Phone or FaceTime calls placed, missed, and received by the user are logged in the call history along with other metadata, such as call duration, and date and time. The call history database can be found at /HomeDomain/Library/CallHistoryDB/CallHistory.storedata. The CallHistory.storedata file was introduced with iOS 8 and is currently in use at the time of writing (iOS 13.2).

The ZCALLRECORD table in the CallHistory.storedata database contains the call history. It's important to note that only a limited number of calls may be stored in the active database. Just because the database removes the oldest record when space is needed does not mean this data is deleted. It's simply in the free pages of the SQLite database file, and it can be recovered using forensic tools or manually. The most important columns in the ZCALLRECORD table are the following:

• ZDATE: This column contains the timestamps of calls in Mac absolute time format.
• ZDURATION: This column contains the duration of calls.
• ZLOCATION: This column contains the locations of phone numbers.
• ZADDRESS: This column contains the phone numbers.
• ZSERVICE_PROVIDER: This column contains the service providers—for example, Phone, WhatsApp, Telegram, and so on.

You can run the following queries in DB4S to parse the call history. Afterward, you can export it into a .csv file, as shown in the following screenshot:

This time, the query is quite simple as all columns of interest are in the same table. Notice we used datetime to convert Mac absolute timestamps to human-readable dates.