Hack This Site!: "Fun Facts about the SMS db
So… There are a few things you should be aware of that make the sms.db a bit more useful to us than just looking at the messages on device. When a user deletes a message on device the record is not actually removed. The OS simply adds a flag to the record marking it for removal and hides it from the users on device view. The OS doesn't immediately overwrite or modify the data in any way. There is a purge routine that will run every so often but more interestingly is that this routine is at Page Level rather than at the record level. What this means is that rather than processing records for removal individually it process a full ~=4kb Page of records all at once. What makes this special is that if any item in the page has not been flagged for removal the entire page stays intact and is recoverable in the sms.db That being said this also creates a case where older deleted messages are forensically recoverable, but more recently deleted messages are not recoverable because they existed in a memory page that contains only messages flagged for deletion."
'via Blog this'
Ip Daily, Don't You! Social media,Website Development,Web Advertising,Web Hosting and so much more! IP Daily.Biz Check us out as often as you need too!
No comments:
Post a Comment