/Users/myusername/library/Application Support/discord
The cache folder follows the same file structure as the one found in Windows.
 |
| Discord cache folder in OS X |
The following links will explain how to extract the json chat objects and how to convert them to html or xls files using a Python script. Although written originally for objects found in Windows the extraction and conversions steps apply all the same.
Extraction of json objects:
Discord json chats conversion to html or xls.
As background on how I located the correct folder I took the following steps:
- Created a virtual OS X using Virtual Box. Virtual storage was VDMK format.
- Installed the Discord program.
- Logged in to my test account. The chats were synchronized from the ones in Discord servers.
- Turned off the virtual machine. Created a snapshot.
- Tried to process the snapshot with Autopsy. Wouldn't take it.
- Made a clone of the machine in order to consolidate the snapshot and the image into one. Autopsy still wouldn't take it.
- Installed Qemu. Converted the VMDK to RAW using the following command:
quemu-img.exe convert -f vmdk 'J:\my-clone-mac-disk.vmdk' -O raw my-mac-disk.raw - Processed the raw file with Autopsy. In the keyword search section I added some of my test chats content and some other obvious terms like 'discord'.
- Looked at the keyword search results. These lead me to the proper folder location described above.
At the end of the day I not only found what I was looking for but also learned about OS X folder structures and how to manipulate virtual machines. Everything you do is an opportunity to learn and share with others.
