charpy4n6

 Samsung Android Deleted Gallery -Starting in Android 9, the user has the capability to restore deleted media files. -When a user deletes a media file, the media file is not immediately deleted. -It goes into trash and remains in the trash for 30 days. -The filename is changed upon deletion. -During this time the user can choose to permanently delete the file or restore it to its original location. -The deleted file specific to a Samsung device, will be parsed with forensic tools from: data\media\0\Android\data\com.sec.android.gallery3d\files\.Trash -Data about the file can be located in: data\data\com.sec.android.gallery3d\databases\local.db. -Looking in the local.db specifically, the trash table, contains information about the deleted media file. -The following columns contain data about the deleted files:            _absPath – The current path of the deleted file.            _Title – The current title of the deleted f...

___________Google Keep Notes_______________________________________ While working on a case recently, I came across the Google Keep Notes application installed and utilized on an Android mobile device. Both of the commercial parsing tools that I was using to analyze the data displayed the timestamps of the notes and the title of the notes but no note body was present in the parsed data.   So, I just check marked everything in the case created a Reader/Portable Case, and sent the data out. Because if the tool doesn’t parse it, it doesn’t exist, right? Wrong.   I followed the source file which is a SQLite database named keep.db. Inside of the database is a ton of additional data including the body of those notes!   How Google Keep Notes Work: Google Keep boasts the capability to add notes lists and photos to Google Keep. They have the capability to record a voice memo and Keep will transcribe it so you can find it later. The Google Keep notes are share...