A Forensic Approach To Android Tracking using Sqlite database
Introduction to Android Tracking
Android tracking is one of the most talked about topics in the digital world. In case the location of the Android phones is not being correctly detected by the Google Apps or Wi-Fi, you can manually provide the right information to correct the database by making changes in the Google Maps for phones.The tracking data of android is stored in binary byte streams. In this write up we will help you to understand the basic structure of these byte streams and also extract the data from these byte streams.
Byte Stream Structure
The structure of an Android location, the byte stream is mentioned as below:
- Header Information
- The header is the sequence made up of 4 bytes. These bytes are different structures. The first two bytes are unsigned short for versions and unsigned short for entry count.
- Location Entries
- It contains 5 blocks of data of different sizes, each signifying a different function. The different bytes are used as follows:
- First X Bytes are reserved for UTF-String
- The next 4 Bytes are used for an integer specifying transmission range.
- The next 4 bytes are used for the integer which specifies the confidence.
- The next 8 Bytes of double integer signify latitude.
- The next 8 Bytes of double integer are for longitude coordinates.
- The last 8 Bytes of long integer are for UNIX timestamp.
Forensic Examination Of Android Location Files
In order to extract the information from the android location files, the two files which hold the utmost importance are:
These files in an Android device are stored in the Application folder located at “/data/data/com.google.android.location/files/”location.
For carving out the evidences relating to the location of the Android device, the data can be extracted from these files via rooting technique. The data from the application can be extracted and stored in a database.The extracted database can be accessed with the help of a forensic tool so as to examine each and every detail carefully.
Sqlite Viewer: Perfect Tool For Forensics
In order to examine the location cache files of Android device, a third party application, Sqlite file viewer can be deployed. The software gives a preview of the data residing in the extracted database. There is no size limitation imposed by the software and any file can be viewed irrespective of its size. It is an efficacious utility and is a perfect tool for examining Android location data.