VMA.db - what information does this file contain?
I am analyzing a Samsung phone (specifications below)
Selected Manufacturer Samsung CDMA
Selected Model SM-G920V Galaxy S6
Detected Manufacturer Verizon
Detected Model SM-G920V
Revision 6.0.1 MMB29K G920VVRU4CPK2
I used Cellebrite v.184.108.40.2061 to create both logical and file system extractions.
1) VMA.db - what information about text messages, if any, does this file contain?
A. I am trying to identify or recover deleted text messages from this phone and identified a file called "vma.db", which is located at
B. Within "vma.db" is a table called "vma_sync_mapping". The "vma_sync_mapping" tab has columns named (amongst others)
C. Verizon Text Messages
The only location Cellebrite has found text messages is in a "messages.db" file located
So, I am wondering if the "vma.db" file contains references to all text messages received and sent by this phone, but "messages.db" contains the actual undeleted text messages???
Thanks for your help.
It's not usual to have related data stored in separate databases but it is not unknown either.
Are there any fields in the two DB's that look like they might be related? It is straight forward to attach a second database and perform queries across all related tables.
If you would like a fully fucntional demo of my Forensic Browser for SQLite to look further at this then please lte me know.
Thanks for your quick response.
I actually own a copy of your excellent software.
I ran SQLite Forensic Recovery on the message.db file and was able to a deleted message.
I will email you separately for help on connecting vma.db and the message.db files.
It sounds like this db belongs to Verizon Messages, an application to sync messages over several devices.
According to their website they store messages for 10 days so you could also ask for them if you don't find any deleted in the db.
It might be easier to reverse engineer the APK file. What columns exist in the message.db?
Holy mackerel -
With Paul's help and guidance, the Sanderson Forensics SQLite Forensic Browser tool (http//
Cellebrite was able to recover 2,227 text messages and NO deleted text messages; we collected both a logical and file system extraction from the phone.
I have alerted the rest of my forensic practice that we must run the Sanderson Forensics tool to validate our other tools' results on every case.