Learning Android forensics a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts
If you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai, [India] :
Packt Publishing
2015.
|
| Edición: | 1st edition |
| Colección: | Community experience distilled.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628669206719 |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Android Forensics; Mobile forensics; Mobile forensics approach; Investigation Preparation; Seizure and Isolation; Acquisition; Examination and Analysis; Reporting; Challenges in mobile forensics; Android architecture; The Linux kernel; Libraries; Dalvik virtual machine; The application framework; The applications layer; Android Security; Security at OS level through Linux kernel; Permission model; Application sandboxing; SELinux in Android
- Application SigningSecure interprocess communication; Android hardware components; Core components; Central processing unit; Baseband processor; Memory; SD Card; Display; Battery; Android boot process; Boot ROM code execution; The boot loader; The Linux kernel; The init process; Zygote and Dalvik; System server; Summary; Chapter 2: Setting up an Android Forensic Environment; Android forensic setup; Android SDK; Installing the Android SDK; Android Virtual Device; Connecting and accessing an Android device from the workstation; Identifying the device cable; Installing device drivers
- Accessing the deviceAndroid Debug Bridge; Using adb to access the device; Detecting a connected device; Directing commands to a specific device; Issuing shell commands; Basic Linux commands; Installing an application; Pulling data from the device; Pushing data to the device; Restarting the adb server; Viewing log data; Rooting Android; What is rooting?; Why root?; Recovery and fastboot; Recovery mode; Fastboot mode; Locked and unlocked boot loaders; How to root?; Rooting an unlocked boot loader; Rooting a locked boot loader; ADB on a rooted device; Summary
- Chapter 3: Understanding Data Storage on Android DevicesAndroid partition layout; Common partitions in Android ; boot loader; boot; recovery; userdata; system; cache; radio; Identifying partition layout; Android file hierarchy; An overview of directories; acct; cache; d; data; dev; Init; mnt; proc; root; sbin; misc; sdcard; system; ueventd.goldfish.rc & ueventd.rc; Application data storage on the device; Shared Preferences; Internal storage; External storage; SQLite database; Network; Android File system overview; Viewing filesystems on an Android device; Common Android filesystems
- Flash memory filesystemsMedia-based filesystems; Pseudo filesystems; Summary; Chapter 4: Extracting Data Logically from Android Devices; Logical extraction overview; What data can be recovered logically?; Root access; Manual ADB data extraction; USB debugging; Using ADB shell to determine if a device is rooted; ADB pull; Recovery mode; Fastboot mode; Determining bootloader status; Booting to a custom recovery image; ADB backup extractions; Extracting a backup over ADB; Parsing ADB backups; Data locations within ADB backups; ADB Dumpsys; Dumpsys batterystats; Dumpsys procstats; Dumpsys user
- Dumpsys App Ops
