fatcousin
// case type

intimate partner violence — tech trail

for DV advocates: documenting tech-based abuse — shared accounts, tracking, covert recording, social-media impersonation. evidence has to hold up for protective orders.

tools
16
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this case type.

  1. ios location historydrop ios location sqlite databases · zrtvisit zannotation learned poi · apple absolute time · timeline · movement ascii · export csv · runs locally
  2. ios location history deep reconstructordrop ios backup databases · correlate significant locations · routined · coreduet · cache.sqlite · motion data · reconstruct complete movement history from all available ios location sources · runs locally
  3. android gps location history forensic extractordrop Android location databases, GNSS logs, fused location provider artifacts, or app location exports · parse GPS coordinates, timestamps, accuracy, altitude, speed, and provider metadata · reconstruct a chronological movement trail · flag high-confidence GPS fixes and suspicious location gaps · runs locally
  4. android google timeline artifact forensic extractordrop Google Timeline JSON, Takeout location history files, semantic location history exports, or Maps activity artifacts · parse places, visits, activity segments, coordinates, confidence values, and edit metadata · reconstruct Google-derived movement history · runs locally
  5. bluetooth pairing history forensic extractordrop iOS bluetooth plist · android bt_config.conf · logcat · CoD decode · pairing timeline · OUI lookup · runs locally
  6. wifi connection history forensic extractordrop iOS wifi plist · android WifiConfigStore · wpa_supplicant · SSID BSSID history · password artifacts · runs locally
  7. ios significant locations forensic extractordrop routined Cache.sqlite · parse significant places visits · home work inference · visit timeline · runs locally
  8. ios frequent locations artifact analyzerdrop routined cache · location clusters stay-points · commute patterns · anomaly detection · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. ios imessage deletion artifact detectordrop ios sms.db · rowid gaps · join orphans · deleted_messages tombstones · ck_sync_state=2 · two-db guid compare · bulk deletion · runs locally
  2. ios imessage edited message forensic reconstructordrop ios sms.db · detect imessage edit artifacts · edit chain reconstruction · word diff between versions · two-db text delta · runs locally
  3. iOS WhatsApp deleted message recovery detectordrop iOS WhatsApp ChatStorage.sqlite (one or two versions) · detect soft-deleted placeholders and hard-deleted ROWID gaps · surface media residue from deleted messages · detect bulk deletion patterns before acquisition · runs locally
  4. android whatsapp deleted message recovery artifact detectordrop an Android WhatsApp msgstore.db (one or two versions) · detect deleted message artifacts via ROWID gaps, revoked message placeholders, and WAL recovery · surface media residue from deleted messages · detect bulk deletion patterns before acquisition · runs locally
  5. mobile conversation deletion pattern detectordrop iOS sms.db, WhatsApp ChatStorage.sqlite, Signal signal.sqlite, or Android mmssms.db with optional comparison versions · detect patterns of conversation deletion across all messaging platforms · surface contact-specific deletion, temporal deletion windows, and pre-acquisition cleanup · distinguish normal message management from targeted evidence destruction · runs locally
  6. smart lock access forensic analyzeraugust/schlage csv · code slot NAMES · unlock→lock sessions · late-night anomalies · attributable keypad access · csv/json export · runs locally
  7. ring camera artifact forensic extractordrop ring exported json csv or zip timelines · ding motion alarm ingest classification · utc hour occupancy heuristic · csv json export · runs locally
  8. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
// case-kit pipeline

run as a stack

skip the click-through. these presets are curated forensic pipelines you can save as a stack with one click and run on your evidence locally.

  • IPV — protective-order evidence package

    5 steps

    drop location + messaging artifact bundles → integrity hashes → correlate shared identifiers → unified timeline → protective-order-ready report

    1. 01evidence-manifest-generatorhash everything before any analysis — survivable for chain-of-custody challenges in family court
    2. 02multi-artifact-correlatorfind shared identifiers (numbers, addresses, device IDs) across the location + messaging bundles
    3. 03forensic-timeline-builderstitch every timestamped event into a single timeline — the most persuasive exhibit at a hearing
    4. 04ioc-extractorpull contact identifiers + URLs from any text exports for the appendix
    5. 05case-report-generatoradvocate-grade narrative + appendix; safe to share with the protective-order attorney
// pattern-matched

related tools

tools that the manifest-classifier flagged as plausibly useful here but that aren't in the hand-curated lists above. less editorial weight — scan, don't work top-down.

+ 42 more in this pattern match. browse the full forensics catalog via the forensics category.

ready