Chrome Cookie Database
Location
/data/data/com.android.chrome/app_chrome/Default/CookiesDescription
SQLite database storing browser cookies set by websites visited in Chrome. Each record contains the host domain, cookie name and value, creation timestamp, last access timestamp, expiration date, and flags for secure, httponly, and same-site attributes.
Forensic Value
Cookie records prove that the device accessed specific websites at specific times, even if browsing history entries have been deleted. The creation_utc and last_access_utc timestamps establish both first and most recent access to each domain. Session cookies from authenticated services confirm active logins to email providers, social media platforms, banking sites, and cloud services. Cookie values may contain session tokens, user identifiers, and tracking IDs that can be correlated with server-side logs.
Tools Required
Collection Commands
adb
adb pull /data/data/com.android.chrome/app_chrome/Default/Cookies /forensics/output/
ALEAPP
python3 aleapp.py -t tar -i /path/to/extraction -o /forensics/output/
adb
adb pull /data/data/com.android.chrome/app_chrome/Default/ /forensics/chrome_profile/
Collection Constraints
- •Availability depends on Android version, OEM build, encryption state, privilege level, and whether the collection was logical, rooted, or full-filesystem. OEM-specific builds may move or rename stores.
- •Mobile application data may be partially cached, excluded from backup, or pruned by the OS. Validate against the extraction type before treating gaps as meaningful.