Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Google Maps analysis


Maps is a map/navigation application provided by Google.

Package name: com.google.android.apps.maps

Version: 9.2.0 (#902013124)

Files of interest:

  • /cache/http/

  • /databases/

    • gmm_myplaces.db

    • gmm_storage.db

The /cache/http folder contains many files, with .0 and .1 file extensions. The .0 files are web requests for the corresponding .1 file. The .1 files are predominantly images and can be viewed by changing their extension appropriately. On our test device, they were either .jpg or .png files. These files were predominantly locations near the user, not necessarily locations the user specifically searched for.

Note

This is the fourth data storage method: misnamed file extensions.

Always verify the header of a file that can't be opened, or use automated tools, such as EnCase, to detect the mismatched header/file extension. A good resource to verify a file's signature is http://www.garykessler.net/library/file_sigs.html.

The gmm_myplaces.db database contains locations saved by...