Information Technology Reference
In-Depth Information
Extracting call logs
Accessing the call logs of a phone is often required during the investigation to confirm
certain events. The information about call logs is stored in the
contacts2.db
file loc-
ated at
/data/data/com.android.providers.contacts/databases/
. As
mentioned earlier, you can use SQLite Browser to see the data present in this file after ex-
tracting it to a local folder on the forensic workstation. As shown in the following screen-
shot, by using the adb pull command, the necessary
.db
files can be extracted to a folder
on the forensic workstation, as shown in the following screenshot:
The contacts2.db file copied to a local folder
Note that applications used to make calls can store call log details in the respective applic-
ation folder. All communication applications must be examined for call log details, as fol-
lows:
C:\android-sdk-windows\platform-tools>adb.exe pull /data/
data/com.android.providers.contacts C:\temp
pull: building file list...
.. .. .. ..
pull: /data/data/com.android.providers.contacts/databases/
contacts2.db -> C:\temp/databases/contacts2.db
pull: /data/data/com.android.providers.contacts/databases/
profile.db -> C:\temp/databases/profile.db
pull: /data/data/com.android.providers.contacts/databases/
profile.db-journal ->C:\temp/databases/profile.db-journal
