User dictionary analysis
The user dictionary is an incredible source of data for an examiner. While it is not necessarily a standalone application, its data is stored in /data/data directory
as if it were. The user dictionary is populated any time the user types a word that isn't recognized and chooses to save the word to avoid it being flagged by autocorrect. Interestingly, our test device contained dozens of words that we never typed or saved on the device. This data appears to sync with a user's Google account and persists across multiple devices. Words synced from the account were added in alphabetical order at the top of the database, while words added manually afterwards were populated in the order they were added at the bottom.
Package name: com.android.providers.userdictionary
Version: Default version with Android 5.0.1 (not listed within app)
Files of interest:
/databases/user_dict.db
The table in the user dictionary is described as follows:
Table |
Description |
---|---|
|
The |