Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

Google Maps analysis

Maps is a map/navigation application provided by Google.

Package name:

Version: 9.2.0 (#902013124)

Files of interest:

  • /cache/http/

  • /databases/

    • gmm_myplaces.db

    • gmm_storage.db

The /cache/http folder contains many files, with .0 and .1 file extensions. The .0 files are web requests for the corresponding .1 file. The .1 files are predominantly images and can be viewed by changing their extension appropriately. On our test device, they were either .jpg or .png files. These files were predominantly locations near the user, not necessarily locations the user specifically searched for.


This is the fourth data storage method: misnamed file extensions.

Always verify the header of a file that can't be opened, or use automated tools, such as EnCase, to detect the mismatched header/file extension. A good resource to verify a file's signature is

The gmm_myplaces.db database contains locations saved by...