Book Image

Learning Android Forensics - Second Edition

By : Oleg Skulkin, Donnie Tindall, Rohit Tamma
Book Image

Learning Android Forensics - Second Edition

By: Oleg Skulkin, Donnie Tindall, Rohit Tamma

Overview of this book

Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. Learning Android Forensics will introduce you to the most up-to-date Android platform and its architecture, and provide a high-level overview of what Android forensics entails. You will understand how data is stored on Android devices and how to set up a digital forensic examination environment. As you make your way through the chapters, you will work through various physical and logical techniques to extract data from devices in order to obtain forensic evidence. You will also learn how to recover deleted data and forensically analyze application data with the help of various open source and commercial tools. In the concluding chapters, you will explore malware analysis so that you’ll be able to investigate cybersecurity incidents involving Android malware. By the end of this book, you will have a complete understanding of the Android forensic process, you will have explored open source and commercial forensic tools, and will have basic skills of Android malware identification and analysis.
Table of Contents (12 chapters)

Layout of this chapter

For each application we examine, we will provide a package name and files of interest. All apps store their data in the /data/data or /data/user_de/0 (newer devices) directory by default; apps can also use the SD card if they ask for this permission when the app is installed. The package name is the name of the directory for the application in one of these directories. The paths in the Files of interest section are from the root of the package name. Paths to data on the SD card are shown beginning with /sdcard. Do not expect to find data paths beginning with /sdcard in the /data/data or /data/user_de/0 directory of the application!

We will begin by looking at some of Google's applications, because these are pre-installed on the majority of devices (though they do not have to be). Then we will look at third-party applications that can be found on Google...