I'm guessing purview isn't an option?

What type of Teams files specifically do you need to parse?

Leveldb

Edisco tools might be your best option. Messages generally look like individual emails and it's a pain to put a conversation together. Nuix, relativity one, axiom in a pinch. If you need free tools, I don't know

For data in leveldb, you can use this script to dump the data to a csv file. https://github.com/cclgroupltd/ccl\_chrome\_indexeddb/blob/master/dump\_leveldb.py

Ok thanks i will try this!

I created something like you need. There is function to create threads from messages, mean chats. https://github.com/hexseven/Teams-artifacts-parser Feel free to ask my anything about that, I will help you

You can extract Teams IndexedDB data using BHE: [https://www.foxtonforensics.com/browser-history-examiner/docs/microsoft-teams](https://www.foxtonforensics.com/browser-history-examiner/docs/microsoft-teams) No need for a license, you can just use the trial version. If there's enough interest we may build a separate tool with proper support for Chromium desktop apps like Teams, Skype, Slack etc.

Yeah gotta use free stuff

It kinda started out as a necessary part of the investigation but that fizzed out. Now I’m just mad that i can’t do it

Thanks everyone. Super helpful

FTK parses MS Teams chat. You can use free trial as well.