Maps is a map/navigation application provided by Google.
Package name: com.google.android.apps.maps
Files of interest:
- /cache/http/
- /databases/:
- gmm_myplaces.db
- gmm_storage.db
The /cache/http folder contains many files, with .0 and .1 file extensions. The .0 files are web requests for the corresponding .1 file. The .1 files are predominantly images, and can be viewed by changing their extension appropriately; on our test device, they were either .jpg or .png files. These files were predominantly locations near the user, not necessarily locations the user specifically searched for.
This is data storage method 4: misnamed file extensions
Always verify the header of a file that can't be opened, or use automated tools, such as EnCase, to detect the mismatched header/file extension. A good resource to verify a file's signature is http://www.garykessler.net/library/file_sigs.html.
The gmm_myplaces.db database contains locations saved by the user. This file syncs with the user's Google account, so these locations were not necessarily saved using the application.
gmm_storage.db contains search hits and locations that were navigated to:
|
Table |
Description |
|
gmm_storage_table |
The _key_pri column appears to identify the type of the location, bundled appears to be a hit that came up on a search, while ArrivedAtPlacemark identifies locations that were actually navigated to. The _data column contains the address for the location. |