Practical Mobile Forensics,
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Share book
  1. 402 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Practical Mobile Forensics,

Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov

Book details
Book preview
Table of contents
Citations

About This Book

Investigate, analyze, and report iOS, Android, and Windows devices

Key Features

  • Get hands-on experience in performing simple to complex mobile forensics techniques.
  • Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums.
  • A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Book Description

Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations.

By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions.

What you will learn

  • Discover the new techniques in practical mobile forensics
  • Understand the architecture and security mechanisms present in iOS and Android platforms
  • Identify sensitive files on the iOS and Android platforms
  • Set up a forensic environment
  • Extract data from the iOS and Android platforms
  • Recover data on the iOS and Android platforms
  • Understand the forensics of Windows devices
  • Explore various third-party application techniques and data recovery techniques

Who this book is for

If you are a forensics professional and are eager to widen your forensics skill set to mobile forensics then, this book is for you. Some understanding of digital forensics practices would do wonders.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Practical Mobile Forensics, an online PDF/ePUB?
Yes, you can access Practical Mobile Forensics, by Heather Mahalik, Satish Bommisetty, Oleg Skulkin, Rohit Tamma, Igor Mikhaylov in PDF and/or ePUB format, as well as other popular books in Computer Science & Hardware. We have over one million books available in our catalogue for you to explore.

Information

Year
2018
ISBN
9781788835909
Subtopic
Hardware
Edition
3

Android Forensic Setup and Pre-Data Extraction Techniques

In the previous chapter, we covered the fundamentals of Android architecture, security features, filesystems, and other capabilities. Having an established forensic environment before the start of an examination is important, as it ensures that the data is protected while the examiner maintains control of the workstation. This chapter will explain the process of, and what to consider when, setting up a digital forensic examination environment. It is paramount that the examiner maintains control of the forensic environment at all times; this prevents the introduction of contaminants that could affect the forensic investigation.
We will cover the following topics in this chapter:
  • Setting up a forensic environment
  • Connecting the device and accessing it from a workstation
  • Screen lock bypass techniques
  • Gaining root access to the device

Setting up the forensic environment for Android

A forensic examiner may encounter a wide range of mobiles over the course of their investigation. Hence, it is necessary to have a basic environment set up, on top of which he can build based on the requirements. It is also very important that the forensic expert maintains complete control over the environment at all times, to avoid any unexpected situations. Setting up a proper lab environment is an essential part of the forensic process. The Android forensic setup usually involves the following steps:
  • Start with a fresh or forensically sterile computer environment. This means that other data is either not present on the system or is contained in a manner that prevents it from contaminating the present investigation.
  • Install the basic software necessary to connect to the device. Android forensic tools and methodologies will work on Windows, Linux, and OS X platforms.
  • Obtain access to the device. An examiner must be able to enable settings or bypass them in order to allow the data to be extracted from the Android device.
  • Issue commands to the device through the methods defined in this chapter and in Chapter 9, Android Data Extraction Techniques.
The following sections provide guidance on setting up a basic Android forensic workstation.

The Android Software Development Kit

The Android Software Development Kit (SDK) helps the development world to build, test, and debug applications to run on Android. This is achieved by providing the tools necessary to create the applications. However, along with this, it also provides valuable documentation and other tools that can be of great help during the investigation of an Android device.
A good understanding of the Android SDK will help you to get to grips with the particulars of a device and the data on the device.
The Android SDK consists of software libraries, APIs, tools, emulators, and other reference material. It can be downloaded for free from: https://developer.android.com/studio/index.html.
During a forensic investigation, the SDK helps connect to and access the data on the Android device. The Android SDK is updated very frequently, so it's important to verify that your workstation also remains up-to-date. The Android SDK can run on Windows, Linux, and OS X.

The Android SDK installation

A working installation of the Android SDK is a must during the investigation of a forensic device. Most websites recognize the operating system on the computer and will prompt you to download the correct Android SDK. Unlike Android Studio, the SDK tools package only includes the core SDK tools, which you can access from the command line.
The following is a step-by-step procedure to install the Android SDK on a Windows 7 machine:
  1. Before you install the Android SDK, make sure that your system has Java Development Kit installed, because the Android SDK relies on Java SE Development Kit (JDK).
JDK can be downloaded from: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
  1. Download the latest version of the Android SDK from: https://developer.android.com/studio/index.html. The installer version of the SDK is recommended for this purpose.
  1. Run the installer file, which we downloaded in the previous step. You will see a wizard window, as seen in the following screenshot. After this, run through the routine Next steps that you encounter:
Android SDK Tools setup wizard
  1. The installation location is the user's choice and must be remembered for future access. In this example, we will install it in the C:\ folder. Click on the Install button and choose the location (say, C:\android-sdk). The necessary files will be extracted to this folder.
  2. Open the directory (C:\android-sdk) and double-click on SDK Manager.exe to begin the update process. Make sure that you select Android SDK Platform tools and any one release platform version of Android, as shown in the following screenshot. Some of the items in the list are chosen by default. For instance, it is necessary to install the USB driver in order to work with Android devices in Windows. In our example, Google USB Driver is selected. Similarly, you can find other items under the Extras section. Accept the license and click on Install, as shown in the following screenshot:
Android SDK license
This completes the Android SDK installation. You can also update the system's environment variables (path) by pointing to the executable files so that you can avoid navigating to the SDK folder every time you need to execute a command. This can be done by navigating to Control Panel | System | Advanced Settings | Environment Variables and then adding an SDK path to it.
The installation of the Android SDK on OS X and Linux may vary. Make sure that you follow all the steps provided with the SDK download for full functionality.

An Android Virtual Device

Once the Android SDK is installed along with the release platform, you can create an Android Virtual Device (or AVD, also called an emulator), which is often used by developers when creating new applications. However, an emulator has significance from a forensic perspective, too. Emulators are useful when trying to understand how applications behave and execute on a device. This could be helpful in confirming certain findings that are unearthed during a forensic investigation.
Also, while working on a device which is running on an older platform, you can design an emulator with the same platform. Furthermore, before installing a forensic tool on a real device, the emulator can be used to find out how a forensic tool works and changes content on an Android device. To create a new AVD (on the Windows workstation), perform the following steps:
  1. Open the command prompt (cmd.exe). Start the AVD manager from the command line by navigating to the path where the SDK is installed and call the Android tool with the avd option, as shown in the following command line. This will automatically open the AVD manager:
C:\android-sdk\tools>android avd 
Alternatively, the AVD manager can also be started using the graphical AVD manager. To start this, navigate to the location where the SDK is installed (C:\android-sdk in our example) and double-click on AVD Manager.
The Android Virtual Device Manager window is as shown in the...

Table of contents