Learning Android Forensics 无水印pdf 0分

所需积分/C币:9 2017-03-20 12:13:35 12.34MB PDF
收藏 收藏

Learning Android Forensics 英文无水印pdf pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开
Table of contents Learning Android forensics Credits About the authors About the reviewers www.Packtpub.com Support files, eBooks, discount offers, and more Why subscribe Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Errata Prac Questions 1. Introducing Android forensics Mobile forensics The mobile forensics approach Investi gation Preparation Seizure and isolation Acquisition Examination and anal ysis Reporting challenges in mobile forensics The android architecture The linux kernel Libraries Dalvik virtual machine The application framework The applications laver Android security Security at OS level through Linux kernel Permission model Application sandboxing SELinux in android Application signing Secure interprocess communication Android hardware components Core components Central processing unit Baseband processor Memory SD Card Display Battery Android boot process Boot rom code execution The boot loader The linux kernel he init process Zygote and Dalvik System server Summary 2. Setting Up an Android Forensic Environment The Android forensic setup The Android SdK Installing the Android sdk Android virtual device Connecting and accessing an android device from the workstation Identifying the device cable Installing device drivers Accessing the device Android debug brids USing adb to access the device Detecting a connected device Directing commands to a specific device Issuing shell commands Basic linux commands Installing an application Pulling data from the device Pushing data to the device Restarting the adb server Viewing log data Rooting android What is rooting Why root? Recovery and fastboot Recovery mode Accessing the recovery mode Custom recovery Fastboot mode Locked and unlocked boot loaders How to root Rooting an unlocked boot loader Rooting a locked boot loader adB on a rooted device Summary 3. Understanding Data Storage on Android Devices Android partition layout Common partitions in Android boot loader boot recovery userdata system cache radio Identifying partition layout Android file hierarchy An overview of directories acct cache data dalvik-cache data lev mnt p root soin mIsc care system build prop app framework ueventd. goldfish. rc and ueventd rc Application data storage on the device Shared preferences Internal storage External storage SQLite database Network Android filesystem overview Viewing filesystems on an Android device Common Android filesystems Flash memory filesystems Media-based filesystems Pseudo filesystems Summar 4. Extracting Data Logically from Android Devices Logical extraction overview What data can be recovered logically? Root access Manual adb data extraction USB debugging Using ADB shell to determine if a device is rooted aDB pull Recovery mode Fastboot mode Determining bootloader status Booting to a custom recovery image ADB backup extractions Extracting a backup over ADB Parsing adB backups Data locations within ADB backups ADB Dumpsys Dumpsys batterystats Dumpsys procstats Dumpsys user Dumpsys app ops Dumpsys wi-Fi Dumpsys notification Dumpsys conclusions Bypassing android lock screens Lock screen types None/slide lock screens Pattern lock screens Password/Pin lock screens Smart locks Trusted Face Trusted Location Trusted Device General bypass information Cracking an android pattern lock Cracking an Android PIN/Password Android sim card extractions Acquiring Sim card data SiM security SIM cloning Issues and opportuni ties with Android lollipop Summary 5. Extracting Data Physically from Android Devices Physical extraction overview What data can be acquired physically? Root access Extracting data physically with dd Determining what to image Writing to an sd card Writing directly to an examiner's computer with netcat Installing netcat on the device USing netcat Extracting data physically with nanddump Verifying a full physical image Analyzing a full physical image Autopsy sSues with analyzing physical dumps Imaging and analyzing Android RAM What can be found in ram? Imaging RAM with LiME Imaging ram with mem Output from mem cquiring Android SD cards What can be found on an sd card? SD card security Advanced forensic methods JTAG Chip-off Bypassing Android full-disk encryption Summary 6. Recovering Deleted Data from an Android Device An overview of data recovery How can deleted files be recovered? Recovering data deleted from an Sd card Recovering data deleted from internal memory Recovering deleted data by parsing solite files Recovering deleted data through file carving techniques Analyzing backups Summary 7. Forensic Analysis of Android applications Application analysis Why do app analysis? The layout of this chapter Determining what apps are installed Understanding Linux epoch time Wi-Fi analysis ontacts/call analysis SMS/MMS anal ysis User dictionary analysis Gmail analysis google chrome analysis Decoding the WebKit time format Google Maps analysis Google hangouts analysis Google Keep analysis Converting a Julian date Google plus analysis Facebook anal ysis Facebook Messenger analysis Skype analysis Recovering video messages from Skype Snapchat analysis Viber analysis Tango analysis Decoding Tango messages Whats△ pp analysis Decrypting Whats App backups Kik analysis We Chat analysis Decrypting the WeChat EnMicroMsg db database Application reverse engineering Obtaining the application's APK file Disassembling an apk file Determining an application's permissions Viewing the application's code Summary 8. Android forensic Tools overview ViaExtract Backup extraction with ViaExtract Logical extraction with ViaExtract Examining data in ViaExtract Other tools within viaextrac Autops Creating a case in autopsy Analyzing data in Autopsy Vialab community edition Setting up the emulator in ViaLab Installing an application on the emulator Analyzing data with vialab S ummar Conclusion ndex Learning android forensics

试读 127P Learning Android Forensics 无水印pdf 0分
立即下载 低至0.43元/次 身份认证VIP会员低至7折
Learning Android Forensics 无水印pdf 0分 9积分/C币 立即下载
Learning Android Forensics 无水印pdf 0分第1页
Learning Android Forensics 无水印pdf 0分第2页
Learning Android Forensics 无水印pdf 0分第3页
Learning Android Forensics 无水印pdf 0分第4页
Learning Android Forensics 无水印pdf 0分第5页
Learning Android Forensics 无水印pdf 0分第6页
Learning Android Forensics 无水印pdf 0分第7页
Learning Android Forensics 无水印pdf 0分第8页
Learning Android Forensics 无水印pdf 0分第9页
Learning Android Forensics 无水印pdf 0分第10页
Learning Android Forensics 无水印pdf 0分第11页
Learning Android Forensics 无水印pdf 0分第12页
Learning Android Forensics 无水印pdf 0分第13页
Learning Android Forensics 无水印pdf 0分第14页
Learning Android Forensics 无水印pdf 0分第15页
Learning Android Forensics 无水印pdf 0分第16页
Learning Android Forensics 无水印pdf 0分第17页
Learning Android Forensics 无水印pdf 0分第18页
Learning Android Forensics 无水印pdf 0分第19页
Learning Android Forensics 无水印pdf 0分第20页

试读结束, 可继续阅读

9积分/C币 立即下载 >