Thanks Thanks:  6
Showing results 1 to 1 of 1

Thread: Android Forensics Investigation, Analysis, and Mobile Security for Google Android

  1. #1
    Member Reputation: 730
    Join Date
    2011-04-12
    Posts
    633


    2 out of 2 members found this post helpful.

    Default Android Forensics Investigation, Analysis, and Mobile Security for Google Android

    Android Forensics Investigation, Analysis, and Mobile Security for Google Android

    372 pages.

    CHAPTER 1
    This chapter provides not only a history of the Android platform but also discusses
    the Android Open Source Project (AOSP), the internationalization of the platform,
    the Android Market, a brief Linux tutorial, and a quick fb-non-chapter to Android
    forensics. It also provides a step-by-step tutorial for creating an Ubuntu-based
    virtual machine (VM), which will be used throughout the book in examples. The
    Ubuntu VM is a highly recommended component of this book and can also be used
    outside of the book for Android forensic cases.

    CHAPTER 2
    In this chapter, a wide array of Android-supported hardware and device types is
    covered. Although the hardware compatibility is great for manufacturers, wireless
    providers, and ultimately consumers, this diversity poses challenges for forensic
    analysts and security engineers. Understanding the hardware components, device
    types, and boot process for Android will aid in your overall understanding of
    Android and assist in both forensic and security investigations.

    CHAPTER 3
    This chapter covers the various Android releases, the Android software development
    kit (SDK), the Davlik virtual machine, key components of Android security, and
    several other concepts core to Android forensics such as the Android debug bridge
    (adb) and the USB debugging setting. Step-by-step examples include installing the
    SDK on Linux, OS X, and Windows as well as creating an Android virtual device
    that can be used to test forensic techniques.

    CHAPTER 4
    This chapter covers the information needed to understand how data are stored on an
    Android device. This includes reviewing the methods in which data are stored
    (shared preferences, files, SQLite, and network) as well as the types of memory used
    in an Android device such as RAM and the all important NAND flash. The various
    file systems the reader might encounter in an Android device are also covered in
    great detail including the YAFFS2, EXT, FAT32/FAT16, and a variety of low-level
    file systems.

    CHAPTER 5
    This chapter covers the security of Android devices, data, and apps. A review not
    only of how data can be exfiltrated from an Android device is covered but also of
    how an Android device can be used as an active attack vector. After discussing
    several overarching security concepts, this chapter provides specific advice for three
    primary audiences: individuals, corporate security, and app developers. As the
    growth of Android continues, issues of data security will be increasingly important
    and this chapter provides a thorough and practical fb-non-chapter to this important
    topic.

    CHAPTER 6
    This chapter covers specific techniques that are useful in the forensic acquisition of
    Android devices. After clarifying the different types of acquisitions and providing
    procedures for handling an Android device, seven different strategies for circumventing a pass code are discussed. Next, techniques and a specific script for
    acquiring an SD card and, if present, the Embedded MultiMediaCard (eMMC) are
    covered. Logical acquisition techniques are then covered including ones built into
    Android and the SDK, a solution free to law enforcement and government agencies
    called AFLogical, and finally a review of six commercial forensic software packages. Finally, techniques for acquiring a physical image of the NAND flash are
    described in detail including six strategies for gaining root privileges and the
    AFPhysical technique developed by viaForensics.

    CHAPTER 7
    In this final chapter, strategies and specific utilities are provided, which enable
    a forensic analyst or security engineer to analyze an acquired Android device.
    Although many of the techniques used in traditional forensic investigations are
    applicable in Android forensics analysis, the new file system and the underlying
    hardware characteristics require new techniques. Without these new techniques,
    little content and value can be extracted from an Android physical acquisition.
    Beyond providing the background and actual utilities, an overview of Android’s
    directory structure as well as an in-depth analysis of 11 important applications that
    provide significant data about the device are given. Armed with this knowledge,
    a forensic analyst or security engineer can investigate any Android device they
    encounter.
    Edify...

  2. Thanks hamody2005, engine-driver thanked for this post
  3. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
     

Tags for this Thread

Bookmarks

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •