Book Image

Learning Android Forensics

Book Image

Learning Android Forensics

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Android Forensics
Apr, 2015 | 322 pages
No titles found
Table of Contents (15 chapters)
Learning Android Forensics
Learning Android Forensics
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Android Forensics
Introducing Android Forensics
Mobile forensics
The mobile forensics approach
Challenges in mobile forensics
The Android architecture
Android security
2
Setting Up an Android Forensic Environment
Setting Up an Android Forensic Environment
The Android forensic setup
The Android SDK
Connecting and accessing an Android device from the workstation
Android Debug Bridge
Rooting Android
ADB on a rooted device
Summary
3
Understanding Data Storage on Android Devices
Understanding Data Storage on Android Devices
Android partition layout
Android file hierarchy
Application data storage on the device
Android filesystem overview
Summary
4
Extracting Data Logically from Android Devices
Extracting Data Logically from Android Devices
Logical extraction overview
Manual ADB data extraction
ADB backup extractions
ADB Dumpsys
Bypassing Android lock screens
Cracking an Android pattern lock
Android SIM card extractions
Issues and opportunities with Android Lollipop
Summary
5
Extracting Data Physically from Android Devices
Extracting Data Physically from Android Devices
Physical extraction overview
Extracting data physically with dd
Extracting data physically with nanddump
Analyzing a full physical image
Imaging and analyzing Android RAM
Acquiring Android SD cards
Advanced forensic methods
Summary
6
Recovering Deleted Data from an Android Device
Recovering Deleted Data from an Android Device
An overview of data recovery
Recovering data deleted from an SD card
Recovering data deleted from internal memory
Analyzing backups
Summary
7
Forensic Analysis of Android Applications
Forensic Analysis of Android Applications
Application analysis
Determining what apps are installed
Wi-Fi analysis
Contacts/call analysis
SMS/MMS analysis
User dictionary analysis
Gmail analysis
Google Chrome analysis
Google Maps analysis
Google Hangouts analysis
Google Keep analysis
Google Plus analysis
Facebook analysis
Facebook Messenger analysis
Skype analysis
Snapchat analysis
Viber analysis
Tango analysis
WhatsApp analysis
Kik analysis
WeChat analysis
Application reverse engineering
Summary
8
Android Forensic Tools Overview
Android Forensic Tools Overview
ViaExtract
Autopsy
ViaLab Community Edition
Summary
Conclusion
Index
Index

Kik analysis

Kik is a messaging app with over 50,000,000 downloads from the Play Store.

Package name: kik.android

Version: 7.9.0

Files of interest:

  • /cache/

    • chatPicsBig/

    • contentpics/

    • profPics/

  • /files/staging/thumbs

  • /shared_prefs/KikPreferences.xml

  • /sdcard/Kik/

  • /databases/kikDatabase.db

The chatPicsBig and contentpics directories in /cache contain images that were sent and received with the application. The files in contentpics contain what appears to be Kik metadata embedded before the image. The .jpg has to be carved out of these files. In our testing, all of the files in contentpics were also stored in chatPicsBig, though this may change with more extensive app usage. The user's profile picture is found in the /profPics directory.

Note

Data storage method 8 is using basic steganography, which means, a file is stored within a larger file.

The /files/staging/thumbs directory contains thumbnails of images sent and received with the application. Our testing found the same images in this location...

Previous Section
End of Section 21
Next Section