Learning Android Forensics Second Edition

▶What You Will Learn
⦁ Understand Android OS and architecture
⦁ Set up a forensics environment for Android analysis
⦁ Perform logical and physical data extractions
⦁ Learn to recover deleted data
⦁ Explore how to analyze application data
⦁ Identify malware on Android devices
⦁ Analyze Android malware

▶Key Features
⦁ Get up and running with modern mobile forensic strategies and techniques
⦁ Analyze the most popular Android applications using free and open source forensic tools
⦁ Learn malware detection and analysis techniques to investigate mobile cybersecurity incidents

▶Who This Book Is For
If you are a forensic analyst or an information security professional wanting to develop your knowledge of Android forensics, then this is the book for you. Some basic knowledge of the Android mobile platform is expected.

▶What this book covers
⦁ Chapter 1, Introducing Android Forensics, helps you to understand the Android architecture and the security model that is crucial to have a proper understanding of Android forensics. This chapter will also explain the inherent security features in Android OS, such as application sandboxing, and permission model, to safeguard the device from various threats and also pose as an obstacle for forensic experts during investigation.

⦁ Chapter 2, Setting Up the Android Forensic Environment, takes you through everything that is necessary to have an established forensic setup for examining Android devices.

⦁ Chapter 3, Understanding Data Storage on Android Devices, helps you to know what kind of data is stored on the device, where it is stored, how it is stored, and details of the filesystems on which the data is stored. This knowledge is especially important to a forensic analyst to take an informed decision about where to look for data and techniques that can be used to extract the same.

⦁ Chapter 4, Extracting Data Logically from Android Devices, covers logical data extraction, and the use of free and open source tools wherever possible. The majority of the material covered in this chapter will use the Android Debug Bridge (ADB) methods.

⦁ Chapter 5, Extracting Data Physically from Android Devices, covers physical data extraction, using free and open source tools wherever possible.

⦁ Chapter 6, Recovering Deleted Data from an Android Device, provides an overview regarding the recovery of data deleted from an Android device.

⦁ Chapter 7, Forensic Analysis of Android Applications, covers application analysis, using free and open source tools. This chapter will focus on analyzing the data that would be recovered using any of the logical or physical techniques, while also relying heavily on the storage methods. We will see numerous SQLite databases, XML files, and other file types from various locations within the file hierarchy described in that chapter.

⦁ Chapter 8, Android Forensic Tools Overview, provides an overview of the free and commercial Android forensic tools, and demonstrates how to use the tool for common investigative scenarios.

⦁ Chapter 9, Identifying Android Malware, includes an overview of what malware is, and how to identify it using antivirus scanners, VirusTotal and YARA rules.

⦁ Chapter 10, Android Malware Analysis, describes the process of dynamic and static analysis of malicious Android applications.