Contact Interaction Tracking (interactionC.db)

iosCommunicationDevice Extraction

Location

private/var/mobile/Library/CoreDuet/People/interactionC.db

Description

CoreDuet SQLite database that tracks user interactions with contacts across multiple communication channels including Messages, Phone, FaceTime, Mail, and third-party apps. Records interaction type, contact identifier, bundle ID of the app used, timestamp, and interaction direction (incoming/outgoing).

Forensic Value

The interactionC database provides a unified view of all contact interactions across every communication app on the device, capturing patterns that individual app databases may not reveal in isolation. It records interactions with contacts through third-party messaging apps that may not maintain their own accessible message stores. The direction and frequency data enables communication pattern analysis to identify primary contacts and unusual interaction spikes. This artifact persists historical interaction data even after messages or call records are deleted from their respective applications.

Tools Required

iLEAPPAPOLLOCellebrite UFEDDB Browser for SQLite

Acquisition Methods

checkm8 Physical Extraction (A5–A11)

ios — physical

iTunes/Finder Backup Acquisition

ios — logical

AFC (Apple File Conduit) Extraction

ios — logical

checkm8 Filesystem Extraction

ios — logical

iCloud Backup Acquisition

ios — cloud