Information Technology Reference
In-Depth Information
The fb.db file in SQLite browser
Similarly, by analyzing the data present in the
/data/data
folder, information about
geo location, calendar events, user notes, and more can be grabbed.
Using content providers
In Android, the data of one application cannot be accessed by another application under
normal circumstances. However, Android provides a mechanism through which data can
be shared with other applications. This is precisely achieved through the use of content
providers. Content providers present data to external applications in the form of one or
more tables. These tables are no different from the tables found in a relational database.
They can be used by the applications to share data usually through the
URI
addressing
scheme. They are used by other applications that access the provider using a provider-cli-
ent object. During the installation of an app, the user determines whether or not the app
can gain access to the requested data (content providers). For instance, contacts, SMS/
MMS, calendar, and so on, are examples of content providers.
Hence, by taking advantage of this, we can create an app that can grab all the information
from all the available content providers. This is precisely how most of the commercial
forensic tools work. The advantage of this method is it can be used on both rooted and
non-rooted devices. For our example, we are using
AFLogical
, which takes advantage of
the content-provider mechanism to gain access to the information. This tool extracts the
data and saves it to an SD card in CSV format. The following steps extract the informa-
tion from an Android device using AFLogical Open Source Edition 1.5.2:
