Facebook analysis

Facebook is a social-media application with more than 1 billion downloads from Google Play.

Package name: com.facebook.katana

Version: 25.0.0.19.30

Files of interest:

/files/video-cache/
/cache/images/
/databases/
- bookmarks_db2
- contacts_db2
- nearbytiles_db
- newsfeed_db
- notifications_db
- prefs_db
- threads_db2

The /files/video-cache directory contains videos from the user's newsfeed, though there does not appear to be a way to correlate them back to the user who posted them.

The /cache/images directory contains images from the user's newsfeed as well as the profile photos of contacts. This directory contains a multitude of other directories (65 on our test phone), and each directory can contain multiple .cnt files. The .cnt files are typically ...

Get Learning Android Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Android Forensics by Rohit Tamma, Donnie Tindall

Facebook analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly