Contacts Database (contacts2.db)
Location
/data/data/com.android.providers.contacts/databases/contacts2.dbDescription
SQLite database containing all locally stored contacts with phone numbers, email addresses, organization names, physical addresses, notes, and associated account metadata. The database uses a normalized schema with raw_contacts, data, and contacts tables linked by contact IDs, supporting multiple accounts (Google, Exchange, local) merged into unified contact entries.
Forensic Value
The contacts database reveals the social network of the device user, including personal, professional, and potentially incriminating associations. Contact entries with notes or custom fields may contain sensitive information such as alternate identifiers, meeting locations, or coded references. The account_type field identifies which sync account contributed each contact, establishing links to cloud services. Recently deleted contacts may persist in deleted_contacts table or be recoverable from unallocated database space.
Tools Required
Collection Commands
adb
adb pull /data/data/com.android.providers.contacts/databases/contacts2.db /forensics/output/
ALEAPP
python3 aleapp.py -t tar -i /path/to/extraction -o /forensics/output/
adb
adb shell content query --uri content://contacts/phones > contacts_dump.txt
Collection Constraints
- •Availability depends on Android version, OEM build, encryption state, privilege level, and whether the collection was logical, rooted, or full-filesystem. OEM-specific builds may move or rename stores.
- •Mobile application data may be partially cached, excluded from backup, or pruned by the OS. Validate against the extraction type before treating gaps as meaningful.