Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Forensics.im is a forensic plugin for Autopsy, positioned on its website as a Microsoft Teams Parser for Autopsy. It is designed to parse levelDB data from modern Electron-based instant messaging applications, with a particular focus on Microsoft Teams data recovery and evidence analysis. Compared with default approaches such as simple string searches, it emphasizes the ability to handle data in Teams datastores that is difficult to parse using traditional methods, especially binary ldb files.
In terms of functionality, it can recover Microsoft Teams personal messages and posts, phone call records, media file links and hyperlinks, phone contacts, meetings/appointments, and reactions to messages and posts. The plugin identifies separate entities such as messages and contacts, and presents the results in Autopsy’s blackboard view. For reporting and analysis, it mainly uses default Autopsy artefacts, so users can continue to take advantage of advanced visualization tools in the Autopsy ecosystem, such as the Communications Visualization Editor, for relationship and communications analysis.
The page links to the GitHub repository lxndrblz/forensicsim, but it does not clearly state the license, whether it is fully open source, release versions, or maintenance policy. Self-hosting options, API/SDK availability, programming language, and framework details are also not disclosed. In terms of documentation quality, the homepage explains what problem it solves and which artefacts it can recover, but it lacks installation steps, Autopsy version compatibility, test samples, limitations, and troubleshooting information. Before practical deployment, users will need to further inspect the repository or contact the author.
The crawled page does not provide any pricing, payment methods, or commercial support information, so procurement cost cannot be assessed. It is best suited for digital forensics practitioners, incident response teams, law enforcement or compliance investigators, and security teams already using Autopsy. If the investigation target is mainly Microsoft Teams, this tool is highly focused; if broad coverage of many IM apps, mobile applications, or enterprise-grade reporting workflows is required, it may still need to be used alongside other forensic suites.
Its strengths are its clear focus, its ability to supplement default string searching and conventional parsing for Teams levelDB data, and its integration into the Autopsy analysis workflow. Its drawbacks are the limited public information and the lack of transparency around supported scope, licensing, pricing, and service support. The source text does not allow us to determine access conditions from China. If obtaining the module from GitHub is affected by network conditions, users in mainland China may need to prepare mirrors, proxies, or consider Autopsy’s default capabilities and other forensic plugins as alternatives.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on forensics.im official site.
forensics.im is an Unknown Dev Tools provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach forensics.im directly.