// first 10 minutes
intimate partner violence — tech trail — quick-start
IPV tech abuse — first 10 minutes. safety planning before forensics. print this, check boxes, then run the primary tools.
checklist
- call the National DV Hotline first (1-800-799-7233) — they advise on safety planning for evidence collection specific to DV situations.
- confirm the survivor wants to document and understands what will be preserved — consent and safety are prerequisites.
- identify all accounts and devices the abuser has or had access to — shared Apple ID, Google account, phone plan, home network.
- do not change passwords or revoke access yet — abrupt changes can escalate danger; consult an advocate before acting.
- export account activity logs for every shared service: Google account, Apple ID, Find My, bank alerts — before revocation.
- photograph or screenshot the shared account device list — note last-active dates and device names.
- document location sharing settings on every platform — Find My, Google Maps sharing, Life360, Snapchat ghost mode.
- preserve any threatening messages, unusual location pings, or unexpected access alerts as screenshots with visible timestamps.
- inventory physical devices the abuser controls or has left in the home — AirTags, cameras, smart speakers, router admin access.
- begin the primary tool path below — using a device the abuser does not control, on a network outside the shared home.
primary tools
- 01ios location historydrop ios location sqlite databases · zrtvisit zannotation learned poi · apple absolute time · timeline · movement ascii · export csv · runs locally
- 02ios location history deep reconstructordrop ios backup databases · correlate significant locations · routined · coreduet · cache.sqlite · motion data · reconstruct complete movement history from all available ios location sources · runs locally
- 03android gps location history forensic extractordrop Android location databases, GNSS logs, fused location provider artifacts, or app location exports · parse GPS coordinates, timestamps, accuracy, altitude, speed, and provider metadata · reconstruct a chronological movement trail · flag high-confidence GPS fixes and suspicious location gaps · runs locally
- 04android google timeline artifact forensic extractordrop Google Timeline JSON, Takeout location history files, semantic location history exports, or Maps activity artifacts · parse places, visits, activity segments, coordinates, confidence values, and edit metadata · reconstruct Google-derived movement history · runs locally
- 05bluetooth pairing history forensic extractordrop iOS bluetooth plist · android bt_config.conf · logcat · CoD decode · pairing timeline · OUI lookup · runs locally
- 06wifi connection history forensic extractordrop iOS wifi plist · android WifiConfigStore · wpa_supplicant · SSID BSSID history · password artifacts · runs locally
- 07ios significant locations forensic extractordrop routined Cache.sqlite · parse significant places visits · home work inference · visit timeline · runs locally
- 08ios frequent locations artifact analyzerdrop routined cache · location clusters stay-points · commute patterns · anomaly detection · runs locally