Posts

The Forensics of Cortana on Android

Tools and Equipment Used:

- Samsung Galaxy Grand Prime - Rooted - Android 5.1.1 - Microsoft Cortana Digital Assistant - 2.10.5.2209 enus release (updated on May 31st, 2018) - Forensic Imaging: Magnet Acquire 2.4.0.11694 - Forensic Image Processing: Autopsy 4.7.0 - SQLite Viewer: Forensic Browser for SQLite 3.2.14 Summary: Cortana keeps a variety of pertinent information about the user and their activities including geolocations, timestamps, user history, known devices, and events/reminders among other data.
DssDatabase: - Location: /userdata/data/com.microsoft.cortana/databases/DssDatabase - “Alarmdescriptor” and “reminderdescriptor” - Information about the alarms and reminders set (types: triggerless, location, or time, status last updated times, etc).
- “Notificationdescriptor”
- Notification information, in this case News and Weather. Both include the content, links,
notification time and other data.
- Notably, Weath…
Recent posts