A Forensic Approach To Android Tracking using Sqlite database

admin | August 20th, 2015 | General

Introduction to Android Tracking

Android tracking is one of the most talked about topics in the digital world. In case the location of the Android phones is not being correctly detected by the Google Apps or Wi-Fi, you can manually provide the right information to correct the database by making changes in the Google Maps for phones.The tracking data of android is stored in binary byte streams. In this write up we will help you to understand the basic structure of these byte streams and also extract the data from these byte streams.

Byte Stream Structure

The structure of an Android location, the byte stream is mentioned as below:

Header Information
The header is the sequence made up of 4 bytes. These bytes are different structures. The first two bytes are unsigned short for versions and unsigned short for entry count.
Location Entries
It contains 5 blocks of data of different sizes, each signifying a different function. The different bytes are used as follows:
  • First X Bytes are reserved for UTF-String
  • The next 4 Bytes are used for an integer specifying transmission range.
  • The next 4 bytes are used for the integer which specifies the confidence.
  • The next 8 Bytes of double integer signify latitude.
  • The next 8 Bytes of double integer are for longitude coordinates.
  • The last 8 Bytes of long integer are for UNIX timestamp.

Forensic Examination Of Android Location Files

In order to extract the information from the android location files, the two files which hold the utmost importance are:

cache.cell

cache.wifi

These files in an Android device are stored in the Application folder located at “/data/data/com.google.android.location/files/”location.

For carving out the evidences relating to the location of the Android device, the data can be extracted from these files via rooting technique. The data from the application can be extracted and stored in a database.The extracted database can be accessed with the help of a forensic tool so as to examine each and every detail carefully.

Sqlite Viewer: Perfect Tool For Forensics

In order to examine the location cache files of Android device, a third party application, Sqlite file viewer can be deployed. The software gives a preview of the data residing in the extracted database. There is no size limitation imposed by the software and any file can be viewed irrespective of its size. It is an efficacious utility and is a perfect tool for examining Android location data.

Disclaimer : – © 2020 Sqlite Viewer is an independent provider of Sqlite products & services. Sqlite Viewer is not in affiliation with any of the third–party organizations unless it is expressed explicitly. Read More...