https://github.com/RealityNet/Android-Forensics-References
https://github.com/RealityNet/Android-Forensics-References
Last synced: 19 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/RealityNet/Android-Forensics-References
- Owner: RealityNet
- Created: 2022-09-06T04:33:58.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-04-19T05:43:41.000Z (about 2 years ago)
- Last Synced: 2024-08-01T23:31:02.925Z (9 months ago)
- Size: 91.8 KB
- Stars: 274
- Watchers: 17
- Forks: 30
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- Crypto-OpSec-SelfGuard-RoadMap - Android Forensics References
- Crypto-OpSec-SelfGuard-RoadMap - Android Forensics References
README
# Android Forensics References
Last update: September 6th 2022
USERDATA Partition
"/log" folder
- /log/wifi/iwc/iwc_dump.txt
- /log/netstats
- /log/batterystats
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Artefacts of Android device power off due to depleted battery
https://instatronic.com/artefacts-of-android-device-power-off-due-to-depleted-battery
- /log/recovery
- /log/sdp_log
- /log/thermal_log
- /log/power_off_reset_reason.txt
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Artefacts of Android device power off due to depleted battery
https://instatronic.com/artefacts-of-android-device-power-off-due-to-depleted-battery
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/powerOffReset.py
"/misc" and "/misc_de" folder
- /misc/adb/adb_keys
- /misc/bluedroiddump/mainBuffer.log
- /misc/bluedroiddump/subBuffer.log
- /misc/bluedroid/bt_config.conf
-
How Android Bluetooth Connections Can Determine If The Hands of a Driver Were On The Wheel During An Accident
https://cellebrite.com/en/how-android-bluetooth-connections-can-determine-if-the-hands-of-a-driver-were-on-the-wheel-during-an-accident/
https://dfir.pubpub.org/pub/6ysxvhvc/release/1
-
Android Bluetooth Connection Configuration
https://www.stark4n6.com/2021/06/android-bluetooth-connection.html
-
Collaborative Testing Services - Mobile Digital Evidence - 2015
https://cts-forensics.com/reports/35550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Cellebrite CTF 2021 Writeup
https://medium.com/@williamskosasi/cellebrite-ctf-2021-writeup-b73d821a708
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Cellebrite CTF 2022 - Heisenberg's Android
https://www.stark4n6.com/2022/06/cellebrite-ctf-2022-heisenbergs-android.html
-
aLEAPP plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/bluetoothConnections.py
- /misc/bootstat/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/last_boot_time.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/factory_reset.py
- /misc/wifi/qtables.json
-
/misc/wifi/wpa_supplicant.conf
/misc/wifi/WifiConfigStore.xml
/misc/apexdata/com.android.wifi/WifiConfigStore.xml
-
Collaborative Testing Services - Mobile Digital Evidence - 2015
https://cts-forensics.com/reports/35550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Cellebrite Fall 2020 CTF - Part 1 - Tony Mederos
https://starwarsfan2099.github.io/2020/11/02/cellebirte-ctf-tony.html
-
Clockin’ In with Google’s Wear OS
https://thebinaryhick.blog/2021/01/13/clockin-in-with-googles-wear-os/
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/wifiConfigstore.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/wifiProfiles.py
-
/misc/wifi/softap.conf
/misc/apexdata/com.android.wifi/WifiConfigStoreSoftAp.xml
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/wifiHotspot.py
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Let's solve challenges - Cellebrite 2022 CTF Writeup
https://www.dfirblog.com/cellebrite-2022-ctf-writeup/
-
Cellebrite CTF 2022 - Heisenberg's Android
https://www.stark4n6.com/2022/06/cellebrite-ctf-2022-heisenbergs-android.html
https://www.dfirblog.com/cellebrite-2022-ctf-writeup/
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /misc_de/0/apexdata/com.android.permission/runtime-permissions.xml
-
Android’s “Dangerous” Permissions
https://thebinaryhick.blog/2021/01/26/androids-dangerous-permissions/
-
Examining A Malware-Infected Android Phone. This Android Is Not Alright.
https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/runtimePerms.py
- /misc_de/0/apexdata/com.android.permission/roles.xml
-
Android - Roles and Permissions (Android 10/11)
https://blog.d204n6.com/2021/01/android-roles-and-permissions-android.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/roles.py
"/property" folder
- /property/persistent_properties
"/system", "/system_ce" and "/system_de" folders
- /system/appops/
-
Snooping on Android 12’s Privacy Dashboard
https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/discreteNative.py
- /system/batteryusagestats/
- /system/job/jobs.xml
- /system/netstats/
-
Burn After Reading: Expunging Execution Footprints of Android Apps
https://lijuanru.com/publications/nss18.pdf
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
- /system/procstats/
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
- /system/sync/accounts.xml
-
Who is the owner of the mobile device?
https://www.digitalforensics.com/blog/articles/who-is-the-owner-of-the-mobile-device/
-
Clockin’ In with Google’s Wear OS
https://thebinaryhick.blog/2021/01/13/clockin-in-with-googles-wear-os/
-
Super Sunday Funday Forensic Challenge - Update 4
https://www.hecfblog.com/2014/09/super-sunday-funday-forensic-challenge_15.html
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /system/shutdown-checkpoints/
-
Shutdown Checkpoints in Android 12
https://www.stark4n6.com/2022/01/shutdown-checkpoints-in-android-12.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/shutdown_checkpoints.py
- /system/users/0.xml
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Forensic analysis of IoT ecosystem
https://hal.archives-ouvertes.fr/hal-03369836/document
- /system/users/0/app_idle_stats.xml
- /system/users/0/settings_global.xml
- /system/users/0/settings_secure.xml
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Examining A Malware-Infected Android Phone. This Android Is Not Alright.
https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/settingsSecure.py
- /system/users/0/settings_ssaid.xml
-
Forensic analysis of instant messengers: Decrypt Signal, Wickr, and Threema
https://www.sciencedirect.com/science/article/pii/S2666281722000166
- /system/users/0/settings_system.xml
-
Android - Roles and Permissions (Android 10/11)
https://blog.d204n6.com/2021/01/android-roles-and-permissions-android.html
- /system/appops.xml
-
Snooping on Android 12’s Privacy Dashboard
https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/
-
Wipeout! Detecting Android Factory Resets
https://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/appopSetupWiz.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/appops.py
-
Digital Forensic Practices and Methodologies for AI Speaker Ecosystems
https://www.sciencedirect.com/science/article/pii/S1742287619301628
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
- /system/batterystats.bin
-
Video Aficionado: We Know What You Are Watching
https://par.nsf.gov/servlets/purl/10215810
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
- /system/batterystats-checkin.bin
- /system/batterystats-daily.xml
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
- /system/deviceidle.xml
- /system/locksettings.db
- /system/netpolicy.xml
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Cellebrite CTF 2021 Writeup
https://medium.com/@williamskosasi/cellebrite-ctf-2021-writeup-b73d821a708
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
- /system/notification_policy.xml
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
- /system/PkgPredictions.db
- /system/SemWifiApContentProvider
-
Part 2: CTF 2022 Write Up – Heisenberg’s Android
https://cellebrite.com/en/part-2-ctf-2022-write-up-heisenbergs-android/
- /system/SimCard.dat
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /system/WifiConfigStore.db
- /system/WifiHistory.db
- /system/wifigeofence.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
- /system/packages.xml
-
Android - Roles and Permissions (Android 10/11)
https://blog.d204n6.com/2021/01/android-roles-and-permissions-android.html
-
Mobile Forensics: Discovering the Undiscovered
https://www.magnetforensics.com/blog/mobile-forensics-discovering-the-undiscovered/
-
Some artifacts in the /data/system/ directory
http://freeandroidforensics.blogspot.com/2014/11/some-artifacts-in-datasystem-directory.html
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/packageInfo.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/permissions.py
- /system/packages.list
-
Android - Roles and Permissions (Android 10/11)
https://blog.d204n6.com/2021/01/android-roles-and-permissions-android.html
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/packageGplinks.py
- /system_ce/0/accounts_ce.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Android - Tracking Device Migration
https://blog.d204n6.com/2021/06/android-tracking-device-migration.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/accounts_ce.py
- /system_ce/recent_images/
-
Mobile Forensics: Discovering the Undiscovered
https://www.magnetforensics.com/blog/mobile-forensics-discovering-the-undiscovered/
-
Android Recent Tasks XML Parser
https://abrignoni.blogspot.com/2019/02/android-recent-tasks-xml-parser.html
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
-
Digital Forensic Practices and Methodologies for AI Speaker Ecosystems
https://www.sciencedirect.com/science/article/pii/S1742287619301628
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/recentactivity.py
- /system_ce/recent_tasks/
-
Mobile Forensics: Discovering the Undiscovered
https://www.magnetforensics.com/blog/mobile-forensics-discovering-the-undiscovered/
-
Android Recent Tasks XML Parser
https://abrignoni.blogspot.com/2019/02/android-recent-tasks-xml-parser.html
-
Digital Forensic Practices and Methodologies for AI Speaker Ecosystems
https://www.sciencedirect.com/science/article/pii/S1742287619301628
-
Corroboration. That Is All.
https://thebinaryhick.blog/2021/06/17/corroboration-that-is-all/
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/recentactivity.py
-
Write-up Magnet Weekly CTF
https://www.cloud-response.com/2020/10/write-up-magnet-weekly-ctf.html
- /system_ce/shortcuts/
- /system_ce/snapshots/
- /system_ce/usagestats/
-
Android Usagestats XML Parser
https://abrignoni.blogspot.com/2019/02/android-usagestats-xml-parser.html
-
Identifying the Android Operating System Version thru UsageStats
https://www.sans.org/white-papers/40265/
-
Usagestats on Android 10 (Q)
http://www.swiftforensics.com/2020/01/usagestats-on-android-10-q.html
-
Mobile Forensics: Discovering the Undiscovered
https://www.magnetforensics.com/blog/mobile-forensics-discovering-the-undiscovered/
-
Some artifacts in the /data/system/ directory
http://freeandroidforensics.blogspot.com/2014/11/some-artifacts-in-datasystem-directory.html
-
Android Dumpsys Analysis to Indicate Driver Distraction
https://ccdcoe.org/uploads/2021/03/Android-Dumpsys-Analysis-to-Indicate-Driver-Distraction.pdf
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
-
Tracking traces of deleted applications
https://www.youtube.com/watch?v=4LcQm4ErXpA
https://docplayer.net/148670626-Tracking-traces-of-deleted-applications-christopher-vance-alexis-brignoni.html
-
Android version without the build.props file
https://abrignoni.blogspot.com/2021/04/android-version-without-buildprops-file.html
-
Android Internals
http://newandroidbook.com/Book/2-Excerpt-Data.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/usagestats.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/usagestatsVersion.py
- /system_de/0/accounts_de.db
-
Android - Tracking Device Migration
https://blog.d204n6.com/2021/06/android-tracking-device-migration.html
-
Clockin’ In with Google’s Wear OS
https://thebinaryhick.blog/2021/01/13/clockin-in-with-googles-wear-os/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/accounts_de.py
"/user_de" folder
- /user_de/0/com.android.bluetooth/bonddevice.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
- /user_de/0/com.android.providers.telephony/databases/telephony.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Cellebrite CTF 2021 - Heisenberg's Android
https://www.stark4n6.com/2021/10/cellebrite-ctf-2021-heisenbergs-android.html
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Cellebrite CTF 2021 Writeup
https://medium.com/@williamskosasi/cellebrite-ctf-2021-writeup-b73d821a708
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
-
Android Mobile Artifacts: A Treasure Trove of Digital Evidence in Crime Investigation
https://www.irjet.net/archives/V8/i8/IRJET-V8I885.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /user_de/0/com.android.settings/databases/applist.db
- /user_de/0/com.samsung.accessibility/shared_prefs/accessibility_prefs.xml
- /user_de/0/com.sec.imsservice/shared_prefs/capdiscovery_0.xml
"/data" folder
Digital Wellbeing (com.google.android.apps.wellbeing)
- /data/com.google.android.apps.wellbeing/databases/app_usage
-
Walking the Android (time)line. Using Android’s Digital Wellbeing to timeline Android activity.
https://thebinaryhick.blog/2020/02/22/walking-the-android-timeline-using-androids-digital-wellbeing-to-timeline-android-activity/
Google Docs (com.google.android.apps.docs)
- /data/com.google.android.apps.docs/databases/DocList.db
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/DocList.py
-
Google Docs - Cello & DocList DBs
https://www.stark4n6.com/2020/12/google-docs-cello-doclist-dbs.html
-
Digital Forensic Investigation of Cloud Storage Services
https://arxiv.org/ftp/arxiv/papers/1709/1709.10395.pdf
-
Android Cloud Forensics - Final Findings
http://obrienforensics.blogspot.com/2014/04/final-findings.html
-
Digital Evidence Identification on Google Drive in Android Device Using NIST Mobile Forensic Method
https://pdfs.semanticscholar.org/b699/e47687819041e2cbf69fa6d6afbd0c6a3fc2.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Proposed Method for Mobile Forensics Investigation Analysis of Remnant Data on Google Drive Client
https://jit.ndhu.edu.tw/article/download/1795/1801
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
Files by Google (com.google.android.apps.nbu.files)
- /data/com.google.android.apps.nbu.files/databases/files_master_database
-
Files By Google: More Mobile Explorer Artifacts
https://www.stark4n6.com/2021/01/files-by-google-more-mobile-explorer.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/FilesByGoogle_FilesMaster.py
- /data/com.google.android.apps.nbu.files/databases/search_history_database
-
Files By Google: More Mobile Explorer Artifacts
https://www.stark4n6.com/2021/01/files-by-google-more-mobile-explorer.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/FilesByGoogle_SearchHistory.py
Device Health Services (com.google.android.apps.turbo)
- /data/com.google.android.apps.turbo/databases/turbo.db
-
Charging Battery with Turbo DB
https://www.stark4n6.com/2020/12/charging-battery-with-turbo-db.html
-
Part 2: CTF 2022 Write Up – Heisenberg’s Android
https://cellebrite.com/en/part-2-ctf-2022-write-up-heisenbergs-android/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/Turbo_Battery.py
- /data/com.google.android.apps.turbo/databases/bluetooth.db
-
Turbo Strikes Again - Tracking Bluetooth Device Battery
https://www.stark4n6.com/2021/06/turbo-strikes-again-tracking-bluetooth.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/Turbo_Battery.py
- /data/com.google.android.apps.turbo/shared_prefs/app_usage_stats.xml
-
Turbo Pt. 3 - Device Health Services Application Usage
https://www.stark4n6.com/2021/06/turbo-application-usage.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/Turbo_AppUsage.py
Settings Services (com.google.android.settings.intelligence)
- /data/com.google.android.settings.intelligence/databases/battery-usage-db-v4
-
Application Battery Usage via Settings Services
https://www.stark4n6.com/2021/12/application-battery-usage-via-settings.html
-
Examining A Malware-Infected Android Phone. This Android Is Not Alright.
https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/battery_usage_v4.py
Google Play Service (com.google.android.gms)
- /data/com.google.android.gms/databases/cast.db
-
An Android Casting (Device) Story: "cast.db"
https://deagler4n6blog.blogspot.com/2021/01/a-casting-story-castdb.html
- /data/com.google.android.gms/databases/constellation.db
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
- /data/com.google.android.gms/databases/gass.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/installedappsGass.py
- /data/com.google.android.gms/databases/gms.notifications.db
- /data/com.google.android.gms/databases/google_account_history.db
- /data/com.google.android.gms/databases/google_app_measurement.db
-
Forensics on Android Applications
https://dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/11306/Kitsaki_mte1618.pdf?isAllowed=y&sequence=1
-
Forensic Analysis of the Bumble Dating App for Android
https://www.mdpi.com/2673-6756/2/1/16/htm
- /data/com.google.android.gms/databases/herrevad
-
HERREVAD Databases Geo Location Artefacts
http://trewmte.blogspot.com/2017/02/herrevad-databases-geo-location.html
-
Update - HERREVAD Databases Geo Location Artefacts
http://trewmte.blogspot.com/2018/07/update-herrevad-databases-geo-location.html
-
Update2 - HERREVAD Databases Geo Location Artefacts
http://trewmte.blogspot.com/2019/05/update2-herrevad-databases-geo-location.html
-
Update3 - HERREVAD Databases Geo Location Artefacts
http://trewmte.blogspot.com/2019/12/update3-herrevad-databases-geo-location.html
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
- /data/com.google.android.gms/databases/icing_contacts.db
-
Recovering data from broken screen Android phone - alternative
https://hackcorrelation.blogspot.com/2016/10/recovering-data-from-broken-screen.html
- /data/com.google.android.gms/databases/icing_mmssms.db
-
Cellebrite-icing_mmssms.db-Parser
https://github.com/python-for-mobile-forensics/Cellebrite-icing_mmssms.db-Parser/blob/master/README.md
-
Android Messaging Forensics – SMS/MMS and Beyond
https://www.magnetforensics.com/blog/android-messaging-forensics-sms-mms-and-beyond/
- /data/data/com.google.android.gms/databases/MdpSimBasedDatabase
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
- /data/com.google.android.gms/databases/NetworkUsage.db
-
Providing Context to the Clues: Recovery and Reliability of Location Data from Android Devices
https://stars.library.ucf.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=2353&context=etd
- /data/com.google.android.gms/databases/ns.db
- /data/com.google.android.gms/databases/reminders.db
-
Smart Speakers Forensics
https://core.ac.uk/download/pdf/230544843.pdf
- /data/com.google.android.gms/shared_prefs/batterystats.xml
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
- /data/com.google.android.gms/shared_prefs/adid_settings.xml
- /data/com.google.android.gms/shared_prefs/BackupAccount.xml
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
- /data/com.google.android.gms/shared_prefs/Checkin.xml
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
-
Cellebrite CTF 2021 Writeup
https://medium.com/@williamskosasi/cellebrite-ctf-2021-writeup-b73d821a708
-
Cellebrite CTF 2022 - Heisenberg's Android
https://www.stark4n6.com/2022/06/cellebrite-ctf-2022-heisenbergs-android.html
- /data/com.google.android.gms/shared_prefs/nearbysharing:service:state.xml
-
Nearby Share – AirDrop for Android (Return of the Unsolicited Richard Photograph)
https://thebinaryhick.blog/2020/08/22/nearby-share-airdrop-for-android-return-of-the-unsolicited-richard-photograph/
Google Play Store (com.android.vending)
- /data/com.android.vending/databases/data_usage.db
-
Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications
https://link.springer.com/article/10.1007/s12243-022-00919-6
- /data/com.android.vending/databases/frosting.db
-
Analysis of application installation logs on Android systems
https://dl.acm.org/doi/10.1145/3297280.3297489
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/frosting.py
- /data/com.android.vending/databases/install_queue.db
-
Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications
https://link.springer.com/article/10.1007/s12243-022-00919-6
- /data/com.android.vending/databases/library.db
-
Mobile Forensics: Discovering the Undiscovered
https://www.magnetforensics.com/blog/mobile-forensics-discovering-the-undiscovered/
-
Analysis of application installation logs on Android systems
https://dl.acm.org/doi/10.1145/3297280.3297489
-
CTF Cellebrite CTF 2020: Rene Gade
https://ciofecaforensics.com/2020/10/31/cellebrite-ctf-rene/
-
Tracking traces of deleted applications
https://www.youtube.com/watch?v=4LcQm4ErXpA
https://docplayer.net/148670626-Tracking-traces-of-deleted-applications-christopher-vance-alexis-brignoni.html
-
Every Step You Take: Application and Network Usage in Android
https://docplayer.net/90183420-Every-step-you-take-application-and-network-usage-in-android.html
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/installedappsLibrary.py
- /data/com.android.vending/databases/localappstate.db
-
Analysis of application installation logs on Android systems
https://dl.acm.org/doi/10.1145/3297280.3297489
-
Tracking traces of deleted applications
https://www.youtube.com/watch?v=4LcQm4ErXpA
https://docplayer.net/148670626-Tracking-traces-of-deleted-applications-christopher-vance-alexis-brignoni.html
-
Part 2: CTF 2022 Write Up – Heisenberg’s Android
https://cellebrite.com/en/part-2-ctf-2022-write-up-heisenbergs-android/
-
Collaborative Testing Services - Mobile Digital Evidence - 2015
https://cts-forensics.com/reports/35550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/installedappsVending.py
- /data/com.android.vending/databases/package_verification.db
-
Tracking traces of deleted applications
https://www.youtube.com/watch?v=4LcQm4ErXpA
https://docplayer.net/148670626-Tracking-traces-of-deleted-applications-christopher-vance-alexis-brignoni.html
- /data/com.android.vending/databases/suggestions.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2015
https://cts-forensics.com/reports/35550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /data/com.android.vending/databases/verify_apps.db
-
Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications
https://link.springer.com/article/10.1007/s12243-022-00919-6
Google Quick Search (com.google.android.googlequicksearchbox)
-
Google Search & Personal Assistant data on android
http://www.swiftforensics.com/2020/03/google-search-personal-assistant-data.html
-
Google Search Bar & Search Term History – Are You Finding Everything?
https://thebinaryhick.blog/2019/03/20/google-search-bar-search-term-history-are-you-finding-everything/
-
Forensic Investigation of Google Assistant
https://link.springer.com/article/10.1007/s42979-020-00285-x
-
How Android Bluetooth Connections Can Determine if a Driver had Their Hands on the Wheel During an Accident
https://dfir.pubpub.org/pub/6ysxvhvc/release/1
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging
https://kyuhlee.github.io/publications/asiaccs17.pdf
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/googleQuickSearchbox.py
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/googleQuickSearchboxRecent.py
Google Services Framework (com.google.android.gsf)
- /data/com.google.android.gsf/databases/gservices.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
- /data/com.google.android.gsf/databases/googlesettings.db
-
Forensic Analysis of Wireless Networking Evidence of Android Smartphones
https://www.fortoo.eu/m/page-media/4/Andriotis-2012-1-wifs.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/pSettings.py
Messages (com.google.android.apps.messaging)
- /data/com.google.android.apps.messaging/databases/bugle_db
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
-
Android Messaging Forensics – SMS/MMS and Beyond
https://www.magnetforensics.com/blog/android-messaging-forensics-sms-mms-and-beyond/
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
- /data/com.google.android.apps.messaging/shared_prefs/sim_state_tracker.xml
Samsung One UI Home (com.sec.android.app.launcher)
-
Recreate Android apps, folders, and widget screen positions from a forensic extraction
https://abrignoni.blogspot.com/2019/10/recreate-android-apps-folders-and.html
Android Contacts Storage (com.android.providers.contacts)
- /data/com.android.providers.contacts/databases/calllog.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Hex Diving — The Easy Way to Uncover Hidden Forensic Artifacts
https://cellebrite.com/en/hex-diving-the-easy-way-to-uncover-hidden-forensic-artifacts/
-
Calllog.db and SMS data on Android 7.0 Nougat
https://forensenellanebbia.blogspot.com/2018/10/calllogdb-and-sms-data-on-android-70.html
-
Android Mobile Artifacts: A Treasure Trove of Digital Evidence in Crime Investigation
https://www.irjet.net/archives/V8/i8/IRJET-V8I885.pdf
-
Call Log query
https://github.com/kacos2000/Queries/blob/master/calllog_db.sql
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
Practical Mobile Forensics - Fourth Edition
https://www.packtpub.com/product/practical-mobile-forensics-fourth-edition/9781838647520
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/calllog.py
- /data/com.android.providers.contacts/databases/contacts2.db
-
Open Source Mobile Device Forensics
https://smarterforensics.com/wp-content/uploads/2014/06/OpenSourceMobileForensics.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
-
Android Mobile Artifacts: A Treasure Trove of Digital Evidence in Crime Investigation
https://www.irjet.net/archives/V8/i8/IRJET-V8I885.pdf
-
Contacts query
https://github.com/kacos2000/Queries/blob/master/contacts2.sql
-
Contacts calls query
https://github.com/kacos2000/Queries/blob/master/contacts2calls.sql
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
Practical Mobile Forensics - Fourth Edition
https://www.packtpub.com/product/practical-mobile-forensics-fourth-edition/9781838647520
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/contacts.py
- /data/com.android.providers.contacts/files/photos/
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
Android Messaging Storage (com.android.providers.telephony)
-
/data/user_de/0/com.android.providers.telephony/databases/mmssms.db
/data/com.android.providers.telephony/databases/mmssms.db
-
Android Messaging Forensics – SMS/MMS and Beyond
https://www.magnetforensics.com/blog/android-messaging-forensics-sms-mms-and-beyond/
-
Android mmssms.db each table introduction
https://blog.katastros.com/a?ID=00250-640c0b9b-4c94-4928-9250-7406735e59a2
-
Part 1: Walk-Through of Answers to the 2021 CTF – Investigating Heisenberg’s Android Device
https://cellebrite.com/en/part-1-walk-through-of-answers-to-the-2021-ctf-investigating-heisenbergs-android-device/
-
Cellebrite CTF 2022 - Heisenberg's Android
https://www.stark4n6.com/2022/06/cellebrite-ctf-2022-heisenbergs-android.html
-
Learning Android Forensics - Second Edition
https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017
-
Practical Mobile Forensics - Fourth Edition
https://www.packtpub.com/product/practical-mobile-forensics-fourth-edition/9781838647520
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/smsmms.py
- /data/com.android.providers.telephony/databases/app_parts/
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
Android Calendar Storage (com.android.providers.calendar)
- /data/com.android.providers.calendar/databases/calendar.db
-
Collaborative Testing Services - Mobile Digital Evidence - 2016
https://cts-forensics.com/reports/36550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2017
https://cts-forensics.com/reports/37550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2019
https://cts-forensics.com/reports/19-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2020
https://cts-forensics.com/reports/20-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2021
https://cts-forensics.com/reports/21-5550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
- /data/data/com.google.android.calendar/databases/cal_v2a
-
Collaborative Testing Services - Mobile Digital Evidence - 2022
https://cts-forensics.com/reports/22-5550_Web.pdf
Android Media Storage
- /data/com.google.android.providers.media.module/databases/external.db
-
Android’s external.db – Everything Old Is New Again
https://thebinaryhick.blog/2020/10/19/androids-external-db-everything-old-is-new-again/
-
Mobile Forensic Investigations A Guide to Evidence Collection, Analysis, and Presentation - Second Edition
https://www.oreilly.com/library/view/mobile-forensic-investigations/9781260135107/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/emulatedSmeta.py
Android Logs Provider (com.sec.android.provider.logsprovider)
- /data/com.sec.android.provider.logsprovider/databases/logs.db
-
Android Messaging Forensics – SMS/MMS and Beyond
https://www.magnetforensics.com/blog/android-messaging-forensics-sms-mms-and-beyond/
-
Logs provider query
https://github.com/kacos2000/Queries/blob/master/logs_db.sql
-
Collaborative Testing Services - Mobile Digital Evidence - 2015
https://cts-forensics.com/reports/35550_Web.pdf
-
Collaborative Testing Services - Mobile Digital Evidence - 2018
https://cts-forensics.com/reports/38550_Web.pdf
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/calllogs.py
Android Location (com.google.android.location)
-
/data/com.google.android.location/files/cache.cell/cache.wifi
/data/com.google.android.location/files/cache.cell/cache.cell
-
Decoding cache.cell and cache.wifi files
https://forensics.spreitzenbarth.de/2011/10/28/decoding-cache-cell-and-cache-wifi-files/
-
aLEAPP Plugin
https://github.com/abrignoni/ALEAPP/blob/master/scripts/artifacts/cachelocation.py