Learning Android Forensics

所需积分/C币:15 2018-11-02 08:54:12 12.34MB PDF
收藏 收藏

Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. This book will introduce you to the Android platform and its architecture, and provides a high-level overview of what Android forensics
Table of contents Learning Android forensics Credits about the authors about the reviewers www.packtpub.com Support files, eBooks, discount offers, and more Why subscribe Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Errata Prac Questions 1. Introducing Android Forensics Mobile forensics The mobile forensics approach Investigation Preparation Seizure and isolation Acquisition Examination and analysis Reporting Challenges in mobile forensics The android architecture The linux kernel Libraries Dalvik virtual machine The application framework The applications layer Android security Security at os level through linux kernel Permission model Application sandboxing SELinux in android Application Signing Secure interprocess communication Android hardware components Core components Central processing unit Baseband processor Memory SD Card Spla Battery Android boot process Boot rom code execution The boot loader The linux kernel The init process Zygote and Dalvik System server Summary 2. Setting Up an Android Forensic Environment The Android forensic setup The Android SDK Installing the Android SDK Android virtual device Connecting and accessing an android device from the workstation Identifying the device cable Installing device drivers Accessing the device Android Debug Bridge USing adb to access the device Detecting a connected device Directing commands to a specific device Issuing shell commands Basic linux commands Installing an application Pulling data from the device Pushing data to the device Restarting the adb server Viewing log data Rooting android Wh hat is rooting Why root? Recovery and fastboot Recovery mode Accessing the recovery mode Custom recovery Fastboot mode Locked and unlocked boot loaders How to root Rooting an unlocked boot loader Rooting a locked boot loader AdB on a rooted device Summary 3. Understanding Data Storage on Android Devices Android partition layout Common partitions in Android boot loader boot recovery userdata system cache radio Identifying partition layout Android file hierarchy An overview of directories acct cache data dalvik- cache data ev mnt pI roc root Sbin mIsc care system build prop ap framework ueventd. goldfish.rc and ueventd rc Application data storage on the device Shared preferences Internal storage External storage SQLite database Network Android files ystem overview Viewing filesystems on an Android device Common Android filesystems Flash memory filesystems Media-based filesystems Pseudo filesystems Summary 4. Extracting Data Logically from Android Devices Logical extraction overview What data can be recovered logically? Root access Manual adb data extraction USB debugging USing ADB shell to determine if a device is rooted adb pull Recovery mode Fastboot mode Determining bootloader status Booting to a custom recovery image ADB backup extractions Extracting a backup over ADB Parsing adb backups Data locations within ADB backups ADB Dumpsys Dumpsys batterystats Dumpsys procstats Dumpsys user Dumpsys App ops Dumpsys Wi-Fi Dumpsys notification Dumpsys conclusions Bypassing android lock screens Lock screen types None slide lock screens Pattern lock screens Password/pin lock screens Smart locks Trusted face Trusted location Trusted device General bypass information Cracking an android pattern lock Cracking an Android PIN password Android sim card extractions Acquiring SIM card data SiM security SIM cloning Issues and opportunities with Android lollipop S ummary 5. Extracting Data Physically from Android Devices Physical extraction overview What data can be acquired physically? Root access Extracting data physically with dd Determining w hat to image Writing to an SD card Writing directly to an examiner's computer with netcat Installing netcat on the device Using netcat Extracting data physically with nanddump Verifying a full physical image Analyzing a full physical image Autopsy Issues with analyzing physical dumps Imaging and analyzing Android ram What can be found in ram? Imaging RAM with LiME Imaging RAM with mem Output from mem Acquiring Android SD cards What can be found on an sd card? SD card security Advanced forensic methods TAG Chip-off Bypassing Android full-disk encryption Summar 6. Recovering Deleted Data from an Android Device An overview of data recovery How can deleted files be recovered? Recovering data deleted from an sd card Recovering data deleted from internal memory Recovering deleted data by parsing sqlite files Recovering deleted data through file carving techniques Analyzing backups Summar 7. Forensic Analysis of Android applications Application analysis Why do app analysis? The layout of this chapter Determining what apps are installed Understanding linux epoch time Wi-Fi analysis Contacts/call analysis SMS/MMS analysis User dictionary analysis Gmail analysis google chrome analysis Decoding the WebKit time format Google Maps analysis Google hangouts analysis Google Keep analysis Converting a Julian date Google Plus analysis Facebook analysis Facebook Messenger analysis Skype analysis Recovering video messages from Skype Snapchat analysis Viber analysis Tango analysis Decoding Tango messages Whats App analysis Decrypting Whats App backups Kik analysis WeChat analysis Decrypting the WeChat EnMicroMsg db database Application reverse engineering Obtaining the application's APK file Disassembling an apk file Determining an applications permissions Viewing the application's code Summar 8. Android forensic Tools overview Via extract Backup extraction with ViaExtract Logical extraction with ViaExtract Examining data in ViaExtract Other tools within viaExtract Autopsy Creating a case in Autopsy Analyzing data in Autopsy Vialab Community edition Setting up the emulator in ViaLab Installing an application on the emulator Analyzing data with vialab Summary Conclusion Index Learning Android Forensics

试读 127P Learning Android Forensics
立即下载 低至0.43元/次 身份认证VIP会员低至7折
  • 签到新秀

关注 私信 TA的资源
Learning Android Forensics 15积分/C币 立即下载
Learning Android Forensics第1页
Learning Android Forensics第2页
Learning Android Forensics第3页
Learning Android Forensics第4页
Learning Android Forensics第5页
Learning Android Forensics第6页
Learning Android Forensics第7页
Learning Android Forensics第8页
Learning Android Forensics第9页
Learning Android Forensics第10页
Learning Android Forensics第11页
Learning Android Forensics第12页
Learning Android Forensics第13页
Learning Android Forensics第14页
Learning Android Forensics第15页
Learning Android Forensics第16页
Learning Android Forensics第17页
Learning Android Forensics第18页
Learning Android Forensics第19页
Learning Android Forensics第20页

试读结束, 可继续阅读

15积分/C币 立即下载 >