Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

Gmail analysis

Gmail is an e-mail service provided by Google. A Gmail account is often asked for, though is not required, when the device is being set up for the first time.

Package name:

Version: Default version with Android 5.0.1 (not listed within app)

Files of interest:

  • /cache

  • /databases/

    • mailstore.<username>

    • databases/suggestions.db

  • /shared_prefs/

    • MailAppProvider.xml

    • Gmail.xml

    • UnifiedEmail.xml

The /cache directory within the application folder contains recent files that were attached to e-mails, both sent and received. These attachments are saved here even if they are not explicitly downloaded by the user.

The mailstore.<username> file contains a variety of useful information. Interesting tables within the database include the following:




This contains information about attachments, including their size and file path on the device (the /cache directory mentioned earlier). Each row also...