SMS/MMS Database (mmssms.db)

androidCommunicationDevice Extraction

Location

/data/data/com.android.providers.telephony/databases/mmssms.db

Description

SQLite database storing all SMS and MMS messages on the device. Each record contains the sender and recipient phone numbers, message body, timestamp (date column in epoch milliseconds), read status, and thread ID grouping conversations. MMS entries include references to associated media parts stored in the same provider directory.

Forensic Value

SMS/MMS messages are a primary communication artifact for establishing suspect contact patterns, verifying alibis, and recovering deleted conversations. The date and date_sent columns provide both local receipt and network send timestamps, enabling precise timeline correlation. Deleted messages may remain recoverable from unallocated database pages or the WAL (write-ahead log) file until a vacuum operation occurs. Thread IDs link individual messages into full conversation reconstructions.

Tools Required

Cellebrite UFEDALEAPPMagnet AXIOMAutopsyDB Browser for SQLite

Acquisition Methods

Chip-Off Physical Extraction

android — physical

JTAG Physical Extraction

android — physical

ISP (In-System Programming) Extraction

android — physical

ADB Logical Extraction

android — logical

Root Filesystem Extraction

android — logical