Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Android Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learning Android Forensics

Learning Android Forensics

By : Oleg Skulkin, Tindall, Rohit Tamma
2 (2)
Buy this Book
close
close
Learning Android Forensics

Learning Android Forensics

2 (2)
By: Oleg Skulkin, Tindall, Rohit Tamma
Buy this Book

Overview of this book

Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. Learning Android Forensics will introduce you to the most up-to-date Android platform and its architecture, and provide a high-level overview of what Android forensics entails. You will understand how data is stored on Android devices and how to set up a digital forensic examination environment. As you make your way through the chapters, you will work through various physical and logical techniques to extract data from devices in order to obtain forensic evidence. You will also learn how to recover deleted data and forensically analyze application data with the help of various open source and commercial tools. In the concluding chapters, you will explore malware analysis so that you’ll be able to investigate cybersecurity incidents involving Android malware. By the end of this book, you will have a complete understanding of the Android forensic process, you will have explored open source and commercial forensic tools, and will have basic skills of Android malware identification and analysis.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Introducing Android Forensics
Icon
Introducing Android Forensics
Icon
Mobile forensics
Icon
The mobile forensics approach
Icon
Challenges in mobile forensics
Icon
Android architecture
Icon
Android security
Icon
Android hardware components
Icon
Android boot process
Icon
Summary
2
Setting up the Android Forensic Environment
Icon
Setting up the Android Forensic Environment
Icon
Android forensic setup
Icon
Android Debug Bridge
Icon
Rooting Android
Icon
Summary
3
Understanding Data Storage on Android Devices
Icon
Understanding Data Storage on Android Devices
Icon
Android partition layout
Icon
Android file hierarchy
Icon
Application data storage on the device
Icon
Android filesystem overview
Icon
Summary
4
Extracting Data Logically from Android Devices
Icon
Extracting Data Logically from Android Devices
Icon
Logical extraction overview
Icon
Manual ADB data extraction
Icon
ADB backup extractions
Icon
ADB dumpsys
Icon
Bypassing Android lock screens
Icon
Android SIM card extractions
Icon
Summary
5
Extracting Data Physically from Android Devices
Icon
Extracting Data Physically from Android Devices
Icon
Physical extraction overview
Icon
Extracting data physically with dd
Icon
Extracting data physically with nanddump
Icon
Extracting data physically with Magnet ACQUIRE
Icon
Analyzing a full physical image
Icon
Imaging and analyzing Android RAM
Icon
Acquiring Android SD cards
Icon
Advanced forensic methods
Icon
Summary
6
Recovering Deleted Data from an Android Device
chevron up
Icon
Recovering Deleted Data from an Android Device
Icon
Data recovery overview
Icon
Recovering deleted data from SD cards
Icon
Recovering deleted records from SQLite databases
Icon
Recovering deleted data from internal memory
Icon
Recovering deleted data using file carving
Icon
Summary
7
Forensic Analysis of Android Applications
Icon
Forensic Analysis of Android Applications
Icon
Application analysis overview
Icon
Why do app analysis?
Icon
Layout of this chapter
Icon
Summary
8
Android Forensic Tools Overview
Icon
Android Forensic Tools Overview
Icon
Autopsy
Icon
Belkasoft Evidence Center
Icon
Magnet AXIOM
Icon
Summary
9
Identifying Android Malware
Icon
Identifying Android Malware
Icon
An introduction to Android malware
Icon
Android malware overview
Icon
Android malware identification
Icon
Summary
10
Android Malware Analysis
Icon
Android Malware Analysis
Icon
Dynamic analysis of malicious Android applications
Icon
Static analysis of malicious Android applications
Icon
Summary
Icon
Further reading
11
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Recovering deleted data using file carving

File carving is an extremely useful method in forensics because it allows for data that has been deleted or hidden to be recovered for analysis. In simple terms, file carving is the process of reassembling files from fragments in the absence of file system metadata. In file carving, specified file types are searched for and extracted across the binary data to create a forensic image of a partition or an entire disk. File carving recovers files from the unallocated space in a drive based merely on file structure and content, without any matching file system metadata.

Unallocated space refers to the part of the drive that no longer holds any file information, as pointed by file system structures such as file tables.

Files can be recovered or reconstructed by scanning the raw bytes of the disk and reassembling them. This can be done by...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 6
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY