Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Facebook analysis


Facebook is a social-media application with more than 1 billion downloads from Google Play.

Package name: com.facebook.katana

Version: 25.0.0.19.30

Files of interest:

  • /files/video-cache/

  • /cache/images/

  • /databases/

    • bookmarks_db2

    • contacts_db2

    • nearbytiles_db

    • newsfeed_db

    • notifications_db

    • prefs_db

    • threads_db2

The /files/video-cache directory contains videos from the user's newsfeed, though there does not appear to be a way to correlate them back to the user who posted them.

The /cache/images directory contains images from the user's newsfeed as well as the profile photos of contacts. This directory contains a multitude of other directories (65 on our test phone), and each directory can contain multiple .cnt files. The .cnt files are typically .jpg files or other image formats.

The bookmarks_db2 database is a list of items that appear on the side of the user's newsfeed, such as groups and applications. Many of these bookmarks are automatically generated by Facebook, but...