Android Forensics book cover

Android Forensics

Investigation, Analysis and Mobile Security for Google Android

Android Forensics: Investigation, Analysis, and Mobile Security for Google Android examines the Android mobile platform and shares techniques for the forensic acquisition and subsequent analysis of Android devices. Organized into seven chapters, the book looks at the history of the Android platform and its internationalization; it discusses the Android Open Source Project (AOSP) and the Android Market; it offers a brief tutorial on Linux and Android forensics; and it explains how to create an Ubuntu-based virtual machine (VM). The book also considers a wide array of Android-supported hardware and device types, the various Android releases, the Android software development kit (SDK), the Davlik VM, key components of Android security, and other fundamental concepts related to Android forensics, such as the Android debug bridge and the USB debugging setting. In addition, it analyzes how data are stored on an Android device and describes strategies and specific utilities that a forensic analyst or security engineer can use to analyze an acquired Android device. Core Android developers and manufacturers, app developers, corporate security officers, and anyone with limited forensic experience will find this book extremely useful.

Audience

Computer forensic and incident response professionals. This includes LE, federal government, commercial/private sector contractors, consultants, etc.

Paperback, 432 Pages

Published: June 2011

Imprint: Syngress

ISBN: 978-1-59749-651-3

Reviews

  • "If you want to truly understand and perform forensics on Android this is the book. There is no other reference that goes to this level of detail on the Android operating systems idiosyncrasies and quirks. Android Forensics is a must have for the mobile device examiner’s bookshelf."-Jim Steele, Director of Digital Forensics , a Tier 1 Wireless Carrier

    "Andrew Hoog in his latest book, Android Forensics, provides exceptionally well written coverage of Android for the Computer Forensics Investigator. No small task given the ever changing nature of Google’s preeminent mobile operating system."--Matthew M. Shannon, Principal, F-Response

    "…provides an excellent and comprehensive coverage of the Android platform, including its design, implementation, operation, investigation and analysis. At 364 pages of content, organized over seven chapters, with a focus on the ‘practical’ - demonstrating system design, implementation, operation and investigation, for instance, through hands-on "experiments" - this sizable text will resonate particularly well with readers disposed to activity-centric, learning-by-doing styled narrative. The text is peppered throughout with device and application (GUI) screenshots, as well as command line execution/output and directory listings."--InfosecReviews.com

    "In conclusion, we feel that Android Forensics is a good introduction to a field that still seems very ‘fresh’ and new to forensic examiners… As a quick reference during forensic analysis, the last chapter proves to be an excellent resource."--Computer and Security

    "At 364 pages of content, organized
over seven chapters, with a focus on
the ‘practical’ - demonstrating system design, implementation, operation and investigation, for instance, through hands- on "experiments" - this sizable text will resonate particularly well with readers disposed to activity-centric, learning-by- doing styled narrative…With a practical focus from the outset that includes how to acquire and install the Android SDK and build an Android Virtual Device (AVD), this text is particularly suited to those disposed to
a hands-on approach to learning about the Android platform from a security and investigation perspective."--Best Digital Forensics Book in InfoSecReviews Book Awards


Contents


  • Acknowledgments

    Introduction

    About the Author

    Chapter 1 Android and Mobile Forensics

        Introduction

        Android Platform

             History of Android

             Google’s Strategy

        Linux, Open Source Software, and Forensics

             Brief History of Linux

        Android Open Source Project

             AOSP Licenses

             Development Process

             Value of Open Source in Forensics

             Downloading and Compiling AOSP

        Internationalization

             Unicode

             Keyboards

             Custom Branches

        Android Market

             Installing an App

             Application Statistics

        Android Forensics

             Challenges

        Summary

        References

    Chapter 2 Android Hardware Platforms

        Introduction

        Overview of Core Components

             Central Processing Unit

             Baseband Modem/Radio

             Memory (Random-Access Memory and NAND Flash)

             Global Positioning System

             Wireless (Wi-Fi.com and Bluetooth)

             Secure Digital Card

             Screen

             Camera

             Keyboard

             Battery

             Universal Serial Bus

             Accelerometer/Gyroscope

             Speaker/Microphone

        Overview of Different Device Types

             Smartphone

             Tablet

             Netbook

             Google TV

             Vehicles (In-board)

             Global Positioning System

             Other Devices

        ROM and Boot Loaders

             Power On and On-chip Boot ROM Code Execution

             Boot Loader (Initial Program Load/Second Program Loader)

             Linux Kernel

             The Init Process

             Zygote and Dalvik

             System Server

        Manufacturers

        Android Updates

             Custom User Interfaces

             Aftermarket Android Devices

        Specific Devices

             T-Mobile G1

             Motorola Droid

             HTC Incredible

             Google Nexus One

        Summary

        References

    Chapter 3 Android Software Development Kit and Android Debug Bridge

        Introduction

        Android Platforms

             Android Platform Highlights Through 2.3.3 (Gingerbread)

        Software Development Kit (SDK)

             SDK Release History

             SDK Install

             Android Virtual Devices (Emulator)

             Android OS Architecture

             Dalvik VM

             Native Code Development

        Android Security Model

        Forensics and the SDK

             Connecting an Android Device to a Workstation

             USB Interfaces

             Introduction to Android Debug Bridge

        Summary

        References

    Chapter 4 Android File Systems and Data Structures

        Introduction

        Data in the Shell

             What Data are Stored

             App Data Storage Directory Structure

             How Data are Stored

        Type of Memory

             RAM

        File Systems

             rootfs, devpts, sysfs, and cgroup File Systems

             proc

             tmpfs

             Extended File System (EXT)

             FAT32/VFAT

             YAFFS2

        Mounted File Systems

             Mounted File Systems

        Summary

        References

    Chapter 5 Android Device, Data, and App Security

        Introduction

        Data Theft Targets and Attack Vectors

             Android Devices as a Target

             Android Devices as an Attack Vector

             Data Storage

             Recording Devices

        Security Considerations

             Security Philosophy

             US Federal Computer Crime Laws and Regulations

             Open Source Versus Closed Source

             Encrypted NAND Flash

        Individual Security Strategies

        Corporate Security Strategies

             Policies

             Password/Pattern/PIN Lock

             Remote Wipe of Device

             Upgrade to Latest Software

             Remote Device Management Features

             Application and Device Audit

        App Development Security Strategies

             Mobile App Security Testing

             App Security Strategies

        Summary

        References

    Chapter 6 Android Forensic Techniques

        Introduction

             Types of Investigations

             Difference Between Logical and Physical Techniques

             Modification of the Target Device

        Procedures for Handling an Android Device

             Securing the Device

             Network Isolation

             How to Circumvent the Pass Code

        Imaging Android USB Mass Storage Devices

             SD Card Versus eMMC

             How to Forensically Image the SD Card/eMMC

        Logical Techniques

             ADB Pull

             Backup Analysis

             AFLogical

             Commercial Providers

        Physical Techniques

             Hardware-Based Physical Techniques

             JTAG

             Chip-off

             Software-Based Physical Techniques and Privileges

             AFPhysical Technique

        Summary

        References

    Chapter 7 Android Application and Forensic Analysis

        Introduction

        Analysis Techniques

             Timeline Analysis

             File System Analysis

             File Carving

             Strings

             Hex: A Forensic Analyst’s Good Friend

             Android Directory Structures

        FAT Forensic Analysis

             FAT Timeline Analysis

             FAT Additional Analysis

             FAT Analysts Notes

        YAFFS2 Forensic Analysis

             YAFFS2 Timeline Analysis

             YAFFS2 File System Analysis

             YAFFS2 File Carving

             YAFFS2 Strings Analysis

             YAFFS2 Analyst Notes

        Android App Analysis and Reference

             Messaging (sms and mms)

             MMS Helper Application

             Browser

             Contacts

             Media Scanner

             YouTube

             Cooliris Media Gallery

             Google Maps

             Gmail

             Facebook

             Adobe Reader

        Summary

        References

    Index






Advertisement

advert image