Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Learning Android Forensics Second Edition
About Packt
Why subscribe? Packt.com
Contributors
About the authors About the reviewers Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Download the color images Conventions used
Get in touch
Reviews
Introducing Android Forensics
Mobile forensics The mobile forensics approach
Investigation preparation Seizure and isolation The acquisition phase Examination and analysis Reporting
Challenges in mobile forensics Android architecture
The Linux kernel Hardware abstraction level Android Runtime Native C/C++ Libraries Java API Framework The application layer
Android security
Security at OS level through the Linux kernel Permission model
Sample permission model in Android
Application sandboxing SELinux in Android Application signing Secure inter-process communication Binder communication model
Android hardware components
Core components
Central Processing Unit (CPU) Baseband processor Memory SD Card Display Battery
Android boot process
Boot ROM code execution The bootloader The Linux kernel The init process
Zygote and Dalvik
System server
Summary
Setting up the Android Forensic Environment
Android forensic setup
Android SDK
Installing the Android SDK Android Virtual Device
Connecting and accessing Android devices from the workstation
Identifying the correct device cable Installing device drivers Accessing the device
Android Debug Bridge
Using ADB to access the device
Detecting a connected device Directing commands to a specific device Issuing shell commands Basic Linux commands Installing an application Pulling data from the device Pushing data to the device Restarting the ADB server Viewing log data
Rooting Android
What is rooting? Why root? Recovery and fastboot
Recovery mode
Accessing recovery mode Custom recovery
Fastboot mode
Locked and unlocked boot loaders How to root
Rooting an unlocked boot loader Rooting a locked boot loader ADB on a rooted device
Summary
Understanding Data Storage on Android Devices
Android partition layout
Common partitions in Android Identifying partition layout
Android file hierarchy
Overview of directories
The acct directory The cache directory The config directory The data directory The dev directory The mnt directory The proc directory The sbin directory The storage directory The system directory
Application data storage on the device
Shared preferences Internal storage External storage SQLite database Network
Android filesystem overview
Viewing filesystems on an Android device Common Android filesystems
Flash memory filesystems Media-based filesystems Pseudo filesystems
Summary
Extracting Data Logically from Android Devices
Logical extraction overview
What data can be recovered logically?
Root access
Manual ADB data extraction
USB Debugging
Using adb shell to determine if a device is rooted
adb pull Recovery Mode Fastboot mode
Determining bootloader status Booting to a custom recovery image
ADB backup extractions
Extracting a backup over ADB Parsing ADB backups Data locations within ADB backups
ADB dumpsys
Dumpsys batterystats Dumpsys procstats Dumpsys user Dumpsys App Ops Dumpsys Wi-Fi Dumpsys notification Dumpsys conclusions Helium backup extractions
Bypassing Android lock screens
Lock screen types
None/Slide lock screens Pattern lock screens Password/PIN lock screens Smart Locks
Trusted Face Trusted Voice Trusted Location Trusted Device On-body Detection
General bypass information Removing Android lock screens
Removing PIN/password with ADB Removing PIN/Password with ADB and SQL
Android SIM card extractions
Acquiring SIM card data SIM Security
SIM cloning
Summary
Extracting Data Physically from Android Devices
Physical extraction overview
What data can be acquired physically?
Root access
Extracting data physically with dd
Determining what to image   Writing to an SD card Writing directly to an examiner's computer with netcat
Installing netcat on the device Using netcat
Extracting data physically with nanddump Extracting data physically with Magnet ACQUIRE
Verifying a full physical image
Analyzing a full physical image
Autopsy Issues with analyzing physical dumps
Imaging and analyzing Android RAM
What can be found in RAM? Imaging RAM with LiME
Acquiring Android SD cards
What can be found on an SD card? SD card security
Advanced forensic methods
JTAG Chip-off
Summary
Recovering Deleted Data from an Android Device
Data recovery overview
How can deleted files be recovered?
Recovering deleted data from SD cards Recovering deleted records from SQLite databases Recovering deleted data from internal memory Recovering deleted data using file carving Summary
Forensic Analysis of Android Applications
Application analysis overview Why do app analysis? Layout of this chapter
Determining which apps are installed Understanding Unix epoch time Wi-Fi analysis Contacts/Call analysis SMS/MMS analysis User dictionary analysis Gmail analysis Google Chrome analysis
Decoding the Webkit time format
Google Maps analysis Google Hangouts analysis Google Keep analysis Converting a Julian date Google Plus analysis Facebook analysis Facebook Messenger analysis Skype analysis Recovering video messages from Skype Snapchat analysis Viber analysis Tango analysis Decoding Tango messages WhatsApp analysis
Decrypting WhatsApp backups
Kik analysis WeChat analysis
Decrypting the WeChat EnMicroMsg.db
Summary
Android Forensic Tools Overview
Autopsy
Creating a case in Autopsy Analyzing data in Autopsy
Belkasoft Evidence Center
Creating a case in Belkasoft Evidence Center Analyzing data in Belkasoft Evidence Center
Magnet AXIOM
Creating a case in Magnet AXIOM Analyzing data in Magnet AXIOM
Summary
Identifying Android Malware
An introduction to Android malware Android malware overview
Banking malware  Spyware Adware Ransomware Cryptomining malware
Android malware identification
Android malware identification using antivirus scanners Android malware identification using VirusTotal Android malware identification using YARA rules
Summary
Android Malware Analysis
Dynamic analysis of malicious Android applications 
Dynamic analysis using an online sandbox
Static analysis of malicious Android applications
Unpacking Android applications Manifest file decoding and analysis Android application decompilation Viewing and analyzing decompiled code
Summary Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion