Sign In Start Free Trial

Learning Android Forensics

4.2 (6)

Learning Android Forensics

4.2 (6)

Overview of this book

If you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Introducing Android Forensics

1. Introducing Android Forensics

Mobile forensics

The mobile forensics approach

Challenges in mobile forensics

The Android architecture

Android security

2. Setting Up an Android Forensic Environment

2. Setting Up an Android Forensic Environment

The Android forensic setup

The Android SDK

Connecting and accessing an Android device from the workstation

Android Debug Bridge

Rooting Android

ADB on a rooted device

Summary

3. Understanding Data Storage on Android Devices

3. Understanding Data Storage on Android Devices

Android partition layout

Android file hierarchy

Application data storage on the device

Android filesystem overview

Summary

4. Extracting Data Logically from Android Devices

4. Extracting Data Logically from Android Devices

Logical extraction overview

Manual ADB data extraction

ADB backup extractions

ADB Dumpsys

Bypassing Android lock screens

Cracking an Android pattern lock

Android SIM card extractions

Issues and opportunities with Android Lollipop

Summary

5. Extracting Data Physically from Android Devices

5. Extracting Data Physically from Android Devices

Physical extraction overview

Extracting data physically with dd

Extracting data physically with nanddump

Analyzing a full physical image

Imaging and analyzing Android RAM

Acquiring Android SD cards

Advanced forensic methods

Summary

6. Recovering Deleted Data from an Android Device

6. Recovering Deleted Data from an Android Device

An overview of data recovery

Recovering data deleted from an SD card

Recovering data deleted from internal memory

Analyzing backups

Summary

7. Forensic Analysis of Android Applications

7. Forensic Analysis of Android Applications

Application analysis

Determining what apps are installed

Wi-Fi analysis

Contacts/call analysis

SMS/MMS analysis

User dictionary analysis

Gmail analysis

Google Chrome analysis

Google Maps analysis

Google Hangouts analysis

Google Keep analysis

Google Plus analysis

Facebook analysis

Facebook Messenger analysis

Skype analysis

Snapchat analysis

Viber analysis

Tango analysis

WhatsApp analysis

Kik analysis

WeChat analysis

Application reverse engineering

Summary

8. Android Forensic Tools Overview

8. Android Forensic Tools Overview

ViaExtract

Autopsy

ViaLab Community Edition

Summary

Conclusion

Index

Index

Customer Reviews

4.2 (6)

5 star

50%

4 star

16.7%

3 star

33.3%

2 star

0

1 star

0

Google Keep analysis

Keep is a note-taking application provided by Google. It can also be used to set reminders, either at a certain date/time or when the user is at a specified location.

Package name: com.google.android.keep

Version: Default version with Android 5.0.1 (not listed within app)

Files of interest:

/databases/keep.db
/files/1/image/original

The files/1/image/original directory contains photos taken using the app. Notes and reminders can both be associated with an image.

The keep.db contains all of the information about notes and reminders. There are, once again, several tables of interest:

Table	Description
`alert`	This contains information about location-based reminders. The `reminder_id` column can be correlated with entries in the reminder table. The `reminder_detail` table contains the latitude and longitude set for the reminder. The `scheduled_time` column is the date/time the reminder was set, in the Linux epoch time.
`blob`	This contains metadata about images in the `/files...`

Search

Your notes and bookmarks