Facebook Messenger analysis
Facebook Messenger is a messaging app separate from the main Facebook application. It has over 500,000,000 downloads in the Play Store.
Package name: com.facebook.orca
Version: 18.0.0.27.14
Files of interest:
/cache/audio/fb_temp/image/
/sdcard/com.facebook.orca/files/ rti.mqtt.analytics.xml/databases/call_log.sqlitecontacts_db2prefs_dbthreads_db2
The /cache/audio directory contains audio messages sent through the application. The files have a .cnt file extension, but are actually .riff files that can be played with Windows Media Player, VLC media player, and other programs.
The /cache/fb_temp path contains temp files for images and video sent through the application. It is unclear how long these files will remain. In our testing, we sent and received a total of five files, and all five were still in the temp folder one week later.
The /cache/image directory contains a multitude of other directories (33 on our test phone), and each directory can...
