Call History (calllog.db)

androidCommunicationDevice Extraction

Location

/data/data/com.android.providers.contacts/databases/calllog.db

Description

SQLite database recording all incoming, outgoing, and missed phone calls. Each record includes the phone number, contact name (if matched), call type (incoming/outgoing/missed/rejected/blocked), duration in seconds, date in epoch milliseconds, and the phone account used for the call.

Forensic Value

Call log records establish communication timelines and contact frequency between parties. The duration field distinguishes between connected calls and unanswered attempts, while the call type identifies whether the device user initiated or received each call. Blocked and rejected calls reveal awareness and avoidance of specific contacts. Timestamps correlate with other device activity artifacts to build a comprehensive behavioral timeline. Deleted entries can often be recovered from SQLite free pages and WAL files.

Tools Required

Cellebrite UFEDALEAPPMagnet AXIOMAutopsyDB Browser for SQLite

Acquisition Methods

Chip-Off Physical Extraction

android — physical

JTAG Physical Extraction

android — physical

ISP (In-System Programming) Extraction

android — physical

ADB Logical Extraction

android — logical

Root Filesystem Extraction

android — logical