[lk] Android Forensics

Wed, 22 Dec 2010 06:49:21 -0800

http://www.garykessler.net/library/SSDDFJ_V4_1_Lessard_Kessler.pdf

http://viaforensics.com/security/android-holes-allow-secret-installation-of-apps-the-h-open-source.html



Great opportunity to attend cutting-edge mobile forensics training for both Android and iPhone in the same week, while attending the DOD DC3 conference!

Learn about the forensic impact of recent operating system upgrades to both iPhone and Android. Separate 1-day workshops will be offered for each, you may choose to attend both iPhone and Android or just one.

  • Sunday January 23rd – iPhone Forensics
  • Monday January 24th – Android Forensics

EACH DAY IS AN INDEPENDENT 1-DAY WORKSHOP. You can register for one day or one of each. Each 1-day workshop is priced individually. Please contact us with any questions.

Android Training Details

Show / Hide

The course will provide you with the tools, techniques and analysis tools you need to effectively investigate an Android phone. Participants must bring a laptop for the training and have the ability to run a VMWare appliance/image. The full course outline is provided below.Overview of Android
  • History
  • Technology
    • Linux
    • File system
    • C library (Bionic)
    • App environment (Dalvik VM)
  • Phone/other devices
    • Currently available or planned
    • Hardware vendors
    • Service providers
  • Overview of security model
  • Forensic consideration and discussion about mobile forensics vs. traditional forensics
Software Development Kit
  • Overview of SDK, setup, perhaps a test application
  • Android emulator
    • Significance
    • Configure
    • Setup and test forensics techniques, use for R&D
File system overview
  • Overview of Android file system (phone dependent but fairly consistent)
    • Mount points
    • Important directories
    • "Utility" file systems in use (rootfs, tmpfs, devpts, proc, sysfs, cramfs)
  • SD Card - (FAT 32/vfat)
  • YAFFS2
    • Detailed overview
      • OOB
      • MTD
      • Log-structure (versioning!)
    • How to compile support (Linux)
    • Pros/Cons
Forensics Techniques
  • SD Card analysis
  • Backup techniques
    • Nandroid
    • Apps
  • Android Debug Bridge
    • Logical analysis without root
    • Logical analysis with root
  • Commercial tools
    • Pros/Cons
    • Specific tools
      • Cellebrite
      • Paraben
      • Oxygen
      • XRY
      • Others?
    • "Hoog" method
      • Overview
      • Demonstration
      • MTD techniques: dd, cat, nanddump, etc.
      • Evolution
File system and application/data analysis
  • Review important directories and files
  • Review efficacy of traditional forensics techniques (i.e. file carving)
  • Review YAFFS2 characteristics
  • Review important applications and their data (SMS, phone, camera, video, GPS, web browsing, email, etc.)

-- 
Regards,
Peter Teoh

Reply via email to