Cell Tower & Wi-Fi Location Cache

androidLocation DataDevice Extraction

Location

/data/data/com.google.android.location/files/cache.cell and cache.wifi

Description

Binary cache files maintained by the Google Location Services provider containing recent cell tower and Wi-Fi access point observations used for network-based location determination. The cache.cell file stores cell tower IDs (MCC, MNC, LAC, CID) with associated GPS coordinates and timestamps. The cache.wifi file stores Wi-Fi BSSIDs (MAC addresses) with their estimated geographic positions.

Forensic Value

Cell tower and Wi-Fi location caches provide a record of the physical locations where the device was present, independent of GPS or user-initiated location queries. Cell tower records are particularly valuable because they are generated passively during normal cellular operation and cannot be disabled by the user without enabling airplane mode. Wi-Fi cache entries record access points detected by the device even without connecting, placing the device in proximity to specific buildings or locations. These caches are lower precision than GPS but provide broader temporal coverage.

Tools Required

Cellebrite UFEDALEAPPMagnet AXIOMOxygen Forensic Detectivelocationd_parser

Acquisition Methods

Chip-Off Physical Extraction

android — physical

JTAG Physical Extraction

android — physical

ISP (In-System Programming) Extraction

android — physical

ADB Logical Extraction

android — logical

Root Filesystem Extraction

android — logical