android forensics

Every Android smartphone has a Linux kernel at its core. Sales figures are ever-expanding and so are the numbers of attacks on Android devices. More and more often, IT-administrators as well as forensic investigators are faced with the task of conducting data analysis in the context of this mobile Linux operating system.

Analysis of the phone's removable memory cards is not a problem in most cases, but accessing the internal NAND memory with its YAFFS file system can prove to be difficult. In this training course, participants will learn to gain access to files, logs and SQLite databases methodically and thus conduct a forensic investigation.

Trainer und Dozenten

Hans-Peter Merkel (Dipl. Ing.) has been training law enforcement officers in Germany and foreign countries for several years.

He is assisting law enforcement authorities in searching procedures and is conducting subsequent forensic evaluations. His primary focus is analysis of Linux/BSD internet servers.

Voraussetzungen

Participants should be familiar with backup and rooting of android devices on a level comparable to our training course Rooting & backing up Android devices taking place on the previous day.

Inhalt

  • Installating the Android Software Development Kit
  • Creating a virtual Android smartphones
  • Basic analysis of this virtual system
  • Connecting an Android device to a PC and using the applications "android" and "adb" to access it
  • Creating physical images
  • Using the Digital Forensic Framework (DFF) to analyze removable memory cards
  • Logical backup
  • Working with the YAFFS2 file system
  • Creating memeory dumps of an Android device
  • For law enforcement purposes: Using the "viaExtract" application. Participants are required to apply for a free-of-charge license previous to the training course. Please contact the tutor beforehand.