Learning Android Forensics : Analyze Android Devices with the Latest Forensic Tools and Techniques, 2nd Edition.

Print version record.

Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Chapter 1: Introducing Android Forensics; Mobile forensics; The mobile forensics approach; Investigation preparation; Seizure and isolation; The acquisition phase; Examination and analysis; Reporting; Challenges in mobile forensics; Android architecture; The Linux kernel; Hardware abstraction level; Android Runtime; Native C/C++ Libraries; Java API Framework; The application layer; Android security; Security at OS level through the Linux kernel; Permission model; Sample permission model in Android

Application sandboxingSELinux in Android; Application signing; Secure inter-process communication; Binder communication model; Android hardware components; Core components; Central Processing Unit (CPU); Baseband processor; Memory; SD Card; Display; Battery; Android boot process; Boot ROM code execution; The bootloader; The Linux kernel; The init process; Zygote and Dalvik; System server; Summary; Chapter 2: Setting up the Android Forensic Environment; Android forensic setup; Android SDK; Installing the Android SDK; Android Virtual Device

Connecting and accessing Android devices from the workstationIdentifying the correct device cable; Installing device drivers; Accessing the device; Android Debug Bridge; Using ADB to access the device; Detecting a connected device; Directing commands to a specific device; Issuing shell commands; Basic Linux commands; Installing an application; Pulling data from the device; Pushing data to the device; Restarting the ADB server; Viewing log data; Rooting Android; What is rooting?; Why root?; Recovery and fastboot; Recovery mode; Accessing recovery mode; Custom recovery; Fastboot mode

Locked and unlocked boot loadersHow to root; Rooting an unlocked boot loader; Rooting a locked boot loader; ADB on a rooted device; Summary; Chapter 3: Understanding Data Storage on Android Devices; Android partition layout; Common partitions in Android; Identifying partition layout; Android file hierarchy; Overview of directories; The acct directory; The cache directory; The config directory; The data directory; The dev directory; The mnt directory; The proc directory; The sbin directory; The storage directory; The system directory; Application data storage on the device; Shared preferences

Internal storageExternal storage; SQLite database; Network; Android filesystem overview; Viewing filesystems on an Android device; Common Android filesystems; Flash memory filesystems; Media-based filesystems; Pseudo filesystems; Summary; Chapter 4: Extracting Data Logically from Android Devices; Logical extraction overview; What data can be recovered logically?; Root access; Manual ADB data extraction; USB Debugging; Using adb shell to determine if a device is rooted; adb pull; Recovery Mode; Fastboot mode; Determining bootloader status; Booting to a custom recovery image

ADB backup extractions

This book will introduce you to Android forensics helping you to set up a forensic environment, handle mobile evidence, analyze how and where common applications store their data. You will also learn to identify malware on a device, and how to analyze it.

eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide