data from FFS Extractions.
π 31+ artifacts supported
π HTML report + CSV/PDF export
β¬οΈ Download: tinyurl.com/v8zesb7h
π Article: tinyurl.com/94rx6vk4
Thanks to our great DFIR Community and discussion on the matter, Iβm happy to announce our Google Location History Takeout Parser, Version 1.4.1. Weβve added Horizontal Accuracy KMLs for Records.JSON data and Parking Events. Get it at tinyurl.com/4aua56u4 Google Earth example:
π Google Location History Timeline Parser v 1.4 is now available! This release features multithreaded processing, time elapsed tracking, input file size calculation, and location-related files including HTML, CSV, and TXT. Available here:
tinyurl.com/4dr3tuv5
π Google Location History Takeout ParserΒ Version 1.3.0.0 is here! π
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
π tinyurl.com/2s8yzksx
Excited for this release, best is yet to come with the LEAPPs! Fantastic project, resource, and tool
Weβre thrilled to unveil "Legal Bytes in a Digital World," our new article series examining the intersection of law, technology, and digital forensics. In our debut piece, we explore US v. Strong - available here: tinyurl.com/ymn2ju28 Stay tuned for in-depth analysis and expert perspectives in DFIR.
Many thanks to Magnet Forensics, Hexordia, and the CTF authors for this great experience! Glad the timing worked out that I was able to participate - really enjoyable, creative, and challenging. Still may go back and look at some more of these questions..
π New article from Metadata Forensics! π± βHello! Who is on the Line?β β weβre diving into parsing iPhone group calls, something not previously supported by commercial or open-source mobile forensic tools. Check it out π tinyurl.com/3n6c3374
π₯³ Now also available within iLEAPP! π Such an incredible tool and community resource π
π΅οΈββοΈπΎ Uncover your deviceβs secret history! "Beyond the Logs: Using the Health App to Uncover Device Model and OS History" explores Health Application databases to reveal Apple model & OS info. Find out more at tinyurl.com/2dfwn5xs #metadataforensics #DFIR
This Thanksgiving, Iβm grateful for the opportunity to make a difference and help bring justice to light. Itβs the small details that matter, and Iβm thankful to be part of a journey that strives for truth and fairness for all. Wishing everyone a meaningful Thanksgiving!
Letβs discuss: unpopular opinion? iOS 18: AFU is <72 hrs from reboot and BFU state. Lot of extraction ASAP talk, regardless of search auth. You can articulate, but with auth prior you donβt have to. What am I missing? Are auths after device seizure really going beyond 24 hrs?
Our latest course review is now available! π±π§ Explore Hexordiaβs Mobile Data Structures: Honing Your Digital Forensic Edge for our thoughts on this course. ππ Find it here: tinyurl.com/msb27jyz π
π New Release Alert! π Check out the latest versions of our Google Location History Timeline Parser and Brute Force Dictionary List Generator! Now with a new graphical interface and enhanced functionality. Download today at github.com/MetadataFore...! π
New Blog Alert:Β Rookie Reflections: A Green Examiner's Forensic Journey Into Cellebrite, available here: tinyurl.com/3xbmcrje. Discover insights, challenges, and tips from one of our newest team members in her review of Cellebriteβs CCO course!
Wake up to our new article, Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking! π Review how Sleep data is stored and explore parsing with SQL query solutions. π Learn how this could lend insight into the future Vitals app! π tinyurl.com/yc43kpme
Google Location History Data Parser Version 1.1.0.0 Released! Now with enhanced compatibility for older Google Location History Takeout data (~2020, 2021) and timestamp clarification, whether in Local Time or UTC+0. Available here: tinyurl.com/btu2u8za
π Explore Apple Watch wear data parsed from the healthdb_secure.sqlite! This data can assist in pattern of life analysis and provide valuable context for expected data recording, such as heart rate data.. ππ Available here: tinyurl.com/2a3up53t
π’Β New Release Alert! Weβre thrilled to announce the release of Version 1.0.1.7 of our Google Location History Data Parser! πThanks to our incredible users, your feedback drives our growth and strengthens the DFIR community. π Check it out: tinyurl.com/4bptenjwΒ #DFIR
Now available! Metadata Forensics, LLCβs Google Location History Data Parser! π Get it on GitHub: tinyurl.com/4bptenjw πΊοΈ Read about it here: tinyurl.com/4ckwta45
