Logo
RSS Feed

πŸ’¬ Messaging Data


Created: 12.10.2020

Electron is a framework that is available for building applications, cross-platform. You’re creating a web-application that can be used as a desktop one (implementing both back- and frontend). Backend - node.js, and frontend - Chrome. So, a lot of artifacts can be shared with Chrome and buddies. It’s in wide use. For example, ⚠️ WhatsApp and Skype use it.

Skype

Tools πŸ› : Belkasoft EC, SkypeLogView (NirSoft)

C:\Users\%Username%\AppData\Roaming\Skype.

Skype: Path: C:| Users\ \*\AppData\ Local\ Packages\Microsoft.SkypeApp\_\*\ Localstate\\*\main. db
Skype: Path: C:\Documents and Settings\\*\Application Data\Skype\\*\main.db

Xbox

Windows: C:\Users\%Username%\AppData\Local\LocalState\ModelManager\Messaging.

Android

https://www.magnetforensics.com/blog/android-messaging-forensics-sms-mms-and-beyond/

Communication

SMS:

β€’ /data/data/com.google.android.apps.messaging/ databases

β€’ /data/data/com.android.providers.telephony/databases/ mmssms.db

β€’ /user_de/0/com.android.providers.telephony/ databases/mmssms.db

Call Logs:

β€’ /com.android.providers.contacts/databases/calllog.db
β€’ /com.android.providers.contacts/databases/contacts2.db

Contacts:

β€’ /data/data/com.android.providers.contacts/databases/ contacts2.db

Gmail

β€’ /data/data/com.google.android.gm/databases/

iOS

Communication

SMS:

β€’ /private/var/mobile/Library/SMS/sms.db β€’ HomeDomain-Library/SMS/sms.db

Call Logs:

β€’ /private/var/mobile/Library/CallHistoryDB/CallHistory. storedata

β€’ HomeDomain-Library/CallHistoryDB/CallHistory. storedata

Contacts:

β€’ /private/var/mobile/Library/AddressBook/AddressBook. sqlitedb

β€’ HomeDomain-Library/AddressBook/AddressBook. sqlitedb

  1. Mail App

    β€’ /private/var/mobile/Library/Mail

  • /private/var/mobile/Library/Mail/[UUID]/*.emlx

  • /private/var/mobile/Library/Mail/[UUID]/*.imapmbox/

    Attachments/