James McGee

@[email protected]
24 Followers
18 Following
106 Posts
SELECT
purpose.to_support as "Husband",
purpose.for_caring as "Father",
title.each_day as "Special Agent",
title.the_passion as "Digital Forensic Examiner",
hobby.one_of_many as "SQL Query Fanatic",
hobby.just_for_fun as "Sometimes I make NFTs of my dog"
FROM purpose
LEFT OUTER JOIN purpose ON purpose.rowid = title.rowid
LEFT OUTER JOIN purpose ON purpose.rowid = hobby.rowid
WHERE purpose.for_this is "Just normal things and DFIR"
Bloghttps://www.sqlmcgee.wordpress.com/
LinkedInhttps://www.linkedin.com/in/jamesrmcgee/
Twitterhttps://www.twitter.com/SQL_McGee
James McGeeMar 13
KMLer turns CSV and XLSX files into KML files while adding the investigative context examiners and analysts need. 🕵️ Horizontal accuracy visualized, extended data, processing report, and more!
Read more here: https://tinyurl.com/y8d3je3m 
Get it here: https://tinyurl.com/3fw8vnn8
James McGeeFeb 26

🚀 New Release: HEART by Metadata Forensics Version 1.3! 🚀
We’ve added Local Device Time conversions! Because most Apple Health and Fitness application artifacts are linked to the device recorded the event, the associated time zone is preserved as well. Conversions by activity!

Get it here: https://github.com/MetadataForensics/HEART_by_Metadata_Forensics

GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.

This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics

GitHub
James McGeeFeb 23

Couldn’t start the week better — thank you Christopher Vance for the shout-out in your session, Harping on health data, during the Magnet Virtual Summit 2026!

Your Mobile Unpacked series has helped so many of us, and it’s genuinely humbling to have my Apple Health contributions mentioned alongside it.

If you’re in digital investigations and haven’t joined the Summit yet, you still have time (Feb 23–26). It’s free, eye-opening, and full of practical takeaways:
https://lnkd.in/ew3taAjV

My own corner of Apple Health forensics lives on the Metadata Forensics company blog, The Metadata Perspective:
https://lnkd.in/e6HZCBFq

And HEART by Metadata Forensics (Health Events & Activity Reporting Tool) so the community can quickly turn Apple Health application data into usable reports. 37+ artifacts, clean HTML output, and it works on the extractions you already have.
https://lnkd.in/ehvzCCy5

Looking forward to the rest of the week and continuing the conversation with all of you.
#MVS2026 #DFIRCommunity

James McGeeDec 2
Ever wondered what secrets are in your Apple Contacts? 📱 iQueryContacts 🕵️ is our new advanced SQL query work for the AddressBook.sqlitedb. All the classic data plus some new info including the Chinese lunar birthday! Find out more at https://github.com/MetadataForensics/iQueryContacts
GitHub - MetadataForensics/iQueryContacts: Advanced parser for Apple Contacts (AddressBook.sqlitedb) with phones, emails, addresses, social accounts, birthdays (including Chinese lunar), and group memberships.

Advanced parser for Apple Contacts (AddressBook.sqlitedb) with phones, emails, addresses, social accounts, birthdays (including Chinese lunar), and group memberships. - MetadataForensics/iQueryCont...

GitHub
James McGeeNov 20
James McGeeNov 13
🧩 RowIDetective 🕵️‍♂️ formerly detailed Lagging for the Win: Querying for Negative Evidence in the sms.db. Now detecting missing messages at the end of Apple sms.db. Because every gap tells a story.
🔗 http://github.com/MetadataForensics/RowIDetective
GitHub - MetadataForensics/RowIDetective: An update to our prior work within Lagging for the Win, now reporting all sms.db missing ROWID values up to the message sequence number.

An update to our prior work within Lagging for the Win, now reporting all sms.db missing ROWID values up to the message sequence number. - MetadataForensics/RowIDetective

GitHub
James McGeeOct 22

🚀 New release! HEART by Metadata Forensics (Health Events & Activity Reporting Tool) Version 1.1.0.0!

Now supporting TAR, DAR (some), Advanced Logical (Encrypted) Extractions, iTunes Encrypted Backups.

⬇️ Download: tinyurl.com/v8zesb7h
📖 Article: tinyurl.com/94rx6vk4

James McGeeSep 22, 2025

HEART by Metadata Forensics (Health Events & Activity Reporting Tool)

Free tool to parse Apple Health & Fitness data from FFS Extractions.

🔍 31+ artifacts supported
📊 HTML report + CSV/PDF export

⬇️ Download: https://tinyurl.com/v8zesb7h
📖 Article: https://tinyurl.com/94rx6vk4

GitHub - MetadataForensics/HEART_by_Metadata_Forensics: This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner.

This free tool parses Apple Health and Fitness Application data from Apple iPhone extractions in a forensic manner. - MetadataForensics/HEART_by_Metadata_Forensics

GitHub
James McGeeAug 28, 2025
Thanks to our great DFIR Community and discussion on the matter, I’m happy to announce our Google Location History Takeout Parser, Version 1.4.1. We’ve added Horizontal Accuracy KMLs for Records.JSON data and Parking Events. Get it at https://tinyurl.com/4aua56u4 Google Earth example:
James McGeeMay 15, 2025
🚀 Google Location History Timeline Parser v 1.4 is now available! This release features multithreaded processing, time elapsed tracking, input file size calculation, and location-related files including HTML, CSV, and TXT. Available here:
https://tinyurl.com/4dr3tuv5
GitHub - MetadataForensics/Google-Location-History-Takeout-Parser: This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner.

This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manner. - MetadataForensics/Google-Location-History-Takeout-Parser

GitHub