Chapter 1, Introducing Android Forensics, helps you to understand the Android architecture and the security model that is crucial to have a proper understanding of Android forensics. This chapter will also explain the inherent security features in Android OS, such as application sandboxing, and permission model, to safeguard the device from various threats and also pose as an obstacle for forensic experts during investigation.
Chapter 2, Setting Up the Android Forensic Environment, takes you through everything that is necessary to have an established forensic setup for examining Android devices.
Chapter 3, Understanding Data Storage on Android Devices, helps you to know what kind of data is stored on the device, where it is stored, how it is stored, and details of the filesystems on which the data is stored. This knowledge is especially important to a forensic analyst to take an informed decision about where to look for data and techniques that can be used to extract the same.
Chapter 4, Extracting Data Logically from Android Devices, covers logical data extraction, and the use of free and open source tools wherever possible. The majority of the material covered in this chapter will use the Android Debug Bridge (ADB) methods.
Chapter 5, Extracting Data Physically from Android Devices, covers physical data extraction, using free and open source tools wherever possible.
Chapter 6, Recovering Deleted Data from an Android Device, provides an overview regarding the recovery of data deleted from an Android device.
Chapter 7, Forensic Analysis of Android Applications, covers application analysis, using free and open source tools. This chapter will focus on analyzing the data that would be recovered using any of the logical or physical techniques, while also relying heavily on the storage methods. We will see numerous SQLite databases, XML files, and other file types from various locations within the file hierarchy described in that chapter.
Chapter 8, Android Forensic Tools Overview, provides an overview of the free and commercial Android forensic tools, and demonstrates how to use the tool for common investigative scenarios.
Chapter 9, Identifying Android Malware, includes an overview of what malware is, and how to identify it using antivirus scanners, VirusTotal and YARA rules.
Chapter 10, Android Malware Analysis, describes the process of dynamic and static analysis of malicious Android applications.