A comprehensive guide to Android forensics, from setting up the workstation to analyzing key artifacts
Key Features
Get up and running with modern mobile forensic strategies and techniques Analyze the most popular Android applications using free and open source forensic tools Learn malware detection and analysis techniques to investigate mobile cybersecurity incidents
Book DescriptionMany forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly.
Learning Android Forensics will introduce you to the most up-to-date Android platform and its architecture, and provide a high-level overview of what Android forensics entails. You will understand how data is stored on Android devices and how to set up a digital forensic examination environment. As you make your way through the chapters, you will work through various physical and logical techniques to extract data from devices in order to obtain forensic evidence. You will also learn how to recover deleted data and forensically analyze application data with the help of various open source and commercial tools. In the concluding chapters, you will explore malware analysis so that youll be able to investigate cybersecurity incidents involving Android malware.
By the end of this book, you will have a complete understanding of the Android forensic process, you will have explored open source and commercial forensic tools, and will have basic skills of Android malware identification and analysis.
What you will learn
Understand Android OS and architecture Set up a forensics environment for Android analysis Perform logical and physical data extractions Learn to recover deleted data Explore how to analyze application data Identify malware on Android devices Analyze Android malware
Who this book is forIf you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.
Table of Contents
Introducing Android Forensics
Setting up Android Forensic Environment
Understanding Data Storage on Android Devices
Extracting Data Logically from Android Devices
Extracting Data Physically from Android Devices
Recovering Deleted Data from an Android Device
Forensic Analysis of Android Applications
Android Forensic Tools Overview
Identifying Android malware
Reverse engineering Android malware
Oleg Skulkin is senior digital forensic analyst at Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud. He holds a number of certifications, including GCFA, MCFE, and ACE. Oleg is the co-author of Windows Forensics Cookbook and Practical Mobile Forensics, as well as the author of many blog posts and articles you can find online. Finally, he is one of the people behind Cyber Forensicator. Donnie Tindall is a Principal Incident Response Consultant with the Crypsis Group, where he handles incident response engagements encompassing the full lifecycle of cyber security events. His corporate and consulting background is primarily in conducting sensitive forensics examinations for federal government clients, particularly the U.S. military and the Intelligence Community. Before moving into Incident Response, Donnie had an extensive background in mobile forensics, application security research, and exploitation. He is also an IACIS Certified Forensic Computer Examiner and former Community Instructor of FOR585, the SANS Institute's smartphone forensics course. Rohit Tamma is a security program manager currently working for Microsoft. With over 9 years of experience in the field of security, his background spans management and technical consulting roles in the areas of application and cloud security, mobile security, penetration testing, and security training. Rohit has also co-authored a couple of books, Practical Mobile Forensics and Learning Android Forensics, which explain a number of ways of performing forensics on mobile platforms. You can contact him on Twitter at @RohitTamma.
