Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Gmail analysis


Gmail is an e-mail service provided by Google. A Gmail account is often asked for, though is not required, when the device is being set up for the first time.

Package name: com.google.android.gm

Version: Default version with Android 5.0.1 (not listed within app)

Files of interest:

  • /cache

  • /databases/

    • mailstore.<username>@gmail.com.db

    • databases/suggestions.db

  • /shared_prefs/

    • MailAppProvider.xml

    • Gmail.xml

    • UnifiedEmail.xml

The /cache directory within the application folder contains recent files that were attached to e-mails, both sent and received. These attachments are saved here even if they are not explicitly downloaded by the user.

The mailstore.<username>@gmail.com.db file contains a variety of useful information. Interesting tables within the database include the following:

Table

Description

attachments

This contains information about attachments, including their size and file path on the device (the /cache directory mentioned earlier). Each row also...