Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Learning Android Forensics
  • Toc
  • feedback
Learning Android Forensics

Learning Android Forensics

4.2 (6)
close
Learning Android Forensics

Learning Android Forensics

4.2 (6)

Overview of this book

If you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.
Table of Contents (10 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Introducing Android Forensics
1. Introducing Android Forensics
Mobile forensics
The mobile forensics approach
Challenges in mobile forensics
The Android architecture
Android security
2
2. Setting Up an Android Forensic Environment
2. Setting Up an Android Forensic Environment
The Android forensic setup
The Android SDK
Connecting and accessing an Android device from the workstation
Android Debug Bridge
Rooting Android
ADB on a rooted device
Summary
3
3. Understanding Data Storage on Android Devices
3. Understanding Data Storage on Android Devices
Android partition layout
Android file hierarchy
Application data storage on the device
Android filesystem overview
Summary
4
4. Extracting Data Logically from Android Devices
4. Extracting Data Logically from Android Devices
Logical extraction overview
Manual ADB data extraction
ADB backup extractions
ADB Dumpsys
Bypassing Android lock screens
Cracking an Android pattern lock
Android SIM card extractions
Issues and opportunities with Android Lollipop
Summary
5
5. Extracting Data Physically from Android Devices
5. Extracting Data Physically from Android Devices
Physical extraction overview
Extracting data physically with dd
Extracting data physically with nanddump
Analyzing a full physical image
Imaging and analyzing Android RAM
Acquiring Android SD cards
Advanced forensic methods
Summary
6
6. Recovering Deleted Data from an Android Device
6. Recovering Deleted Data from an Android Device
An overview of data recovery
Recovering data deleted from an SD card
Recovering data deleted from internal memory
Analyzing backups
Summary
7
7. Forensic Analysis of Android Applications
7. Forensic Analysis of Android Applications
Application analysis
Determining what apps are installed
Wi-Fi analysis
Contacts/call analysis
SMS/MMS analysis
User dictionary analysis
Gmail analysis
Google Chrome analysis
Google Maps analysis
Google Hangouts analysis
Google Keep analysis
Google Plus analysis
Facebook analysis
Facebook Messenger analysis
Skype analysis
Snapchat analysis
Viber analysis
Tango analysis
WhatsApp analysis
Kik analysis
WeChat analysis
Application reverse engineering
Summary
8
8. Android Forensic Tools Overview
chevron up
8. Android Forensic Tools Overview
ViaExtract
Autopsy
ViaLab Community Edition
Summary
Conclusion
9
Index
Index

Autopsy

Autopsy is a free and open source analysis tool initially developed by Brian Carrier. Autopsy started as a Graphical User Interface for the underlying Linux-based SleuthKit toolset, but the latest release (version 3) is a standalone tool built for Windows. Autopsy can be downloaded at http://www.sleuthkit.org/autopsy/.

Autopsy is not intended to perform acquisitions of mobile devices, but can analyze the most common Android filesystems (such as YAFFS and ext). For this example, we will load a full physical image obtained via dd from an HTC Droid DNA, as outlined in Chapter 5, Extracting Data Physically from Android Devices.

Creating a case in Autopsy

On opening Autopsy, the user will be prompted to choose Create New Case, Open Recent Case, or Open Existing Case:

Creating a case in Autopsy

We will create a new case. Follow these steps:

  1. After filling in the Case Name field, the Next button will become available:
    Creating a case in Autopsy
  2. On the next screen, an optional Case Number and Examiner can be entered:
    Creating a case in Autopsy
  3. Selecting Finish will bring up...
End of Section 3
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete