| 7bit PDU | 7bit PDU (GSM-7) |
| ABX file format | Android ABX - Binary XML |
| Android | Android version without the build.props file |
| Android | Identifying the Android Operating System Version thru UsageStats |
| Android | Corroboration. That Is All. |
| Android - Accounts | Investigating Android Accounts |
| Android - Bluetooth | How Android Bluetooth Connections Can Determine If The Hands of a Driver Were On The Wheel During An Accident |
| Android - Bluetooth | Turbo Strikes Again - Tracking Bluetooth Device Battery |
| Android - Bluetooth | Android Bluetooth Connection Configuration |
| Android - cast.db | An Android Casting (Device) Story: "cast.db" |
| Android - Contacts | Investigating Android Contacts |
| Android - Deleted Samsung Apps | Android - Samsung Traces of Deleted Apps |
| Android - Device Health Services | Turbo Pt. 3 - Device Health Services Application Usage |
| Android - Device Migration | Android - Tracking Device Migration |
| Android - Device Personalization Services | Walking the Android (time)line Part 2 – Using Android’s Device Personalization Services to timeline user activity |
| Android - Digital Wellbeing | Walking the Android (time)line. Using Android’s Digital Wellbeing to timeline Android activity. |
| Android - Downloads | Investigating Android Downloads |
| Android - external.db | Android’s external.db – Everything Old Is New Again |
| Android - Factory Resets | Wipeout! Detecting Android Factory Resets |
| Android - Gallery Imgcache | A Timestamp Seeking Monkey Dives Into Android Gallery Imgcache |
| Android - IMO | Investigating Android IMO |
| Android - Installed Applications | Investigating Android Installed Applications |
| Android - Mobile Telephony | Geodata & Mobile Telephony Artifacts in 3rd-Party Android Apps: Recreating User Travel Patterns |
| Android - Nearby Share | Nearby Share – AirDrop for Android (Return of the Unsolicited Richard Photograph) |
| Android - Now Playing History | Google Pixel Now Playing History |
| Android - Permissions | Android - Roles and Permissions (Android 10/11) |
| Android - Permissions | Android’s “Dangerous” Permissions |
| Android - Playstore | Investigating Android Playstore Search History |
| Android - Recent Tasks | Android Recent Tasks XML Parser |
| Android - Samsung Predictive Text | Android - Predictive text exclusions in Samsung devices |
| Android - SMS | Investigating Android SMS |
| Android - Turbo.db | Charging Battery with Turbo DB |
| Android - Unsupported Artifacts | Mobile Forensics: Discovering the Undiscovered |
| Android - Usagestats XML | Android Usagestats XML Parser |
| Android - Video Thumbnails | Video Thumbnails ".lvl" Found on Android Devices |
| Android 10 | Android 10 Image - The Binary Hick/DigitalCorpora |
| Android 10 - Usagestats | Usagestats on Android 10 (Q) |
| Android 11 | Android 11 Image with Documentation - The Binary Hick |
| Android 12 | Android 12 Image Now Available! - The Binary Hick |
| Android 13 Image | Android 13 Image Now Available - Binary Hick |
| Android 7, 8, and 9 | Public Android Images - The Binary Hick |
| Android Acquisition | Data Extraction Cheatsheet |
| Android Acquisition | The Investigator’s Guide to Android Acquisition Methods. Part I: Device |
| Android Acquisition | How to Acquire Digital Evidence with Android Screen Capturer in Belkasoft X |
| Android Acquisition | Mobile Forensic Images and Acquisition Priorities |
| Android Forensic Methodology | Android Analysis Quickstart - Vishal Thakur |
| Android Health Data | The State of Android Health Data (Part 1) – Garmin - Binary Hick and Part 2 - Google Fit |
| Android Malware | Examining A Malware-Infected Android Phone. This Android Is Not Alright. - The Binary Hick |
| Android Reset | Wipeout! Detecting Android Factory Resets - Joshua Hickman |
| Android Unlocking | Android: Unlock and Rooting |
| Android Versions/Flavors | Different Android Flavors and Forensic Processing - Paraben Corporation |
| APK Downgrade | Manually APK Downgrade for split APKs - Pieces0310 and The impact of Android 12 |
| Application Execution | Has the user ever used the XYZ application? aka traces of application execution on mobile devices |
| ARTEMIS | ARTEMIS - Android support for APOLLO |
| AVG Photo Vault | Decrypting the 'AVG' Photo Vault - The Incidental Chew Toy |
| Badoo | Finding Badoo chats in Android using SQL queries and the MAGNET App Simulator |
| Bumble | The Bots are Buzzing - Bumble on Android - Stark4N6 |
| Calculator Photo Vault | App Review of Calculator Photo Vault |
| Calculator Vault Apps | Decrypting the ‘Calculator’ App(s) and Decrypting ‘LOCKED Secret Calculator Vault’ |
| CCleaner | Quick DFIR review - CCleaner for Android |
| Chess.com | Decoding Chess.com - Kibaffo33 |
| Citymapper | Forensic Analysis of Citymapper for Android - Andy Smith |
| Device Health Services | Turbo Speed: Parsing Device Health Services from Google - Kevin Pagano |
| Discord | Discord Android App Review - DFIR |
| Discord | Discord Forensics |
| DJI Fly | Android - DJI Fly & The Pesky Problem of Preferences |
| Dual SIM Phones | Mo’ SIMs, Mo’ Problems. Examining Phones with Dual SIMs - Binary Hick |
| Facebook Messenger | Investigating Android Facebook Messenger |
| Files By Google | Files By Google: More Mobile Explorer Artifacts |
| Firefox Focus | Local Storage - Firefox Focus Privacy Browser Artifacts in Android |
| Flud Torrent Downloader | Torrent Applications in Android - Flud Torrent Downloader |
| Forensic References | Android Forensics References - Mattia Epifani |
| Garmin | The State of Android Health Data (Part 1) – Garmin |
| Garmin Connect | Gabbing about Garmin Connect for Android - Stark4n6 |
| Gboard & Clipboard | Gboard and Clipboard History - Stark4N6 |
| Gboard Session Data | OMGboard - Kibaffo |
| Gmail | Investigating Android Gmail |
| Google Assistant | Google Assistant Butt Dials (aka Accidental & Canceled Invocations) |
| Google Assistant | Google Search & Personal Assistant data on Android |
| Google Call Screen | May I Ask Who's Calling - Google Call Screen |
| Google Docs | Google Docs - Cello & DocList DBs |
| Google Duo | Google Duo - Android & iOS Forensic Analysis |
| Google Fit | The State of Android Health Data (Part 2) – Google Fit - Binary Hick |
| Google Keep | Google Keep - Notes and Lists: Mobile Artifacts |
| Google Maps | Finding Phones With Google Maps Part 1 (Android) |
| Google Maps - Android 12 | At the roundabout, take the second exit… |
| Google Photos | Dumpster Diving in Google Photos Android App: "local_trash.db" |
| Google Tasks | Google Tasks - Android Forensics analysis |
| Google Voice Search (via Google Takeout) | Parsing Google Voice Search - Campaign Cybersecurity |
| GroupMe | Investigating Android GroupMe - Forensafe |
| HealthMate | App HealthMate on Android Part 1 - Users, Messages, Devices |
| HealthMate | App HealthMate on Android Part 2 - Activities |
| HealthMate | App HealthMate on Android Part 3 - Heart Rate, GPS, Steps |
| Huawei - Extraction | Practical Guide to Huawei Device Extraction in UFED |
| Instagram | Investigating Android Instagram |
| Jami | Forensic Analysis of Jami for Android, a Peer-to-Peer Messaging Application - DFLim |
| Kik Messenger | Mobile Forensics on Kik Messenger - Leahy Center for Digital Forensics and Cybersecurity |
| LA Fitness | Quick DFIR review - LA Fitness Android app |
| Last SIM | Investigating Android Last SIM |
| Launcher.db | Recreate Android apps, folders, and widget screen positions from a forensic extraction |
| LG - MPT | MPT – LG’s incognito version of KnowledgeC |
| Life360 | Analyzing Life360 on Android |
| Mastodon | Thawing the Ice Age - Mastodon on Android - Stark4N6 |
| Mega's megapreferences | Decrypting Mega’s megaprefences Sqlite Database - AskClees |
| Microsoft RDP | Android Remote Desktop Apps - Microsoft RDP |
| Microsoft Surface Duo | Rooting Microsoft Surface Duo - CyberSocialHub |
| Microsoft Translator | Microsoft Translator - Android DFIR App Review |
| Mozilla Firefox | Web History, Visits, Bookmarks & Search Terms, Downloads, Top Sites & Recently Closed Tabs, and Cookies, Permissions & Form History - Stark4n6 |
| Nanbox Messenger | App Nandbox Messenger on Android |
| Nike Run | Android Nike Run app - Geolocation, SQLite views & self joins |
| Privacy Dashboard - Android 12 | Snooping on Android 12’s Privacy Dashboard - The Binary Hick |
| PrivateSpace | Not so private: extracting data from PrivateSpace |
| Protobufs | Parsing unknown protobufs with python |
| ProtonMail | ProtonMail |
| Qualcomm - EDL Mode | Mastering EDL Mode |
| Qualcomm - EDL Test Points | Mastering EDL Test Points |
| QuickPic | QuickPic for Android - Don't forget external/emulated storage! |
| Samsung Galaxy Smart Watch4 | Exploring The Samsung Galaxy Watch4 Smartwatch - Cyberspaghetti |
| Samsung Gallery3d Trash | Mike & the Monkey Dumpster Dive Into Samsung Gallery3d App Trash |
| Samsung My Files | Android - Samsung My Files App |
| Samsung Power Off Reset Logs | Samsung Power Off Reset Logs |
| Samsung Smart Switch | Android - Samsung Smart Switch // iOS Transfer Artifacts |
| Secret Calculator Photo Vault | Decrypting 'Secret Calculator Photo Vault' - The Incidental Chew Toy |
| Session | Session On Android – An App Wrapped in Signal - The Binary Hick |
| SetupWizard | Wipeout! Part Deux – Determining How an Android Was Setup - The Binary Hick |
| Shutdown Checkpoints | Shutdown Checkpoints in Android 12 |
| Signal | Obtain a logical dump of Signal data on Android with signal-back |
| Signal | Decrypting Signal DB for Android |
| Signal | Investigating Signal with ArtiFast Signal |
| SKOUT | App SKOUT on Android |
| Skype | Android Call Logs |
| Skype | Skype on Android - Images in Web Cache |
| Slack | Finding Slack app messages in Android and using json_extract to do it. |
| Snapchat | Snapchat Analysis to Discover Digital Forensic Artifacts on Android Smartphone |
| Snapchat | Two Snaps and a Twist – An In-Depth (and Updated) Look at Snapchat on Android |
| Snapchat | Investigating Android Snapchat App |
| Snapseed | Mobile Forensics — Analyzing Snapseed on Android - Veeraj Modi |
| Sygic | Investigating Android Sygic - Forensafe |
| SystemPanel2 | Android SystemPanel2 - App usage tracking |
| TeamViewer Remote Control | Android Remote Desktop Apps - TeamViewer Remote Control |
| Telegram | Telegram Forensics: Getting Started |
| TIA Portal | Investigating an engineering workstation - Part 1 - NVISO Labs and Part 2 |
| TikTok | Finding TikTok messages in Android |
| TikTok | Investigating Android TikTok - Forensafe |
| Tile | Android - Locating Location Data: The Tile App |
| Tor Thumbnails | Android Tor Browser Thumbnails. What? |
| Tox | Analysis of Antox - Android Tox App |
| Tusky (Mastodon Client) | Thawing the Ice Age Pt. 2 - Tusky on Android - Stark4N6 |
| uTorrent | Investigating Android uTorrent Application - Forensafe |
| Vaulty | Decoding Vaulty - Kibaffo33 |
| Venmo | Venmo. The App for Virtual Ballers. |
| Viber | Investigating Android Viber |
| Video Player Apps (VLC, MX Player, Archos, Plex, LocalCast) | Was the video played? - Android video player apps |
| Wear OS | Clockin’ In with Google’s Wear OS - The Binary Hick |
| WhatsApp | WhatsApp - Images and Messages - An overview - BeBinary4n6 |
| WhatsApp | WhatsApp messages in Non-Rooted Android Devices - gforce4n6 |
| WhatsApp | New msgstore – Who ‘Dis? A Look At An Updated WhatsApp On Android - The Binary Hick |
| WhatsApp | Forensic Duel: Exploring Deleted WhatsApp Messages—iOS vs Android |
| WhatsApp | Investigating Android WhatsApp |
| WhatsApp | Android WhatsApp Forensics. Part I: Acquisition |
| WhatsApp | Android WhatsApp Forensics. Part II: Analysis |
| Wickr | Wickr. Alright. We’ll Call It A Draw. - The Binary Hick |
| Wi-Fi | Investigating Android Wi-Fi Information - Forensafe |
| Yandex Mail | Investigating Android Yandex Mail - Forensafe |