James McGee
@sqlmcgee.bsky.social
Husband || Father || Digital Forensic Examiner || Cyber Crime Investigator || SQL Query Fanatic || Sometimes I make NFTs of my Dog
🧩 RowIDetective 🕵️♂️ formerly detailed Lagging for the Win: Querying for Negative Evidence in the sms.db. Now detecting missing messages at the end of Apple sms.db. Because every gap tells a story.
🔗 github.com/MetadataFore...
🔗 github.com/MetadataFore...
GitHub - MetadataForensics/RowIDetective: An update to our prior work within Lagging for the Win, now reporting all sms.db missing ROWID values up to the message sequence number.
An update to our prior work within Lagging for the Win, now reporting all sms.db missing ROWID values up to the message sequence number. - MetadataForensics/RowIDetective
github.com
November 13, 2025 at 7:46 PM
🧩 RowIDetective 🕵️♂️ formerly detailed Lagging for the Win: Querying for Negative Evidence in the sms.db. Now detecting missing messages at the end of Apple sms.db. Because every gap tells a story.
🔗 github.com/MetadataFore...
🔗 github.com/MetadataFore...
🚀 New release! HEART by Metadata Forensics (Health Events & Activity Reporting Tool) Version 1.1.0.0!
Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.
This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics
tinyurl.com
October 22, 2025 at 5:12 PM
🚀 New release! HEART by Metadata Forensics (Health Events & Activity Reporting Tool) Version 1.1.0.0!
Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
HEART by Metadata Forensics (Health Events & Activity Reporting Tool)
Free tool to parse Apple Health & Fitness data from FFS Extractions.
🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
Free tool to parse Apple Health & Fitness data from FFS Extractions.
🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.
This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics
tinyurl.com
September 22, 2025 at 3:52 PM
HEART by Metadata Forensics (Health Events & Activity Reporting Tool)
Free tool to parse Apple Health & Fitness data from FFS Extractions.
🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
Free tool to parse Apple Health & Fitness data from FFS Extractions.
🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export
⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4
Thanks to our great DFIR Community and discussion on the matter, I’m happy to announce our Google Location History Takeout Parser, Version 1.4.1. We’ve added Horizontal Accuracy KMLs for Records.JSON data and Parking Events. Get it at tinyurl.com/4aua56u4 Google Earth example:
August 28, 2025 at 6:39 PM
Thanks to our great DFIR Community and discussion on the matter, I’m happy to announce our Google Location History Takeout Parser, Version 1.4.1. We’ve added Horizontal Accuracy KMLs for Records.JSON data and Parking Events. Get it at tinyurl.com/4aua56u4 Google Earth example:
🚀 Google Location History Timeline Parser v 1.4 is now available! This release features multithreaded processing, time elapsed tracking, input file size calculation, and location-related files including HTML, CSV, and TXT. Available here:
tinyurl.com/4dr3tuv5
tinyurl.com/4dr3tuv5
GitHub - MetadataForensics/Google-Location-History-Takeout-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic m...
This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Takeout-Parser
tinyurl.com
May 15, 2025 at 8:07 PM
🚀 Google Location History Timeline Parser v 1.4 is now available! This release features multithreaded processing, time elapsed tracking, input file size calculation, and location-related files including HTML, CSV, and TXT. Available here:
tinyurl.com/4dr3tuv5
tinyurl.com/4dr3tuv5
🚀 Google Location History Takeout Parser Version 1.3.0.0 is here! 🎉
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
👉 tinyurl.com/2s8yzksx
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
👉 tinyurl.com/2s8yzksx
GitHub - MetadataForensics/Google-Location-History-Takeout-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic m...
This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Takeout-Parser
tinyurl.com
March 21, 2025 at 6:36 PM
🚀 Google Location History Takeout Parser Version 1.3.0.0 is here! 🎉
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
👉 tinyurl.com/2s8yzksx
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
👉 tinyurl.com/2s8yzksx
Excited for this release, best is yet to come with the LEAPPs! Fantastic project, resource, and tool
February 17, 2025 at 3:10 PM
Excited for this release, best is yet to come with the LEAPPs! Fantastic project, resource, and tool
We’re thrilled to unveil "Legal Bytes in a Digital World," our new article series examining the intersection of law, technology, and digital forensics. In our debut piece, we explore US v. Strong - available here: tinyurl.com/ymn2ju28 Stay tuned for in-depth analysis and expert perspectives in DFIR.
Examining the United States v. Ladonies P. STRONG Case
The case US v. Strong addresses the legality of warrantless searches of mobile devices, highlighting Fourth Amendment privacy rights. When Strong’s device was searched without a warrant, it r…
tinyurl.com
February 14, 2025 at 2:20 PM
We’re thrilled to unveil "Legal Bytes in a Digital World," our new article series examining the intersection of law, technology, and digital forensics. In our debut piece, we explore US v. Strong - available here: tinyurl.com/ymn2ju28 Stay tuned for in-depth analysis and expert perspectives in DFIR.
Many thanks to Magnet Forensics, Hexordia, and the CTF authors for this great experience! Glad the timing worked out that I was able to participate - really enjoyable, creative, and challenging. Still may go back and look at some more of these questions..
Congratulations to the winners of the Magnet Forensic Virtual Summit 2025 CTF powered by Hexordia
1st place: @deagler
2nd Place: @Cognitor4n6
3rd Place: @Potato
1st Place Team: @X
Still time to play for the First to Finish!
#MVS2025CTF #DFIR
1st place: @deagler
2nd Place: @Cognitor4n6
3rd Place: @Potato
1st Place Team: @X
Still time to play for the First to Finish!
#MVS2025CTF #DFIR
February 13, 2025 at 11:19 PM
Many thanks to Magnet Forensics, Hexordia, and the CTF authors for this great experience! Glad the timing worked out that I was able to participate - really enjoyable, creative, and challenging. Still may go back and look at some more of these questions..
🔍 New article from Metadata Forensics! 📱 “Hello! Who is on the Line?” – we’re diving into parsing iPhone group calls, something not previously supported by commercial or open-source mobile forensic tools. Check it out 👉 tinyurl.com/3n6c3374
Hello! Who is on the Line?
Have you ever wondered how many individuals were on a phone call or Facetime call when reviewing data extracted from an iOS device? This question came up in a case recently when information was dev…
tinyurl.com
February 5, 2025 at 9:23 PM
🔍 New article from Metadata Forensics! 📱 “Hello! Who is on the Line?” – we’re diving into parsing iPhone group calls, something not previously supported by commercial or open-source mobile forensic tools. Check it out 👉 tinyurl.com/3n6c3374
🕵️♂️💾 Uncover your device’s secret history! "Beyond the Logs: Using the Health App to Uncover Device Model and OS History" explores Health Application databases to reveal Apple model & OS info. Find out more at tinyurl.com/2dfwn5xs #metadataforensics #DFIR
Beyond the Logs: Using the Health App to Uncover Device Model and OS History
This article explores both the healthdb_secure.sqlite and healthdb.sqlite databases for data indicating devices possessed by the user, reviews device information hand-in-hand with OS version and ti…
tinyurl.com
January 30, 2025 at 3:48 PM
🕵️♂️💾 Uncover your device’s secret history! "Beyond the Logs: Using the Health App to Uncover Device Model and OS History" explores Health Application databases to reveal Apple model & OS info. Find out more at tinyurl.com/2dfwn5xs #metadataforensics #DFIR
This Thanksgiving, I’m grateful for the opportunity to make a difference and help bring justice to light. It’s the small details that matter, and I’m thankful to be part of a journey that strives for truth and fairness for all. Wishing everyone a meaningful Thanksgiving!
November 28, 2024 at 3:41 PM
This Thanksgiving, I’m grateful for the opportunity to make a difference and help bring justice to light. It’s the small details that matter, and I’m thankful to be part of a journey that strives for truth and fairness for all. Wishing everyone a meaningful Thanksgiving!
Let’s discuss: unpopular opinion? iOS 18: AFU is <72 hrs from reboot and BFU state. Lot of extraction ASAP talk, regardless of search auth. You can articulate, but with auth prior you don’t have to. What am I missing? Are auths after device seizure really going beyond 24 hrs?
November 14, 2024 at 4:01 AM
Let’s discuss: unpopular opinion? iOS 18: AFU is <72 hrs from reboot and BFU state. Lot of extraction ASAP talk, regardless of search auth. You can articulate, but with auth prior you don’t have to. What am I missing? Are auths after device seizure really going beyond 24 hrs?
Our latest course review is now available! 📱🧠 Explore Hexordia’s Mobile Data Structures: Honing Your Digital Forensic Edge for our thoughts on this course. 📈📊 Find it here: tinyurl.com/msb27jyz 🔗
Hexordia’s Mobile Data Structures: Honing Your Digital Forensic Edge
Hexordia's Mobile Data Structures course offers comprehensive training in SQLite, PList, LevelDB, and Protobuf analysis. With interactive Zoom sessions and hands-on tasks, it provides valuable insight...
tinyurl.com
September 6, 2024 at 2:11 PM
Our latest course review is now available! 📱🧠 Explore Hexordia’s Mobile Data Structures: Honing Your Digital Forensic Edge for our thoughts on this course. 📈📊 Find it here: tinyurl.com/msb27jyz 🔗
🚀 New Release Alert! 🎉 Check out the latest versions of our Google Location History Timeline Parser and Brute Force Dictionary List Generator! Now with a new graphical interface and enhanced functionality. Download today at github.com/MetadataFore...! 🚀
MetadataForensics - Overview
Alongside seeking the digital truth and client satisfaction in all our cases, we also strive to further the DFIR Community with our research and work products. - MetadataForensics
github.com
August 26, 2024 at 8:37 PM
🚀 New Release Alert! 🎉 Check out the latest versions of our Google Location History Timeline Parser and Brute Force Dictionary List Generator! Now with a new graphical interface and enhanced functionality. Download today at github.com/MetadataFore...! 🚀
New Blog Alert: Rookie Reflections: A Green Examiner's Forensic Journey Into Cellebrite, available here: tinyurl.com/3xbmcrje. Discover insights, challenges, and tips from one of our newest team members in her review of Cellebrite’s CCO course!
Rookie Reflections: A Green Examiner’s Forensic Journey Into Cellebrite
I came to Metadata Forensics from a local Police department in Georgia, and while I thoroughly enjoyed the “figure it out” education I accrued there. I was excited to start adding the letters to the e...
tinyurl.com
August 14, 2024 at 3:58 PM
New Blog Alert: Rookie Reflections: A Green Examiner's Forensic Journey Into Cellebrite, available here: tinyurl.com/3xbmcrje. Discover insights, challenges, and tips from one of our newest team members in her review of Cellebrite’s CCO course!
Wake up to our new article, Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking! 🌙 Review how Sleep data is stored and explore parsing with SQL query solutions. 🔍 Learn how this could lend insight into the future Vitals app! 📈 tinyurl.com/yc43kpme
Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking
How's your sleep been lately? Currently, there are numerous sleep tracking and monitoring devices available to track, monitor, and quantify sleep patterns for users actively seeking to improve their s...
tinyurl.com
August 1, 2024 at 8:59 PM
Wake up to our new article, Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking! 🌙 Review how Sleep data is stored and explore parsing with SQL query solutions. 🔍 Learn how this could lend insight into the future Vitals app! 📈 tinyurl.com/yc43kpme
Google Location History Data Parser Version 1.1.0.0 Released! Now with enhanced compatibility for older Google Location History Takeout data (~2020, 2021) and timestamp clarification, whether in Local Time or UTC+0. Available here: tinyurl.com/btu2u8za
GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...
This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser
tinyurl.com
July 16, 2024 at 3:05 PM
Google Location History Data Parser Version 1.1.0.0 Released! Now with enhanced compatibility for older Google Location History Takeout data (~2020, 2021) and timestamp clarification, whether in Local Time or UTC+0. Available here: tinyurl.com/btu2u8za
🔍 Explore Apple Watch wear data parsed from the healthdb_secure.sqlite! This data can assist in pattern of life analysis and provide valuable context for expected data recording, such as heart rate data.. 📈👀 Available here: tinyurl.com/2a3up53t
Apple Watch – Worn Data Analysis
The article explores a lesser-known data point in Apple Health that shows when an Apple Watch is worn. This data indicates one-hour time periods when the Watch was worn and time segments when the Watc...
tinyurl.com
May 21, 2024 at 12:05 AM
🔍 Explore Apple Watch wear data parsed from the healthdb_secure.sqlite! This data can assist in pattern of life analysis and provide valuable context for expected data recording, such as heart rate data.. 📈👀 Available here: tinyurl.com/2a3up53t
📢 New Release Alert! We’re thrilled to announce the release of Version 1.0.1.7 of our Google Location History Data Parser! 🎉Thanks to our incredible users, your feedback drives our growth and strengthens the DFIR community. 🙌 Check it out: tinyurl.com/4bptenjw #DFIR
GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...
This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser
tinyurl.com
April 29, 2024 at 8:05 PM
📢 New Release Alert! We’re thrilled to announce the release of Version 1.0.1.7 of our Google Location History Data Parser! 🎉Thanks to our incredible users, your feedback drives our growth and strengthens the DFIR community. 🙌 Check it out: tinyurl.com/4bptenjw #DFIR
Now available! Metadata Forensics, LLC’s Google Location History Data Parser! 🌎 Get it on GitHub: tinyurl.com/4bptenjw 🗺️ Read about it here: tinyurl.com/4ckwta45
GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...
This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser
tinyurl.com
February 18, 2024 at 12:52 AM
Now available! Metadata Forensics, LLC’s Google Location History Data Parser! 🌎 Get it on GitHub: tinyurl.com/4bptenjw 🗺️ Read about it here: tinyurl.com/4ckwta45
📢 New article alert! Explore the siriremembers.sqlite3 database – a fusion of Biome and the interactionC database! 🔍 SQL queries, key data insights, and future implications. Read about it here: tinyurl.com/4u9v3tjr Explore SQL Queries here: tinyurl.com/7758z4ur
Siri’s Memory Lane: Exploring the siriremembers Database
The siriremembers.sqlite3 database, simply put, is a combination of Biome and the interactionC database. In this article, we explore this new SQLite database, cover parsing key data through SQL querie...
tinyurl.com
January 29, 2024 at 6:12 PM
📢 New article alert! Explore the siriremembers.sqlite3 database – a fusion of Biome and the interactionC database! 🔍 SQL queries, key data insights, and future implications. Read about it here: tinyurl.com/4u9v3tjr Explore SQL Queries here: tinyurl.com/7758z4ur
Check out Metadata Forensics, LLC’s first free to use tool, our new Brute Force Dictionary List Generator! 🛠️ Get it on GitHub: tinyurl.com/5bpm8jhe read about it here: tinyurl.com/bd9jaz3z
GitHub - MetadataForensics/Brute-Force-Dictionary-List-Generator: This free tool supports both 4-dig...
This free tool supports both 4-digit and 6-digit passcode lists with easy-to-use application navigation. - GitHub - MetadataForensics/Brute-Force-Dictionary-List-Generator: This free tool supports ...
tinyurl.com
January 25, 2024 at 12:57 AM
Check out Metadata Forensics, LLC’s first free to use tool, our new Brute Force Dictionary List Generator! 🛠️ Get it on GitHub: tinyurl.com/5bpm8jhe read about it here: tinyurl.com/bd9jaz3z