Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Android Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learning Android Forensics

Learning Android Forensics

4.2 (6)
Buy this Book
close
close
Learning Android Forensics

Learning Android Forensics

4.2 (6)
Buy this Book

Overview of this book

If you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.
Table of Contents (10 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Introducing Android Forensics
Icon
1. Introducing Android Forensics
Icon
Mobile forensics
Icon
The mobile forensics approach
Icon
Challenges in mobile forensics
Icon
The Android architecture
Icon
Android security
2
2. Setting Up an Android Forensic Environment
Icon
2. Setting Up an Android Forensic Environment
Icon
The Android forensic setup
Icon
The Android SDK
Icon
Connecting and accessing an Android device from the workstation
Icon
Android Debug Bridge
Icon
Rooting Android
Icon
ADB on a rooted device
Icon
Summary
3
3. Understanding Data Storage on Android Devices
Icon
3. Understanding Data Storage on Android Devices
Icon
Android partition layout
Icon
Android file hierarchy
Icon
Application data storage on the device
Icon
Android filesystem overview
Icon
Summary
4
4. Extracting Data Logically from Android Devices
Icon
4. Extracting Data Logically from Android Devices
Icon
Logical extraction overview
Icon
Manual ADB data extraction
Icon
ADB backup extractions
Icon
ADB Dumpsys
Icon
Bypassing Android lock screens
Icon
Cracking an Android pattern lock
Icon
Android SIM card extractions
Icon
Issues and opportunities with Android Lollipop
Icon
Summary
5
5. Extracting Data Physically from Android Devices
Icon
5. Extracting Data Physically from Android Devices
Icon
Physical extraction overview
Icon
Extracting data physically with dd
Icon
Extracting data physically with nanddump
Icon
Analyzing a full physical image
Icon
Imaging and analyzing Android RAM
Icon
Acquiring Android SD cards
Icon
Advanced forensic methods
Icon
Summary
6
6. Recovering Deleted Data from an Android Device
Icon
6. Recovering Deleted Data from an Android Device
Icon
An overview of data recovery
Icon
Recovering data deleted from an SD card
Icon
Recovering data deleted from internal memory
Icon
Analyzing backups
Icon
Summary
7
7. Forensic Analysis of Android Applications
chevron up
Icon
7. Forensic Analysis of Android Applications
Icon
Application analysis
Icon
Determining what apps are installed
Icon
Wi-Fi analysis
Icon
Contacts/call analysis
Icon
SMS/MMS analysis
Icon
User dictionary analysis
Icon
Gmail analysis
Icon
Google Chrome analysis
Icon
Google Maps analysis
Icon
Google Hangouts analysis
Icon
Google Keep analysis
Icon
Google Plus analysis
Icon
Facebook analysis
Icon
Facebook Messenger analysis
Icon
Skype analysis
Icon
Snapchat analysis
Icon
Viber analysis
Icon
Tango analysis
Icon
WhatsApp analysis
Icon
Kik analysis
Icon
WeChat analysis
Icon
Application reverse engineering
Icon
Summary
8
8. Android Forensic Tools Overview
Icon
8. Android Forensic Tools Overview
Icon
ViaExtract
Icon
Autopsy
Icon
ViaLab Community Edition
Icon
Summary
Icon
Conclusion
9
Index
Icon
Index

Google Plus analysis

Google Plus is the Google-based social network. It allows us to share text/videos/images, add friends, follow people, and message. Google Plus may also, depending on the user's settings, automatically upload all pictures taken on the user's device.

Package name: com.google.android.apps.plus

Version: 4.8.0.81189390

Files of interest:

  • /databases/es0.db

The Es0.db database contains all the information an examiner would expect to find from a social-media account:

Table

Description

all_photos

This contains a URL to download images shared by and with the user as well as the creation date/time in the Linux epoch format.

activites

This contains data displayed in the user's stream (that is, their news feed). The created and modified time for each post is, once again, stored in the Linux epoch time. The title and comment columns will contain the post title and at least some of the comments from it. The permalink column contains a URL that can be followed to view the post...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Android Forensics
End of Section 7
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon