Information Technology Reference
In-Depth Information
6 files pulled. 0 files skipped.
70 KB/s (644163 bytes in 8.946s)
Now, open the
contacts2.db
file using SQLite Browser (navigating to
File
|
Open
Database
) and browse through the data present in different tables. The
calls
table
present in the
contacts2.db
file provides information about the call history. The fol-
lowing screenshot highlights the call history along with the
name
,
number
,
duration
,
and
date
.
Extracting SMS/MMS
During the course of investigation, a forensic examiner may be asked to retrieve the text
messages that are sent by and delivered to a particular mobile device. Hence, it is import-
ant to understand where the details are stored and how to access the data. The
mmssms.db
file which is present under the
/data/data/
com.android.providers.telephony/databases
location contains the neces-
sary details. As with call logs, the examiner must ensure that applications capable of mes-
saging are examined for relevant message logs, as follows:
C:\android-sdk-windows\platform-tools>adb.exe pull /data/
data/com.android.providers.telephony C:\temp
pull: building file list...
.. .. ..
-> C:\temp/databases/telephony.db-journal
pull: /data/data/com.android.providers.telephony/databases/
mmssms.db -> C:\temp/databases/mmssms.db
pull: /data/data/com.android.providers.telephony/databases/
telephony.db -> C:\temp/databases/telephony.db