Author | Lightnews

James McGee

James McGee

@sqlmcgee.bsky.social

41 followers 21 following 25 posts

Husband || Father || Digital Forensic Examiner || Cyber Crime Investigator || SQL Query Fanatic || Sometimes I make NFTs of my Dog

Posts Media Videos Starter Packs

James McGee @sqlmcgee.bsky.social · 15d

🚀 New release! HEART by Metadata Forensics (Health Events & Activity Reporting Tool) Version 1.1.0.0!

Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.

⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4

GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.

This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics

James McGee @sqlmcgee.bsky.social · Sep 22

HEART by Metadata Forensics (Health Events & Activity Reporting Tool)

Free tool to parse Apple Health & Fitness data from FFS Extractions.

🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export

⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4

GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.

This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics

James McGee @sqlmcgee.bsky.social · Aug 28

Thanks to our great DFIR Community and discussion on the matter, I’m happy to announce our Google Location History Takeout Parser, Version 1.4.1. We’ve added Horizontal Accuracy KMLs for Records.JSON data and Parking Events. Get it at tinyurl.com/4aua56u4 Google Earth example:

James McGee @sqlmcgee.bsky.social · May 15

🚀 Google Location History Timeline Parser v 1.4 is now available! This release features multithreaded processing, time elapsed tracking, input file size calculation, and location-related files including HTML, CSV, and TXT. Available here:
tinyurl.com/4dr3tuv5

GitHub - MetadataForensics/Google-Location-History-Takeout-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic m...

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Takeout-Parser

James McGee @sqlmcgee.bsky.social · Mar 21

🚀 Google Location History Takeout Parser Version 1.3.0.0 is here! 🎉
With enhanced KML support (TimeSpans, Descriptions & LineStrings), taking your data to the next level. Continue leveraging Google Location History Takeout & Warrant Return data.
👉 tinyurl.com/2s8yzksx

GitHub - MetadataForensics/Google-Location-History-Takeout-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic m...

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Takeout-Parser

James McGee @sqlmcgee.bsky.social · Feb 17

Excited for this release, best is yet to come with the LEAPPs! Fantastic project, resource, and tool

Kevin 🤖🕵️🍺 @stark4n6.bsky.social · Feb 17

New #iLEAPP 2.1.0 release is out! #DFIR github.com/abrignoni/iL...

James McGee @sqlmcgee.bsky.social · Feb 14

We’re thrilled to unveil "Legal Bytes in a Digital World," our new article series examining the intersection of law, technology, and digital forensics. In our debut piece, we explore US v. Strong - available here: tinyurl.com/ymn2ju28 Stay tuned for in-depth analysis and expert perspectives in DFIR.

Examining the United States v. Ladonies P. STRONG Case

The case US v. Strong addresses the legality of warrantless searches of mobile devices, highlighting Fourth Amendment privacy rights. When Strong’s device was searched without a warrant, it r…

James McGee @sqlmcgee.bsky.social · Feb 13

Many thanks to Magnet Forensics, Hexordia, and the CTF authors for this great experience! Glad the timing worked out that I was able to participate - really enjoyable, creative, and challenging. Still may go back and look at some more of these questions..

Jessica Hyde @b1n2h3x.bsky.social · Feb 13

Congratulations to the winners of the Magnet Forensic Virtual Summit 2025 CTF powered by Hexordia
1st place: @deagler
2nd Place: @Cognitor4n6
3rd Place: @Potato
1st Place Team: @X
Still time to play for the First to Finish!

#MVS2025CTF #DFIR

James McGee @sqlmcgee.bsky.social · Feb 5

🔍 New article from Metadata Forensics! 📱 “Hello! Who is on the Line?” – we’re diving into parsing iPhone group calls, something not previously supported by commercial or open-source mobile forensic tools. Check it out 👉 tinyurl.com/3n6c3374

Hello! Who is on the Line?

Have you ever wondered how many individuals were on a phone call or Facetime call when reviewing data extracted from an iOS device? This question came up in a case recently when information was dev…

James McGee @sqlmcgee.bsky.social · Feb 1

James McGee @sqlmcgee.bsky.social · Feb 1

🥳 Now also available within iLEAPP! 🎉 Such an incredible tool and community resource 🙌

James McGee @sqlmcgee.bsky.social · Jan 30

🕵️‍♂️💾 Uncover your device’s secret history! "Beyond the Logs: Using the Health App to Uncover Device Model and OS History" explores Health Application databases to reveal Apple model & OS info. Find out more at tinyurl.com/2dfwn5xs #metadataforensics #DFIR

Beyond the Logs: Using the Health App to Uncover Device Model and OS History

This article explores both the healthdb_secure.sqlite and healthdb.sqlite databases for data indicating devices possessed by the user, reviews device information hand-in-hand with OS version and ti…

James McGee @sqlmcgee.bsky.social · Nov 28

This Thanksgiving, I’m grateful for the opportunity to make a difference and help bring justice to light. It’s the small details that matter, and I’m thankful to be part of a journey that strives for truth and fairness for all. Wishing everyone a meaningful Thanksgiving!

James McGee @sqlmcgee.bsky.social · Nov 14

Let’s discuss: unpopular opinion? iOS 18: AFU is <72 hrs from reboot and BFU state. Lot of extraction ASAP talk, regardless of search auth. You can articulate, but with auth prior you don’t have to. What am I missing? Are auths after device seizure really going beyond 24 hrs?

James McGee @sqlmcgee.bsky.social · Nov 11

James McGee @sqlmcgee.bsky.social · Sep 6

Our latest course review is now available! 📱🧠 Explore Hexordia’s Mobile Data Structures: Honing Your Digital Forensic Edge for our thoughts on this course. 📈📊 Find it here: tinyurl.com/msb27jyz 🔗

Hexordia’s Mobile Data Structures: Honing Your Digital Forensic Edge

Hexordia's Mobile Data Structures course offers comprehensive training in SQLite, PList, LevelDB, and Protobuf analysis. With interactive Zoom sessions and hands-on tasks, it provides valuable insight...

James McGee @sqlmcgee.bsky.social · Aug 26

🚀 New Release Alert! 🎉 Check out the latest versions of our Google Location History Timeline Parser and Brute Force Dictionary List Generator! Now with a new graphical interface and enhanced functionality. Download today at github.com/MetadataFore...! 🚀

MetadataForensics - Overview

Alongside seeking the digital truth and client satisfaction in all our cases, we also strive to further the DFIR Community with our research and work products. - MetadataForensics

James McGee @sqlmcgee.bsky.social · Aug 14

New Blog Alert: Rookie Reflections: A Green Examiner's Forensic Journey Into Cellebrite, available here: tinyurl.com/3xbmcrje. Discover insights, challenges, and tips from one of our newest team members in her review of Cellebrite’s CCO course!

Rookie Reflections: A Green Examiner’s Forensic Journey Into Cellebrite

I came to Metadata Forensics from a local Police department in Georgia, and while I thoroughly enjoyed the “figure it out” education I accrued there. I was excited to start adding the letters to the e...

James McGee @sqlmcgee.bsky.social · Aug 1

Wake up to our new article, Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking! 🌙 Review how Sleep data is stored and explore parsing with SQL query solutions. 🔍 Learn how this could lend insight into the future Vitals app! 📈 tinyurl.com/yc43kpme

Sleepless in Cupertino: A Forensic Dive into Apple Watch Sleep Tracking

How's your sleep been lately? Currently, there are numerous sleep tracking and monitoring devices available to track, monitor, and quantify sleep patterns for users actively seeking to improve their s...

James McGee @sqlmcgee.bsky.social · Jul 16

Google Location History Data Parser Version 1.1.0.0 Released! Now with enhanced compatibility for older Google Location History Takeout data (~2020, 2021) and timestamp clarification, whether in Local Time or UTC+0. Available here: tinyurl.com/btu2u8za

GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser

James McGee @sqlmcgee.bsky.social · May 21

🔍 Explore Apple Watch wear data parsed from the healthdb_secure.sqlite! This data can assist in pattern of life analysis and provide valuable context for expected data recording, such as heart rate data.. 📈👀 Available here: tinyurl.com/2a3up53t

Apple Watch – Worn Data Analysis

The article explores a lesser-known data point in Apple Health that shows when an Apple Watch is worn. This data indicates one-hour time periods when the Watch was worn and time segments when the Watc...

James McGee @sqlmcgee.bsky.social · Apr 29

📢 New Release Alert! We’re thrilled to announce the release of Version 1.0.1.7 of our Google Location History Data Parser! 🎉Thanks to our incredible users, your feedback drives our growth and strengthens the DFIR community. 🙌 Check it out: tinyurl.com/4bptenjw #DFIR

GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser

James McGee @sqlmcgee.bsky.social · Feb 18

Now available! Metadata Forensics, LLC’s Google Location History Data Parser! 🌎 Get it on GitHub: tinyurl.com/4bptenjw 🗺️ Read about it here: tinyurl.com/4ckwta45

GitHub - MetadataForensics/Google-Location-History-Data-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic mann...

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Data-Parser

James McGee @sqlmcgee.bsky.social · Jan 29

📢 New article alert! Explore the siriremembers.sqlite3 database – a fusion of Biome and the interactionC database! 🔍 SQL queries, key data insights, and future implications. Read about it here: tinyurl.com/4u9v3tjr Explore SQL Queries here: tinyurl.com/7758z4ur

Siri’s Memory Lane: Exploring the siriremembers Database

The siriremembers.sqlite3 database, simply put, is a combination of Biome and the interactionC database. In this article, we explore this new SQLite database, cover parsing key data through SQL querie...

James McGee @sqlmcgee.bsky.social · Jan 25

Check out Metadata Forensics, LLC’s first free to use tool, our new Brute Force Dictionary List Generator! 🛠️ Get it on GitHub: tinyurl.com/5bpm8jhe read about it here: tinyurl.com/bd9jaz3z

GitHub - MetadataForensics/Brute-Force-Dictionary-List-Generator: This free tool supports both 4-dig...

This free tool supports both 4-digit and 6-digit passcode lists with easy-to-use application navigation. - GitHub - MetadataForensics/Brute-Force-Dictionary-List-Generator: This free tool supports ...