Colleagues,
I am investigating Slack (
1) Location of Slack's chat messages (direct messages) on an iPhone 6S (iOS 9.3.5)?????
I installed Slack to my iPhone, sent and received several "direct messages" so that I could later search for them.
Cellebrite PA v. 5.2.5.24 does NOT identify Slack direct messages at all.
I found Slack related files in the "Applications\com.tinyspeck.chatlyio" folder.
I did not find any SQLite database files related to Slack or Chatlyio.
It appears Slack is using this Tinyspeck.chatlyio application to create "direct messages".
2) VOIP Call Logs
Slack allows for VOIP calls, which I performed to later investigate.
I found evidence of the VOIP calls I made in the following folder and file path location
/Applications/com.tinyspeck.chatlyio/Library/Application Support/ARKLogDistributor_DefaultLogStore
I will update this thread as I find out more.
Thanks in advance for any advice.
It looks like Direct Messages are restricted to "compliance plan" paid members of the Slack program. I am also looking into this subject of Slack forensics, it appears to be quite a gap in the community.
Dear Members and Colleagues -
I had done a little research back in 2017 when a Client asked for certain data collection services.
At that time, Slack had a "Discovery API" built into it, which theoretically facilitates the export of various data elements into other applications.
As I recall, they were functionally trying to support large Enterprise Regulatory and Legal Compliance initiatives, where certain data types could be easily migrated to hosted Discovery platforms and other third party solutions.
This may be the way you can discover and retrieve Direct Messages from the Slack environment.
All my best,
John Crawford