App Review of Calculator Photo Vault

Written by Amber Schroader

June 5, 2019

Often in digital forensics, you end up with odd Apps that you need to review as part of your investigation that your tool does not support.  In this quick review, we will look at the App Calculator Photo Vault and the data that can be found from unsupported Apps.

Calculator+ Photo Vault v.8.8.0 by FishingNet

When we did the review of this App, we reviewed it on a device that we had root level access.

As a result, when reviewed in the E3 Platform, databases were able to be obtained from the device.  However, the images and other files from this app (see Calc_Android.png in attachments) were not found in the database, except for the files that were cached when I was browsing images to add in Calculator (see Calc_browse.png in attachments). See images below.

This led me to believe that the Calculator+ Photo Vault for Android encrypts all images and other files with their own encryption.  This creates a barrier for your forensic tools in their ability to find this data. Since encryptions are proprietary, a large amount of time would need to be spent trying to decrypt this App.

When we looked at the same style of App on iOS called Fake Calculator v.1.2 by Secret Calculator+ Photo Lock, we discovered very different results. The application does not encrypt images and other files. There is also the ability to open a built-in Browser and navigate to some websites.  Although the intent of this App to encrypt the data was the same, the results on iOS were vastly different than what we saw with Android.  When we processed it with the E3 Platform, we obtained files from this application for iOS with a logical image (see image below).  With that image, we could see in plain view the images from the App, unlike what we saw with Android. 

In conclusion, this is a quick reminder to pay attention to the odd Apps on the devices during investigations, and what they might be able to offer you can change with each type of device.

Forensic-Impact Articles

Investigating and Capturing Google Data

Investigating and Capturing Google Data

There are so few people on the planet now that don’t have something to do with Google. With parents selecting Gmail accounts for their kids prior to being born to the proliferation of Google in the classroom the searching giant is everywhere. With this level of...

What is Android ADB with smartphone forensics?

What is Android ADB with smartphone forensics?

There is a lot of trust put into your digital forensic tools when it comes to processing data. Many times, the “magic” of the tool remains someone unknown to the end-user. Each company claims to have a special means to capture the data that is seen in the acquisition....

Forensically Imaging Bitlocker

Forensically Imaging Bitlocker

Guest Blogger, Michael Zinn with Micro Systems Management BitLocker is Microsoft’s Full Volume Encryption (FVE) feature in Windows. BitLocker can be used to encrypt operating system volumes, non-Operating System fixed drive volumes, and removable drive volumes.[1]...