Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Kik analysis


Kik is a messaging app with over 50,000,000 downloads from the Play Store.

Package name: kik.android

Version: 7.9.0

Files of interest:

  • /cache/

    • chatPicsBig/

    • contentpics/

    • profPics/

  • /files/staging/thumbs

  • /shared_prefs/KikPreferences.xml

  • /sdcard/Kik/

  • /databases/kikDatabase.db

The chatPicsBig and contentpics directories in /cache contain images that were sent and received with the application. The files in contentpics contain what appears to be Kik metadata embedded before the image. The .jpg has to be carved out of these files. In our testing, all of the files in contentpics were also stored in chatPicsBig, though this may change with more extensive app usage. The user's profile picture is found in the /profPics directory.

Note

Data storage method 8 is using basic steganography, which means, a file is stored within a larger file.

The /files/staging/thumbs directory contains thumbnails of images sent and received with the application. Our testing found the same images in this location...