Recover personal messages and posts from Microsoft Teams.
Recover phone call-logs from Microsoft Teams.
Recover links to media files and hyperlinks from Microsoft Teams.
Recover phone contacts from Microsoft Teams.
Recover appointments from Microsoft Teams.
Recover reactions to messages and posts from Microsoft Teams.
Forensics.im is an Autopsy Plugin, which allows parsing levelDB of modern Electron-based Instant Messenger Applications like Microsoft Teams. Unlike the existing solutions, Forensics.im also parses the binary ldb files, which contain the majority of the entries and allows identifies individual entities, such as messages and contacts, and presents these in Autopsy’s blackboard view.
The forensics.im module uses advanced techniques for processing the Microsoft Teams datastores, which can not be processed through traditional approaches like string searches.
The forensic.im module uses primarily default Autopsy artefacts, which lets you use these even through advance visualization tools, such as the Communications Visualization Editor.
Whether you have questions or you would just like to say hello, contact us.
GitHub