Investigating Android Gallery Vault
07/03/2025 Friday
Android Gallery Vault is an app designed to protect your private photos,
videos, and other media by hiding them in a secure, password-protected
vault. It's commonly used by individuals who want to keep their personal
content private from others who might have access to their phones.
Gallery Vault is not the only app that provides these services,
KeepSafe, Private Photo Vault, LockMyPix are among alternative apps that
provide similar functionality.
Digital Forensics Values of Android Gallery Vault
The forensics value of Android Gallery Vault lies primarily in its
intended use to conceal photos, videos, or documents from prying eyes.
As a result, retrieving and analyzing its left-behind artifacts may help
the investigators revealing information from these hidden files to
uncover illicit activity, evidence of criminal behavior, or sensitive
personal data.
Location of Android Gallery Vault
Android Gallery Vault artifacts can be found at the following
location:
*/com.thinkyeah.galleryvault/shared_prefs/kidd.xml
*/com.thinkyeah.galleryvault/databases/galleryvault.db
Analyzing Android Gallery Vault Artifacts with ArtiFast
This section will discuss how to use ArtiFast to extract Android Gallery
Vault artifacts from Android machines’ files and what kind of digital
forensics insights we can gain from the artifact.
After you have created your case and added evidence for the
investigation, at the Artifact Selection phase, you can select Android
Gallery Vault artifact parser:
×
Once ArtiFast parsers plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android Gallery Vault artifacts in ArtiFast.
Android Gallery Vault Account Information
- First Open Date/Time: Date and time when this application was first opened.
- Last Modified Date/Time: Date and time when this account user last modified the account information.
- Signature: This account signature.
- Email Address: The email addresses registered by this account holder.
- Encrypted Data Folder: The name of the folder where the encrypted app-related data is stored.
- Android ID: The Android ID.
- Password SHA1 Hash: The calculated SHA1 hash value of this account password.
- Password MD5 Hash: The calculated MD5 hash value of this account password.
- Launch Times: The number of times the user has opened this app.
- Number of Added Files: The number of files that have been added to this account.
Android Gallery Vault Files
- Encrypted File Name: The encrypted file name.
- Original File Name: The original file name.
- File Size: The size of the attached file.
- MIME Type: The type of the data stored in this file.
- Original File Path: The URL of the original file.
- Last Modified Date/Time: The date and time when this file was last modified.
- Added Date/Time: The date and time when this file was added.
- Image Height: The image height.
- Image Width: The image width.
- Video Duration: Video duration (in seconds) if applicable.
- Image Orientation: The orientation of this image file.
Android Gallery Vault Folders
- Folder ID: The unique identifier of this folder.
- Parent Folder ID: The unique identifier of the parent folder.
- Folder Name: The name of this folder.
- Profile ID: The unique identifier of the profile where this folder is associated with.
- Number of Child Files: The number of child files in this folder.
- Number of Child Folders: The number of sub-folders in this folder.
- Created Date/Time: The date and time when this folder was created.
For more information or suggestions please contact: kalthoum.karkazan@forensafe.com
