Cargando…

Learning Android forensics : a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts /

Annotation

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Tamma, Rohit (Autor), Tindall, Donnie (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing, 2015.
Colección:Community experience distilled.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Android Forensics; Mobile forensics; Mobile forensics approach; Investigation Preparation; Seizure and Isolation; Acquisition; Examination and Analysis; Reporting; Challenges in mobile forensics; Android architecture; The Linux kernel; Libraries; Dalvik virtual machine; The application framework; The applications layer; Android Security; Security at OS level through Linux kernel; Permission model; Application sandboxing; SELinux in Android
  • Application SigningSecure interprocess communication; Android hardware components; Core components; Central processing unit; Baseband processor; Memory; SD Card; Display; Battery; Android boot process; Boot ROM code execution; The boot loader; The Linux kernel; The init process; Zygote and Dalvik; System server; Summary; Chapter 2: Setting up an Android Forensic Environment; Android forensic setup; Android SDK; Installing the Android SDK; Android Virtual Device; Connecting and accessing an Android device from the workstation; Identifying the device cable; Installing device drivers
  • Accessing the deviceAndroid Debug Bridge; Using adb to access the device; Detecting a connected device; Directing commands to a specific device; Issuing shell commands; Basic Linux commands; Installing an application; Pulling data from the device; Pushing data to the device; Restarting the adb server; Viewing log data; Rooting Android; What is rooting?; Why root?; Recovery and fastboot; Recovery mode; Fastboot mode; Locked and unlocked boot loaders; How to root?; Rooting an unlocked boot loader; Rooting a locked boot loader; ADB on a rooted device; Summary
  • Chapter 3: Understanding Data Storage on Android DevicesAndroid partition layout; Common partitions in Android ; boot loader; boot; recovery; userdata; system; cache; radio; Identifying partition layout; Android file hierarchy; An overview of directories; acct; cache; d; data; dev; Init; mnt; proc; root; sbin; misc; sdcard; system; ueventd.goldfish.rc & ueventd.rc; Application data storage on the device; Shared Preferences; Internal storage; External storage; SQLite database; Network; Android File system overview; Viewing filesystems on an Android device; Common Android filesystems
  • Flash memory filesystemsMedia-based filesystems; Pseudo filesystems; Summary; Chapter 4: Extracting Data Logically from Android Devices; Logical extraction overview; What data can be recovered logically?; Root access; Manual ADB data extraction; USB debugging; Using ADB shell to determine if a device is rooted; ADB pull; Recovery mode; Fastboot mode; Determining bootloader status; Booting to a custom recovery image; ADB backup extractions; Extracting a backup over ADB; Parsing ADB backups; Data locations within ADB backups; ADB Dumpsys; Dumpsys batterystats; Dumpsys procstats; Dumpsys user