Contacts Database (contacts2.db)

androidCommunicationDevice ExtractionCloud Admin Portal

Location

/data/data/com.android.providers.contacts/databases/contacts2.db

Description

SQLite database containing all locally stored contacts with phone numbers, email addresses, organization names, physical addresses, notes, and associated account metadata. The database uses a normalized schema with raw_contacts, data, and contacts tables linked by contact IDs, supporting multiple accounts (Google, Exchange, local) merged into unified contact entries.

Forensic Value

The contacts database reveals the social network of the device user, including personal, professional, and potentially incriminating associations. Contact entries with notes or custom fields may contain sensitive information such as alternate identifiers, meeting locations, or coded references. The account_type field identifies which sync account contributed each contact, establishing links to cloud services. Recently deleted contacts may persist in deleted_contacts table or be recoverable from unallocated database space.

Tools Required

Cellebrite UFEDALEAPPMagnet AXIOMAutopsyDB Browser for SQLite

Acquisition Methods

Chip-Off Physical Extraction

android — physical

JTAG Physical Extraction

android — physical

ISP (In-System Programming) Extraction

android — physical

ADB Logical Extraction

android — logical

Root Filesystem Extraction

android — logical