Android CoverMe
23/01/2026 Friday
Android CoverMe is an application that provides privacy-related features such as securing files, photos,
messages, and call data. It allows users to store selected content in a protected area and control access
through authentication mechanisms. The app is intended for managing sensitive information separately from
standard device storage.
Digital Forensics Values of Android CoverMe
The extracted left-behind artifacts from Android CoverMe provide digital forensic value by enabling
investigators to reconstruct user activity, attribute account ownership, and establish timelines. Successful
and failed login histories reveal when and where access attempts occurred. Location coordinates tied to
logins can assist in placing a device or user at a specific place and time. User information and Account
metadata support account attribution and activity timeline analysis.
Location of Android CoverMe
Android CoverMe artifact can be found at the following locations:
/data/data/ws.coverme.im/database/kexin.db
/data/data/ws.coverme.im/shared_prefs/kexin.xml
Analyzing Android CoverMe Artifacts with ArtiFast
This section will discuss how to use ArtiFast to extract Android CoverMe artifacts from Android machines’
files and what kind of digital forensics insights we can gain from the artifact.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase,
you can select Android CoverMe artifact parser:
×
Once ArtiFast parsers plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android CoverMe artifacts in ArtiFast.
Android CoverMe Successful Logins History
- Login Date/Time: The Date/Time when this account user login to his account.
- ID: Unique identifier of this login process.
- Location Coordinates: The user location when performing this login process.
- Is Main Password: Indicates whether the user enter his account using his main password or not.
Android CoverMe Failed Logins History
- Login Date/Time: The Date/Time when this account user login to his account.
- ID: Unique identifier of this login process.
- Location Coordinates: The user location when performing this login process.
- Failed Password: The password used in this failed login process.
Android CoverMe User Information
- MAC Address: The MAC address of the device used to sign in to this CoverMe account.
- Email Address: The email address of this account owner.
- City: Name of city where this account owner is living.
- Country Code: The country code where this account owner is living.
Android CoverMe Account Information
- Last Login Date/Time: The Date/Time when this account user login to his account for the last time.
- Successful Login Count: The number of times in which this user successfully logs in to his account.
- Phone Number: The phone number associated with this account.
- Password Type: The type of the password set to this account.
- Registration Date/Time: The application registration date/time.
For more information or suggestions please contact: kalthoum.karkazan@forensafe.com
