Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Autopsy


Autopsy is a free and open source analysis tool initially developed by Brian Carrier. Autopsy started as a Graphical User Interface for the underlying Linux-based SleuthKit toolset, but the latest release (version 3) is a standalone tool built for Windows. Autopsy can be downloaded at http://www.sleuthkit.org/autopsy/.

Autopsy is not intended to perform acquisitions of mobile devices, but can analyze the most common Android filesystems (such as YAFFS and ext). For this example, we will load a full physical image obtained via dd from an HTC Droid DNA, as outlined in Chapter 5, Extracting Data Physically from Android Devices.

Creating a case in Autopsy

On opening Autopsy, the user will be prompted to choose Create New Case, Open Recent Case, or Open Existing Case:

We will create a new case. Follow these steps:

  1. After filling in the Case Name field, the Next button will become available:

  2. On the next screen, an optional Case Number and Examiner can be entered:

  3. Selecting Finish will bring up...