Lock Screen Configuration (locksettings.db)
Location
/data/system/locksettings.db and /data/system/locksettings.db-walDescription
SQLite database storing the device lock screen configuration including the lock type (none, swipe, pattern, PIN, password), pattern/PIN/password hash, failed attempt count, lockout timestamps, Smart Lock trusted agents, and biometric enrollment status. The database also records whether the device is encryption-aware and the credential-encrypted storage state.
Forensic Value
The lock settings database provides critical information about the security state of the device at the time of acquisition. The lockout_attempt_deadline and failed_attempts fields reveal whether someone recently attempted to guess the passcode, which may indicate unauthorized access attempts or evidence of device seizure awareness. Smart Lock trusted agents and places indicate automatic unlock conditions such as trusted Bluetooth devices, trusted locations, or on-body detection, which could explain how the device was accessed without entering the code. The lock type and hash algorithm affect the feasibility of passcode recovery through brute-force or dictionary attacks.