Blog >> iOS Slack

iOS Slack

11/07/2025 Friday

Slack is a cross-platform communication and productivity application used by both individuals and organizations. It allows users to exchange messages, files, and images within “Channels,” which are organized under a Slack “Workspace.” Organizations can create multiple workspaces to manage and monitor different teams. Within these, teams can set up project-specific channels to collaborate and track progress. Slack supports integration with a wide range of tools and services, including Google Drive and Microsoft Teams. Its broad integration support, flexible configuration, and centralized management distinguish it from other collaboration platforms.

Digital Forensics Value of iOS Slack

Slack is currently used by a wide variety of organizations around the world. The platform is utilized by more than 750,000 businesses. With its widespread adoption among both individuals and organizations, Slack becomes a very important tool that should not be missed in digital forensics investigations. Whether it's an organization's internal or criminal case investigation, Slack artifacts can be a valuable source of information. Artifacts such as user messages, channels, and attachments can be a very rich source of information.

Location of iOS Slack Artifact

Information related to the user’s Slack can be found in the following locations:

/private/var/mobile/Containers/Shared/AppGroup/<APP_GUID>/$random-UID_random-GID/ModelDatabase/db.sqlite

Analyzing iOS Slack Artifact with ArtiFast

This section will discuss how to use ArtiFast to extract iOS Slack artifacts from iOS and what digital forensic insights we can gain from them.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select the iOS Slack artifact.

Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of iOS Slack artifact in ArtiFast.

iOS Slack Messages

• Time/Date: The message date and time.
• Sender User ID: The user’s unique identifier.
• Sender Name: The message sender’s name.
• Channel ID: The channel's unique ID.
• Message: The text content of the message.
• Conversation ID: The conversation’s unique ID.
• Channel Name: The name of the channel.

iOS Slack Channels

• Time/Date: The date and time when the channel was created.
• Channel ID: The channel's unique ID.
• Creator ID: The channel creator’s ID.
• Creator Name: The channel creator’s name.
• Channel Name: The channel's name.
• First Message Date: The channel’s first message date and time.
• Channel Description: The channel description.
• Channel Type: The channel’s type.

iOS Slack Attachments

• Time/Date: The message date and time.
• Size: The attachment file size.
• Attachment ID: The attachment's unique identifier.
• Attachment URL: The attachment’s URL.
• Attachment Type: The attachment’s media type.
• Sender ID: The sender’s ID.
• Sender Name: The message sender’s name.
• Private Download URL: The private download of the attachment file.
• Channel ID: The channel's unique ID.
• Message: The text content of the message.
• Conversation ID: The conversation’s unique ID.
• Channel Name: The name of the channel.

iOS Slack User Information

• Time/Date: The user’s information update time.
• Username: The Slack user name.
• First Name: The user’s first name.
• Last Name: The user’s last name.
• Email: The user’s email.
• Timezone: The user’s registered timezone.
• Real Name: The user’s registered real name.
• Workspace ID: The workspace ID.
• User ID: The user’s unique identifier.
• Phone Number: The user’s phone number.

For more information or suggestions please contact: ekrma.elnour@forensafe.com