Extracting browser history information is one task that is often required of a forensic examiner. Apart from the default Android browser, different browser applications can be used on an Android phone, such as Firefox Mobile and Google Chrome. All of these browsers store their browser history in the SQLite .db format. For our example, we are extracting data from the default Android browser to our forensic workstation. This data is located at /data/data/com.android.browser. The file named browser2.db contains the browser history details. The following screenshot shows the browser data, as represented by Oxygen Forensic SQLite Viewer. Note that the trial version will hide certain information:

Several details covered in the preceding section are not stored on the device if the browser's incognito mode is used. Next, we will be analyzing social networking and IM chats.