Skip to main content

Posts

Showing posts from 2019

Android Video Thumbnail Files ".lvl"

Video Thumbnails ".lvl" Found on Android Devices Video files with the .lvl extension were located on an Android phone in the hidden “ .thumbnails ” folder. The Android device tested is a Samsung Galaxy SGH-M919. The device model number appears in the full path where the .lvl video thumbnails are stored. Root/media/0/.thumbnails/ M919 UVSFQA1_4.4.4/ movie_xx/section.0000.lvl A test to see what actions initiate the creation of the video thumbnails was conducted. Download Video Testing A Samsung Galaxy SGH-M919 was used for the test. The phone had been cleared and reset to factory defaults. I installed a video download app to obtain a video from the Internet and store them on the mobile device. The app Video Downloader was installed from the Google App Store.   Using the Video Downloader browser, I accessed the Internet Archive movie library and downloaded “Night of the Living Dead”. It is October after all - Happy Halloween!! The video download complet

ChatHour Chat/Messaging - Android

Artifacts for ChatHour (Android) I'm working on an Android tablet case and slowly scrolling through the application folders. The usual thousands of com.android. blah_blah  ... just keep scrolling. Then I saw it, a name I've not seen before. Even more important, this is a case involving "messaging". com.chathour.android The game's afoot! Browse For Data The next step in my process is to start browsing files and folders for recognizable data names. The fun is just beginning when you see the familiar db  folder and file(s) inside with the .db  extension.  com.chathour.android/db/chathour.db But don't stop there. It's always a good choice to check all the other files and folders because you just never know. Sure enough, another folder sp  contained .xml  files with more useful information. com.chathour.android/sp/admob.xml com.chathour.android/sp/ chathour_pref .xml When dealing with an app that you've never seen before, do

Text Based Treasure: qBittorrent Log File

qBittorrent Data It has been a few months since my last forensic (4N6) blog post. I had a slight heart issue in July 2018. I'm so excited to be back into the 4N6 work and finding new information to share! I've noticed that many of the criminal P2P sharing cases involved the qBittorrent application. For some reason, over the last year, it has become the "go to" P2P application. There are plenty of Digital Forensic resources available on uTorrent, the BitTorrent protocol and the great, free, BENcode tool for looking at .torrent and .dat files. BEncode Editor Link I did not find much data specific to the qBittorrent application. The obvious next step was to download it and start playing ... I mean testing. Understanding how the program worked from a user perspective is important. The application interface is very similar to that of uTorrent and is as easy to use. The Internet Archive has numerous free classic movies available for download via Torrent. This