Book Image

Learning Android Forensics, - Second Edition

By : Donnie Tindall, Rohit Tamma
Book Image

Learning Android Forensics, - Second Edition

By: Donnie Tindall, Rohit Tamma

Overview of this book

Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. Learning Android Forensics will introduce you to the most up-to-date Android platform and its architecture, and provide a high-level overview of what Android forensics entails. You will understand how data is stored on Android devices and how to set up a digital forensic examination environment. As you make your way through the chapters, you will work through various physical and logical techniques to extract data from devices in order to obtain forensic evidence. You will also learn how to recover deleted data and forensically analyze application data with the help of various open source and commercial tools. In the concluding chapters, you will explore malware analysis so that you’ll be able to investigate cybersecurity incidents involving Android malware. By the end of this book, you will have a complete understanding of the Android forensic process, you will have explored open source and commercial forensic tools, and will have basic skills of Android malware identification and analysis.
Table of Contents (12 chapters)

To get the most out of this book

This book covers various forensic approaches and techniques on Android devices. The content is organized in a manner that allows any user to examine an Android device and perform forensic investigation. No prerequisite knowledge is needed
because all the topics are explained, from basic to in-depth. A knowledge of mobile platforms, especially Android, will definitely be an advantage. Wherever possible, the steps required to perform various forensic activities using tools are explained in detail.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781789131017_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Booting into Recovery Mode will not decrypt the /data partition."

A block of code is set as follows:

from subprocess import Popen
from os import getcwd
command = "adb pull /data/data " + getcwd() + "\data_from_device"
p = Popen(command)
p.communicate()

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

from subprocess import Popen
from os import getcwd
command = "adb pull /data/data " + getcwd() + "\data_from_device"
p = Popen(command)
p.communicate()

Any command-line input or output is written as follows:

j7xelte:/ # cat /proc/filesystems

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "From the main recovery screen, select Mount."

Warnings or important notes appear like this.
Tips and tricks appear like this.