Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

User dictionary analysis

The user dictionary is an incredible source of data for an examiner. While it is not necessarily a standalone application, its data is stored in /data/data directory as if it were. The user dictionary is populated any time the user types a word that isn't recognized and chooses to save the word to avoid it being flagged by autocorrect. Interestingly, our test device contained dozens of words that we never typed or saved on the device. This data appears to sync with a user's Google account and persists across multiple devices. Words synced from the account were added in alphabetical order at the top of the database, while words added manually afterwards were populated in the order they were added at the bottom.

Package name:

Version: Default version with Android 5.0.1 (not listed within app)

Files of interest:

  • /databases/user_dict.db

The table in the user dictionary is described as follows:




The word column...