Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Rohit Tamma, Donnie Tindall
Learning Android Forensics
Learning Android Forensics
Table of Contents
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
The mobile forensics approach
Investigation Preparation
Seizure and Isolation
Acquisition
Examination and Analysis
Reporting
Challenges in mobile forensics
The Android architecture
The Linux kernel
Libraries
Dalvik virtual machine
The application framework
The applications layer
Android security
Security at OS level through Linux kernel
Permission model
Application sandboxing
SELinux in Android
Application Signing
Secure interprocess communication
Android hardware components
Core components
Central processing unit
Baseband processor
Memory
SD Card
Display
Battery
Android boot process
Boot ROM code execution
The boot loader
The Linux kernel
The init process
Zygote and Dalvik
System server
Summary
2. Setting Up an Android Forensic Environment
The Android forensic setup
The Android SDK
Installing the Android SDK
Android Virtual Device
Connecting and accessing an Android device from the workstation
Identifying the device cable
Installing device drivers
Accessing the device
Android Debug Bridge
Using adb to access the device
Detecting a connected device
Directing commands to a specific device
Issuing shell commands
Basic Linux commands
Installing an application
Pulling data from the device
Pushing data to the device
Restarting the adb server
Viewing log data
Rooting Android
What is rooting?
Why root?
Recovery and fastboot
Recovery mode
Accessing the recovery mode
Custom recovery
Fastboot mode
Locked and unlocked boot loaders
How to root
Rooting an unlocked boot loader
Rooting a locked boot loader
ADB on a rooted device
Summary
3. Understanding Data Storage on Android Devices
Android partition layout
Common partitions in Android
boot loader
boot
recovery
userdata
system
cache
radio
Identifying partition layout
Android file hierarchy
An overview of directories
acct
cache
d
data
dalvik-cache
data
dev
init
mnt
proc
root
sbin
misc
sdcard
system
build.prop
app
framework
ueventd.goldfish.rc and ueventd.rc
Application data storage on the device
Shared preferences
Internal storage
External storage
SQLite database
Network
Android filesystem overview
Viewing filesystems on an Android device
Common Android filesystems
Flash memory filesystems
Media-based filesystems
Pseudo filesystems
Summary
4. Extracting Data Logically from Android Devices
Logical extraction overview
What data can be recovered logically?
Root access
Manual ADB data extraction
USB debugging
Using ADB shell to determine if a device is rooted
ADB pull
Recovery mode
Fastboot mode
Determining bootloader status
Booting to a custom recovery image
ADB backup extractions
Extracting a backup over ADB
Parsing ADB backups
Data locations within ADB backups
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Table of Contents
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset