Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Google Keep analysis


Keep is a note-taking application provided by Google. It can also be used to set reminders, either at a certain date/time or when the user is at a specified location.

Package name: com.google.android.keep

Version: Default version with Android 5.0.1 (not listed within app)

Files of interest:

  • /databases/keep.db

  • /files/1/image/original

The files/1/image/original directory contains photos taken using the app. Notes and reminders can both be associated with an image.

The keep.db contains all of the information about notes and reminders. There are, once again, several tables of interest:

Table

Description

alert

This contains information about location-based reminders. The reminder_id column can be correlated with entries in the reminder table. The reminder_detail table contains the latitude and longitude set for the reminder. The scheduled_time column is the date/time the reminder was set, in the Linux epoch time.

blob

This contains metadata about images in the /files...