Update on Discord forensic artifacts for iOS & Windows

Thanks to @TheKateCain for the following artifacts we can find on Discord for iOS. All the artifacts are located within the application folder for the app. For details on how to identify and extract the application folder see here: https://abrignoni.blogspot.com/2018/08/finding-discord-chats-in-ios.html

Email address used to download the app to the device can be found here:

RCTAsyncLocalStorage_V1/manifest.json

The userid and email can be found here in an iOS device: /private/var/mobile/Containers/Data/Application/*UUID*/Documents/mmkv/mmkv.default 

Search for user_id_cache and email_cache. 

In Windows they can be found here: 

USER/appdata/roaming/discord/Local Storage/leveldb/000003.log 

Search for user_id_cache and email_cache It's only the user id, and not the username. Search the messages in the cache.db (iOS) or 50.json (Windows) to match up the userid with the username.

Thank you so much TheKateCain. Super useful information!