Learning Android Forensics

Book Image

Learning Android Forensics

Book Image

Learning Android Forensics

Overview of this book

Learning Android Forensics

Learning Android Forensics

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Introducing Android Forensics

Introducing Android Forensics

Mobile forensics

The mobile forensics approach

Challenges in mobile forensics

The Android architecture

Android security

Setting Up an Android Forensic Environment

Setting Up an Android Forensic Environment

The Android forensic setup

The Android SDK

Connecting and accessing an Android device from the workstation

Android Debug Bridge

Rooting Android

ADB on a rooted device

Understanding Data Storage on Android Devices

Understanding Data Storage on Android Devices

Android partition layout

Android file hierarchy

Application data storage on the device

Android filesystem overview

Extracting Data Logically from Android Devices

Extracting Data Logically from Android Devices

Logical extraction overview

Manual ADB data extraction

ADB backup extractions

Bypassing Android lock screens

Cracking an Android pattern lock

Android SIM card extractions

Issues and opportunities with Android Lollipop

Extracting Data Physically from Android Devices

Extracting Data Physically from Android Devices

Physical extraction overview

Extracting data physically with dd

Extracting data physically with nanddump

Analyzing a full physical image

Imaging and analyzing Android RAM

Acquiring Android SD cards

Advanced forensic methods

Recovering Deleted Data from an Android Device

Recovering Deleted Data from an Android Device

An overview of data recovery

Recovering data deleted from an SD card

Recovering data deleted from internal memory

Analyzing backups

Forensic Analysis of Android Applications

Forensic Analysis of Android Applications

Application analysis

Determining what apps are installed

Contacts/call analysis

SMS/MMS analysis

User dictionary analysis

Google Chrome analysis

Google Maps analysis

Google Hangouts analysis

Google Keep analysis

Google Plus analysis

Facebook analysis

Facebook Messenger analysis

Snapchat analysis

WhatsApp analysis

WeChat analysis

Application reverse engineering

Android Forensic Tools Overview

Android Forensic Tools Overview

ViaLab Community Edition

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

This chapter was an overview of a few free tools available for Android forensic examiners. These tools are summarized in the following table:

Tool	Features
ViaExtract	Free, requires registration and an active Internet connection Logical extractions via an application pushed to the device Backup extractions Filesystem extractions if device is rooted Roots devices Bypasses screen locks without root by pushing an application to the device
Autopsy	Free and open source Used to examine extractions done by other tools Allows keyword searching, hash lists, and other common forensic methods Powerful timeline feature Can recover deleted data from supported filesystems
ViaLab	Free, requires registration and an active Internet connection Allows an examiner to run an application from the APK and determine data storage locations Runs the application in an emulator or on a test device Valuable tool to show an examiner where data is stored in an app's directory, as well as see the functionality of the...