Blog >> Android Yandex Mail

Investigating Android Yandex Mail

07/07/2023 Friday

Yandex Mail is an email service provider which provides its mailing services for free and it has been developed by a Russian company. This email service comes with a built-in translator as well as an antivirus protector and a spam blocker. It also provides its users with 5 GB of free cloud storage on its disk. Yandex Mail is considered to be one of the three largest email service providers in Runet.

Digital Forensics Value of Android Yandex Mail

Nowadays, email can be considered to be one of the most important modes of communication. Almost every person in the world is a technology user and every technology user has to have an email account. Therefore, analyzing the left-behind artifacts by an email service provider is a key tool that helps in tracking the outlaws.

Location of Android Yandex Mail Artifacts

Android Yandex Mail artifacts can be found at the following locations:
ru.yandex.mail /databases/accounts2.db
ru.yandex.mail /databases/PassportInternal.db
ru.yandex.mail /databases/account_%User Email Address%_nano.db
ru.yandex.mail /databases/ fts_%10-digits User ID%
ru.yandex.mail /cache/avatar/

Analyzing Android Yandex Mail Artifacts with ArtiFast

This section will discuss how to use ArtiFast to extract Android Yandex Mail artifacts from Android machines files and what kind of digital forensics insights we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Android Yandex Mail artifacts:

Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android Yandex Mail artifacts in ArtiFast.

Yandex Mail Accounts

• User ID - The user ID.
• Email Address - The email address associated with the account.
• Subscription Time - Email subscription time.
• Account Selected - Indicates whether this account is currently selected.
• Mail Provider - The name of the webmail provider.
• Is Frozen - Indicates whether this account is freeze.
• Password/Token - The local user password/token.
• Display Name - The display name for the user.
• Avatar URL - A URL to the user’s profile picture.
• Account Metadata - Any additional details about the account.

Yandex Mail Attachment

• Message ID - The message ID that contains the attachment file.
• Attachment Name - The file name of the attachment.
• Type - The type of attachment.
• Attachment Size - The size of the attached file.
• Attachment File Type - The main type for the attached file.
• Attachment File Subtype - The sub-type for the attached file.
• Download URL - The URL of the attachment.
• Is Folder - Indicates whether the attachment is a folder.

Yandex Mail Contacts

• First Name - The contact first name.
• Middle Name - The contact middle name.
• Last Name - The contact’s last name.
• Organization - The contact company name.
• Description - A description of the account, as set by the user.
• Phones - The contact mobile phone number.
• Email - The email address associated with the contact.

Yandex Mail Emails

• Subject - The subject of the email.
• Sender - The sender of the email.
• Is Unread - Indicates if the email was unread.
• Email Date/Time - The date and time when the email was sent or received.
• Has Attachment - Indicates whether the email has an attachment.
• Email Snippet - A snippet of the email.
• Thread ID - The ID of the conversation the email is from. Emails with the same Thread ID belong to the same conversation.
• Folder Name - The name of the folder where the email is stored.
• Recipient(s) - The recipients of the email.
• Email Body - The body of the email.

Yandex Mail Attachment Pictures

• Image Bytes - The actual image.
• File Name - The name and extension of the image.
• Created Date/Time - The created date/time of the image in the file system.
• Last Accessed Date/Time - The last accessed date/time of the image in the file system.
• Last Modified Date/Time - The last modified date/time of the image in the file system.
• Size - The size of the image in bytes.
• Width - The width of the image.
• Height - The height of the image.

Yandex Mail Profile Pictures

• Image Bytes - The actual image.
• File Name - The name and extension of the image.
• Created Date/Time - The created date/time of the image in the file system.
• Last Accessed Date/Time - The last accessed date/time of the image in the file system.
• Last Modified Date/Time - The last modified date/time of the image in the file system.
• Size - The size of the image in bytes.
• Width - The width of the image.
• Height - The height of the image.

For more information or suggestions please contact: kalthoum.karkazan@forensafe.com