Add SMS read time in the MVT logs

mvt/ios/modules/mixed/sms.py

@@ -43,13 +43,21 @@ class SMS(IOSExtraction):
 
     def serialize(self, record: dict) -> Union[dict, list]:
         text = record["text"].replace("\n", "\\n")
-        return {
-            "timestamp": record["isodate"],
-            "module": self.__class__.__name__,
-            "event": "sms_received",
-            "data": f"{record['service']}: {record['guid']} \"{text}\" "
-            f"from {record['phone_number']} ({record['account']})",
-        }
+        sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
+        return [
+            {
+                "timestamp": record["isodate"],
+                "module": self.__class__.__name__,
+                "event": "sms_received",
+                "data": sms_data,
+            },
+            {
+                "timestamp": record["isodate_read"],
+                "module": self.__class__.__name__,
+                "event": "sms_read",
+                "data": sms_data,
+            },
+        ]
 
     def check_indicators(self) -> None:
         if not self.indicators:
@@ -120,6 +128,7 @@ class SMS(IOSExtraction):
 
             # We convert Mac's ridiculous timestamp format.
             message["isodate"] = convert_mactime_to_iso(message["date"])
+            message["isodate_read"] = convert_mactime_to_iso(message["date_read"])
             message["direction"] = (
                 "sent" if message.get("is_from_me", 0) == 1 else "received"
             )

tests/ios_backup/test_sms.py

@@ -17,7 +17,7 @@ class TestSMSModule:
         m = SMS(target_path=get_ios_backup_folder())
         run_module(m)
         assert len(m.results) == 1
-        assert len(m.timeline) == 1
+        assert len(m.timeline) == 2  # SMS received and read events.
         assert len(m.detected) == 0
 
     def test_detection(self, indicator_file):