Professional Documents
Culture Documents
Digital Forensics Value of Android Downloads
Digital Forensics Value of Android Downloads
ANDROID
DOWNLOADS
MOBILE FORENSICS
DFIR Tips GR Rajesh Kumar
Location
Android Downloads artifacts can be found
at the following location:
com.android.providers.downloads
/databases/downloads.db
DFIR Tips GR Rajesh Kumar
Forensic Analysis
Modified Date: Last modified date/time.
Download Source: The URL of the downloaded file.
MIME Type: The type of the data stored in this file.
Status: Indicates whether this file has been downloaded
successfully or not.
Saved To: The local path where this file has been saved to.
Deleted: Indicates whether this file has been deleted or
not.
Notification Package: Notification package.
Title: The name of the downloaded file.
Media Provider URI: The URI of the media provider App.
Error Message: The reason for the error happened while
downloading this file.
DFIR Tips GR Rajesh Kumar
CASE SCENARIO
Suspected Corporate
Data Theft
Background:
A technology company suspects that one of
its employees has been involved in corporate
data theft. The employee, who had access to
sensitive company documents and intellectual
property, recently resigned and joined a
competitor.
Investigation Steps:
01.. Acquisition of the Device:
The company's IT department acquires the ex-
employee's Android device, ensuring it is
handled in a forensically sound manner to
preserve evidence.
Investigation Steps:
03. Uncovering Evidence:
Investigation Steps:
04. Establishing a Timeline:
Investigation Steps:
05. Patterns of Behavior:
Investigation Steps:
06. Building a Case:
Investigation Steps:
07. Legal Action:
GR Rajesh Kumar
Digital Forensic Investigator