Android Forensics

Android Forensics

by Andrew Hoog
Released July 2011
Publisher(s): Syngress
ISBN: 9781597496520

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Android Forensics: Investigation, Analysis, and Mobile Security for Google Android provides the background, techniques and analysis tools you need to effectively investigate an Android phone. This book offers a thorough review of the Android platform, including the core hardware and software components, file systems and data structures, data security considerations, and forensic acquisition techniques and strategies for the subsequent analysis require d. this book is ideal for the classroom as it teaches readers not only how to forensically acquire Android devices but also how to apply actual forensic techniques to recover data.

The book lays a heavy emphasis on open source tools and step-by-step examples and includes information about Android applications needed for forensic investigations. It is organized into seven chapters that cover the history of the Android platform and its internationalization; the Android Open Source Project (AOSP) and the Android Market; a brief tutorial on Linux and Android forensics; and how to create an Ubuntu-based virtual machine (VM). The book also considers a wide array of Android-supported hardware and device types, the various Android releases, the Android software development kit (SDK), the Davlik VM, key components of Android security, and other fundamental concepts related to Android forensics, such as the Android debug bridge and the USB debugging setting. In addition, it analyzes how data are stored on an Android device and describes strategies and specific utilities that a forensic analyst or security engineer can use to examine an acquired Android device.

Core Android developers and manufacturers, app developers, corporate security officers, and anyone with limited forensic experience will find this book extremely useful. It will also appeal to computer forensic and incident response professionals, including commercial/private sector contractors, consultants, and those in federal government.

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Ability to forensically acquire Android devices using the techniques outlined in the book
  • Detailed information about Android applications needed for forensics investigations
  • Important information about SQLite, a file based structured data storage relevant for both Android and many other platforms.

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgements
  7. Introduction
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Website
  8. About the Author
  9. About the Technical Editor
  10. Chapter 1. Android and mobile forensics
    1. Introduction
    2. Android platform
    3. Linux, Open source software, and forensics
    4. Android Open Source Project
    5. Internationalization
    6. Android Market
    7. Android forensics
    8. Summary
    9. References
  11. Chapter 2. Android hardware platforms
    1. Introduction
    2. Overview of core components
    3. Overview of different device types
    4. ROM and boot loaders
    5. Manufacturers
    6. Android updates
    7. Specific devices
    8. Summary
    9. References
  12. Chapter 3. Android software development kit and android debug bridge
    1. Introduction
    2. Android platforms
    3. Software development kit (SDK)
    4. Android security model
    5. Forensics and the SDK
    6. Summary
    7. References
  13. Chapter 4. Android file systems and data structures
    1. Introduction
    2. Data in the Shell
    3. Type of memory
    4. File systems
    5. Mounted file systems
    6. Summary
    7. References
  14. Chapter 5. Android device, data, and app security
    1. Introduction
    2. Data theft targets and attack vectors
    3. Security considerations
    4. Individual security strategies
    5. Corporate security strategies
    6. App development security strategies
    7. Summary
    8. References
  15. Chapter 6. Android forensic techniques
    1. Introduction
    2. Procedures for handling an Android device
    3. Imaging Android USB mass storage devices
    4. Logical techniques
    5. Physical techniques
    6. Summary
    7. References
  16. Chapter 7. Android application and forensic analysis
    1. Introduction
    2. Analysis techniques
    3. FAT forensic analysis
    4. YAFFS2 forensic analysis
    5. Android app analysis and reference
    6. Summary
    7. References
  17. Index

Product information

  • Title: Android Forensics
  • Author(s): Andrew Hoog
  • Release date: July 2011
  • Publisher(s): Syngress
  • ISBN: 9781597496520