Overview

The Android Analyzer module allows you to analyze SQLite and other files from an Android device. It should work on Physical dumps from most Android devices (note that we do not provide an acquisition method). Autopsy will not support older Android devices that do not have a volume system. These devices will often have a single physical image file for them and there is no information in the image that describes the layout of the file systems. Autopsy will therefore not be able to detect what it is.

Simply add your physical images or file system dumps as data sources and enable the Android Analyzer module.

NOTE: This module is not exhaustive with its support for Android. It was created as a starting point for others to contribute plug-ins for 3rd party apps. See the Developer docs (http://sleuthkit.org/autopsy/docs/api-docs/3.1/mod_mobile_page.html) for information on writing modules.

Analysis

The module should be able to extract the following:

• Text messages / SMS / MMS
• Call Logs
• Contacts
• Tango Messages
• Words with Friends Messages
• GPS from the browser and Google Maps
• GPS from cache.wifi and cache.cell files

NOTE: These database formats vary by version of OS and different vendors can place the databaes in different places. Autopsy may not support all versions and vendors.