abrignoni · ScottKjr3347 · May 28, 2026 · May 28, 2026 · May 28, 2026
diff --git a/scripts/artifacts/Ph1BasicAssetData.py → scripts/artifacts/Ph001BasicAssetData.py b/scripts/artifacts/Ph1BasicAssetData.py → scripts/artifacts/Ph001BasicAssetData.py
@@ -1,45 +1,48 @@
 __artifacts_v2__ = {
-    'Ph1_1AssetBasicDataPhDaPsql': {
-        'name': 'Ph1.1-Asset Basic Data-PhDaPsql',
+    'Ph001_1AssetBasicDataPhDaPsql': {
+        'name': 'Ph001.1-Asset Basic Data-PhDaPsql',
         'description': 'Parses basic asset row data from PhotoData-Photos.sqlite.'
-        ' The results will contain one row per ZASSET table Z_PK value and supports iOS 11-18.',
+        ' The results will contain one row per ZASSET table Z_PK value and supports iOS.'
+        ' https://theforensicscooter.com/2024/05/18/ileapp-parsers-photos-sqlite-queries/',
         'author': 'Scott Koenig',
-        'version': '5.0',
-        'date': '2025-01-04',
+        'version': '6.0',
+        'date': '2026-05-26',
         'requirements': 'Acquisition that contains PhotoData-Photos.sqlite',
-        'category': 'Photos.sqlite-A-Asset_Basic_Data',
+        'category': 'Photos.sqlite-Assets-BasicData-PhotoData-Psql',
         'notes': '',
         'paths': ('*/PhotoData/Photos.sqlite*',),
         "output_types": ["standard", "tsv", "none"],
         "artifact_icon": "image"
     },
-    'Ph1_2AssetBasicDataSyndPL': {
-        'name': 'Ph1.2-Asset Basic Data-SyndPL',
+    'Ph001_2AssetBasicDataSyndPL': {
+        'name': 'Ph001.2-Asset Basic Data-SyndPL',
         'description': 'Parses basic asset row data from Syndication.photoslibrary-database-Photos.sqlite.'
-        ' The results will contain one row per ZASSET table Z_PK value and supports iOS 11-18.',
+        ' The results will contain one row per ZASSET table Z_PK value and supports iOS.'
+        ' https://theforensicscooter.com/2024/05/18/ileapp-parsers-photos-sqlite-queries/',
         'author': 'Scott Koenig',
-        'version': '5.0',
-        'date': '2025-01-04',
+        'version': '6.0',
+        'date': '2026-05-26',
         'requirements': 'Acquisition that contains Syndication Photo Library Photos.sqlite',
-        'category': 'Photos.sqlite-S-Syndication_PL_Artifacts',
+        'category': 'Photos.sqlite-Assets-BasicData-SyndicationPL-Psql',
         'notes': '',
         'paths': ('*/mobile/Library/Photos/Libraries/Syndication.photoslibrary/database/Photos.sqlite*',),
         "output_types": ["standard", "tsv", "none"],
         "artifact_icon": "image"
     },
-    'Ph1_3AssetBasicDataGenPlayPsql': {
-        'name': 'Ph1.3-Asset Basic Data-GenPlayPsql',
+    'Ph001_3AssetBasicDataGenPlayPsql': {
+        'name': 'Ph001.3-Asset Basic Data-GenPlayPsql',
         'description': 'Parses basic asset row data from GenPlay-database-Photos.sqlite.'
-        ' The results will contain one row per ZASSET table Z_PK value and supports iOS 18.',
+        ' The results will contain one row per ZASSET table Z_PK value and supports iOS.'
+        ' https://theforensicscooter.com/2024/05/18/ileapp-parsers-photos-sqlite-queries/',
         'author': 'Scott Koenig',
-        'version': '1.0',
-        'date': '2025-02-05',
+        'version': '2.0',
+        'date': '2026-05-26',
         'requirements': 'Acquisition that contains Library GenPlay Photos.sqlite',
-        'category': 'Photos.sqlite-P-GenerativePlayground_PL_Artifacts',
+        'category': 'Photos.sqlite-Assets-BasicData-GenPlaygrndPL-Psql',
         'notes': '',
         'paths': ('*/mobile/Library/Photos/Libraries/Application/com.apple.GenerativePlayground/00000000-0000-0000-0000-000000000001.photoslibrary/database/Photos.sqlite*',),
         "output_types": ["standard", "tsv", "none"],
-        "artifact_icon": "play"
+        "artifact_icon": "image"
     }	
 }
 
@@ -48,7 +51,7 @@
 from scripts.ilapfuncs import artifact_processor, get_file_path, open_sqlite_db_readonly, get_sqlite_db_records, logfunc, iOS
 
 @artifact_processor
-def Ph1_1AssetBasicDataPhDaPsql(files_found, report_folder, seeker, wrap_text, timezone_offset):
+def Ph001_1AssetBasicDataPhDaPsql(files_found, report_folder, seeker, wrap_text, timezone_offset):
     for source_path in files_found:
         source_path = str(source_path)
 
@@ -58,7 +61,7 @@ def Ph1_1AssetBasicDataPhDaPsql(files_found, report_folder, seeker, wrap_text, t
     if report_folder.endswith('/') or report_folder.endswith('\\'):
         report_folder = report_folder[:-1]
     iosversion = iOS.get_version()
-    if version.parse(iosversion) <= version.parse("10.3.4"):
+    if (version.parse(iosversion) <= version.parse("10.3.4")) or (version.parse(iosversion) >= version.parse("27")):
         logfunc("Unsupported version for PhotoData-Photos.sqlite iOS " + iosversion)
         return (), [], source_path
     if (version.parse(iosversion) >= version.parse("11")) & (version.parse(iosversion) < version.parse("14")):
@@ -462,7 +465,7 @@ def Ph1_1AssetBasicDataPhDaPsql(files_found, report_folder, seeker, wrap_text, t
 
         return data_headers, data_list, source_path
 
-    elif version.parse(iosversion) >= version.parse("18"):
+    elif (version.parse(iosversion) >= version.parse("18")) & (version.parse(iosversion) < version.parse("27")):
         source_path = get_file_path(files_found,"Photos.sqlite")
         if source_path is None or not os.path.exists(source_path):
             logfunc(f"Photos.sqlite not found for iOS version {iosversion}")
@@ -592,7 +595,7 @@ def Ph1_1AssetBasicDataPhDaPsql(files_found, report_folder, seeker, wrap_text, t
         return data_headers, data_list, source_path
 
 @artifact_processor
-def Ph1_2AssetBasicDataSyndPL(files_found, report_folder, seeker, wrap_text, timezone_offset):
+def Ph001_2AssetBasicDataSyndPL(files_found, report_folder, seeker, wrap_text, timezone_offset):
     for source_path in files_found:
         source_path = str(source_path)
 
@@ -602,7 +605,7 @@ def Ph1_2AssetBasicDataSyndPL(files_found, report_folder, seeker, wrap_text, tim
     if report_folder.endswith('/') or report_folder.endswith('\\'):
         report_folder = report_folder[:-1]
     iosversion = iOS.get_version()
-    if version.parse(iosversion) <= version.parse("10.3.4"):
+    if (version.parse(iosversion) <= version.parse("10.3.4")) or (version.parse(iosversion) >= version.parse("27")):
         logfunc("Unsupported version for Syndication.photoslibrary iOS " + iosversion)
         return (), [], source_path
     if (version.parse(iosversion) >= version.parse("11")) & (version.parse(iosversion) < version.parse("14")):
@@ -1007,7 +1010,7 @@ def Ph1_2AssetBasicDataSyndPL(files_found, report_folder, seeker, wrap_text, tim
 
         return data_headers, data_list, source_path
 
-    elif version.parse(iosversion) >= version.parse("18"):
+    elif (version.parse(iosversion) >= version.parse("18")) & (version.parse(iosversion) < version.parse("27")):
         source_path = get_file_path(files_found,"Photos.sqlite")
         if source_path is None or not os.path.exists(source_path):
             logfunc(f"Photos.sqlite not found for iOS version {iosversion}")
@@ -1136,7 +1139,7 @@ def Ph1_2AssetBasicDataSyndPL(files_found, report_folder, seeker, wrap_text, tim
         return data_headers, data_list, source_path
 
 @artifact_processor
-def Ph1_3AssetBasicDataGenPlayPsql(files_found, report_folder, seeker, wrap_text, timezone_offset):
+def Ph001_3AssetBasicDataGenPlayPsql(files_found, report_folder, seeker, wrap_text, timezone_offset):
     for source_path in files_found:
         source_path = str(source_path)
 
@@ -1146,10 +1149,10 @@ def Ph1_3AssetBasicDataGenPlayPsql(files_found, report_folder, seeker, wrap_text
     if report_folder.endswith('/') or report_folder.endswith('\\'):
         report_folder = report_folder[:-1]
     iosversion = iOS.get_version()
-    if version.parse(iosversion) <= version.parse("10.3.4"):
+    if (version.parse(iosversion) <= version.parse("10.3.4")) or (version.parse(iosversion) >= version.parse("27")):
         logfunc("Unsupported version for GenPlay-Photos.sqlite iOS " + iosversion)
         return (), [], source_path
-    if version.parse(iosversion) >= version.parse("18"):
+    if (version.parse(iosversion) >= version.parse("18")) & (version.parse(iosversion) < version.parse("27")):
         source_path = get_file_path(files_found,"Photos.sqlite")
         if source_path is None or not os.path.exists(source_path):
             logfunc(f"Photos.sqlite not found for iOS version {iosversion}")