Yes, you read the title right, for only four dollars you can get a tool to research Android phones. The tool – Root Explorer – is from Speed Software and readily available in the Android Market. There is one caveat though- it requires like it’s name implies for your phone to be rooted.
While rooting your Android Phone is beyond the scope of this post, I’ll give you a peek at the tool to whet your appetite.
Here’s the description from the App Market listing –
Root Explorer is the ultimate file manager for root users. Access the whole of android’s file system (including the elusive data folder!).
Features include SQLite database viewer, Text Editor, create and extract zip or tar/gzip files, multi-select, execute scripts, search, remount, permissions, bookmarks, send files (via email, bluetooth etc), image thumbnails, APK binary XML viewer.
Wow, that seems pretty cool doesn’t it? Turns out it is, as we shall see below.
I have root explorer installed on an HTC Incredible on the Verizon network. Here is a screenshot of the entire filesystem as seen by root explorer.
I recommend clicking on menu when first starting Root Explorer and setting a few preferences before using it for research.
Most of the preferences are self explanatory, however you may wish to change the zip/tar directories to one of your own choosing. Also if you are researching a particular directory and don’t wish to constantly scroll through the file system to find the place you are looking for, it make sense to set your home directory to the one you are currently interested in.
The main directory we will find most of the interesting data is /data/data/. This is the directory that holds all the applications in the file system including contacts, call records and SMS.
Perhaps we are looking for the contacts on the phone but are not sure what directory we need to look in. Root Explorer has a search function that will find all instances of a keyword in the present directory.
As the above search results screen capture shows the com.android.providers.contacts directory contains the contacts (people app) of the phone and a whole lot more. The subdirectory databases contains a SQLite database – contacts2.db- with the data we are interested in.
Root Explorer has additional options it can perform on the file by long clicking to bring up another menu. In addition to routine file operations such as rename, copy and move, you can view file permissions and extended information about the file.
Perhaps even more exciting are the other options that are available by scrolling -Add Bookmark , Send, View as text, Open in text editor, Zip this file and Create Tar.
By clicking on the contacts2.db file Root Explorer will launch a built in SQLite viewer first listing all the tables in the database.
The tables can then be further selected for viewing.
If SQLite Editor from Speed Software is purchased (around $3 USD), additional functionality is enabled such as record filtering.
Finally Root Explorer allos you to look at thumbnails and to examine text based files (such as XML)
Root Explorer is an invaluable tool for the mobile forensic researcher- and for around four dollars can you afford not to have it?