Blog >> iOS Google Chat

iOS Google Chat

01/08/2025 Friday

The iOS Google Chat app is a mobile messaging platform developed by Google. It enables users to communicate in real-time through direct messages, and group conversations. The app is also integrated with other Google services—like Gmail, Google Calendar, and Google Drive—which allows users to schedule meetings, access shared documents, and manage tasks without leaving the app.

Digital Forensics Values of iOS Google Chat

The digital forensics values of the iOS Google Chat app lie in its potential to provide critical evidence in investigations involving communication, data sharing, or collaboration activities. Forensic analysts can extract valuable artifacts such as message content, timestamps, user metadata, contact lists, and file attachments. These elements can help reconstruct timelines, verify user identities, and identify interactions between individuals.

Location of iOS Google Chat Artifacts

iOS Google Chat artifacts can be found at the following locations:

/private/var/mobile/Containers/Data/Application/<APP_GUID> /documents/user_accounts/ <User_ID> /dynamite.db
/private/var/mobile/Containers/Data/Application/<APP_GUID>/Library/Caches/com.google.Dynamite/ImageFetcherCache/cacheV0.db

Analyzing iOS Google Chat Artifact with ArtiFast

This section will discuss how to use ArtiFast to extract iOS Google Chat artifact from iOS machines’ files and what kind of digital forensics insights we can gain from the artifact.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select iOS Google Chat artifact parsers:

Once ArtiFast parsers plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of iOS Google Chat artifacts in ArtiFast.

iOS Google Chat Conversations

• Last Event Date/Time: Date and time when the last event has been made on this conversation.
• Conversation ID: This chat conversation ID.
• Conversation Title: The title of this conversation.
• Creator ID: The ID of the creator of this conversation.
• Conversation Type: Indicates whether this chat is a group or an individual conversation.
• Partner ID: The partner unique identifier if it is an individual conversation.
• Creation Date/Time: The date and time when this conversation was created.
• Is Starred: Indicates whether this message is starred or not.
• Is Hidden: Indicates whether this message is hidden or not.
• Is Muted: Indicates whether this message is muted or not.
• Conversation Clear Date/Time: The date and time when this conversation was cleared.
• Last Viewed Date/Time: Last viewed date/time.
• Members List: The list of this conversation members.

iOS Google Chat Users

• User ID: The user Unique Identifier.
• Email Address: The email addresses registered by this account holder.
• User Name: This account user name.
• Avatar URL: The avatar URL.
• First Name: This user first name.
• Last Updated Date/Time: The date/time when this user information has been modified.
• Is This Account Owner: Indicates whether this user is the account user or not.

iOS Google Chat Cached Images

• Image Bytes: The cached image bytes.

iOS Google Chat Messages

• Message Sent Date/Time: Message Sending Date/Time.
• Message Direction: Indicates whether this is an outgoing or incoming message.
• Text Content: The text content of the message.
• Message ID: Unique identifier of the message.
• Sender ID: The ID of the message sender.
• Last Updated Date/Time: The date/time when this message has been modified.
• Edited Date/Time: The date/time when this message has been edited.
• Deleted At Date/Time: The Date/Time when this message has been deleted if applicable.
• Updater ID: The ID of the user updated this message.
• Attachment File Name: Attachment name.
• Attachment Type: Attachment type.

For more information or suggestions please contact: kalthoum.karkazan@forensafe.com