iOS GroupMe
02/05/2025 Friday
GroupMe for iOS is a free group messaging application owned by
Microsoft. It is primarily designed for large groups, allowing up to
10,000 members to join the same chat. With its SMS-only mode, users can
participate via text messages without downloading the app, ensuring that
its services are accessible across a wide range of devices and
platforms.
Digital Forensics Values of iOS GroupMe
Since the iOS GroupMe app is an instant messaging application, its
forensic value lies in the growing popularity of such apps. Analyzing
the artifacts left behind by GroupMe may reveal sensitive information
about the device user's communications, which can help investigators
trace illegal activities, uncover communication patterns, and identify
potential suspects.
Location of iOS GroupMe
iOS GroupMe artifacts can be found at the following locations:
/private/var/mobile/Containers/Data/Application/<APP_GUID>/Documents/groupme.sqlite
/private/var/mobile/Containers/Data/Application/<APP_GUID>/Library/Preferences/com.groupme.iphone-app.plist
Analyzing iOS GroupMe Artifacts with ArtiFast
This section will discuss how to use ArtiFast to extract iOS GroupMe
artifacts from iOS machines’ files and what kind of digital forensics
insights we can gain from the artifact.
After you have created your case and added evidence for the
investigation, at the Artifact Selection phase, you can select iOS
GroupMe artifact parsers:
×
Once ArtiFast parsers plugins complete processing the artifact for
analysis, it can be reviewed via “Artifact View” or “Timeline View,”
with indexing, filtering, and searching capabilities. Below is a
detailed description of iOS GroupMe artifacts in ArtiFast.
iOS GroupMe Contacts
- Full Name: This user full name.
- First Name: This user first name.
- Last Name: This user last name.
- Phone Number: This user phone number.
- Email Address: The email address of this account holder.
- User ID: The user Unique Identifier.
- Username: This account user name.
- Avatar URL: The avatar URL of this account.
-
Last Updated Date/Time: The date/time when this user
information has been modified.
-
Creation Date/Time: The date and time when this account was
created.
iOS GroupMe Groups
- Group ID: The group Unique Identifier.
- Group Name: The group name.
- Group Type: The type of this group.
- State: The state of the group.
- Invitation URL: The URL to join this group.
-
Last Message ID: The ID of the last message sent in this group.
-
Creation Date/Time: The date and time when this group was
created.
- Creator ID: The ID of the creator of this group.
- Member IDs: Group Member IDs.
iOS GroupMe Chats
- Chat ID: The chat ID.
- Chat Name: The chat name.
-
Is App User: Indicates whether the other partner is an app user
or not.
- Chat Avatar URL: The chat avatar URL.
-
Partner ID: The partner unique identifier of this individual
chat.
-
Last Message Sent Date/Time: The last Message Sending Date/Time
sent to this conversation.
-
Last Message ID: The ID of the last message sent in this chat.
iOS GroupMe Text Messages
-
Creation Date/Time: The date and time when this file was
created.
- Text Content: The text content of the message.
- Message ID: Unique identifier of the message.
- Chat ID: The chat ID.
- Sender Name: The Name of the message sender.
- Sender ID: The ID of the message sender.
iOS GroupMe Locations
-
Creation Date/Time: The date and time when this file was
created.
- Message ID: Unique identifier of the message.
- Chat ID: The chat ID.
- Sender Name: The Name of the message sender.
- Sender ID: The ID of the message sender.
- Latitude: Sent Location Latitude.
- Longitude: Sent Location Longitude.
- Location Title: The text description of this location.
iOS GroupMe Media
-
Creation Date/Time: The date and time when this file was
created.
- Message ID: Unique identifier of the message.
- Chat ID: The chat ID.
- Sender Name: The Name of the message sender.
- Sender ID: The ID of the message sender.
- Image URL: URL of the media file.
iOS GroupMe Pending Messages
-
Creation Date/Time: The date and time when this file was
created.
- Text Content: The text content of the message.
- Chat ID: The chat ID.
- Sender Name: The Name of the message sender.
- Sender ID: The ID of the message sender.
- Uploaded Image Bytes: The uploaded image bytes.
iOS GroupMe Accounts
- Phone Number: This user phone number.
- Email Address: The email address of this account holder.
- User ID: The user Unique Identifier.
- Avatar URL: The avatar URL.
-
Creation Date/Time: The date and time when this account was
created.
- Display Name: This user display name.
- App Version: The application version.
For more information or suggestions please contact:
kalthoum.karkazan@forensafe.com