This chapter will cover application analysis, using free and open source tools. It will focus on analyzing the data that would be recovered using any of the logical or physical techniques detailed in Chapters 4 and Chapter 5. It will also rely heavily on the storage methods discussed in Chapter 2. We will see numerous SQLite databases, XML files, and other file types from various locations within the file hierarchy described in the second chapter. By the end of this chapter, you should be familiar with the following topics:
An overview of application analysis:
Contacts/Calls/SMS
Wi-Fi
User dictionary
Third-party applications and various methods used by popular applications to store and obfuscate data listed as follows:
Plain text
Epoch time
WebKit time
Misnaming file extensions
Julian dates
Base64 encoding
Encryption
Basic steganography
SQLCipher
Basic application reverse engineering