SlideShare uma empresa Scribd logo

MOBILE SECURITY: ANDROID FORENSICS

Infosys
Infosys

- Android devices are increasingly being used for both legitimate and criminal purposes due to their capabilities and widespread adoption. - To gather digital evidence from Android devices, forensic examiners must create a bit-for-bit image of the device to avoid modifying the original data. This includes imaging both internal memory and external memory cards. - Special tools and techniques may be required to gain root access to image protected internal areas of Android devices that normally require administrator privileges. Maintaining a proper chain of custody is also important to ensure evidence admissibility.

Tecnologia
1 de 7
Baixar para ler offline
MOBILE SECURITY Android Forensics Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today through the e-mail client installed on their Smartphone. R ight from booking movie tickets to making fund • Android device is targeted by the attacker. transfers, all e-commerce and online banking • Android device is used as a means to carry out transactions can be done using a Smartphone. cyber crime. With high speed of 3G, Smartphones are getting more popular specially among working professionals and Let us consider some of the real world cases. What if students. an Android device is discovered from a crime location?? As Smartphone market is growing, it is also catching What all evidences can be discovered from the bad guy’s attentions. For bad guys or hackers, it is device?? Where exactly to look for the evidences?? easy to target mobile users as they are less aware and These are some challenges faced while doing bother less about the risks associated with the mobile forensic analysis on Android device. First we will see and mobile applications. what all bad things can be done with the Smartphone There are number of Mobile Operating Systems (or how a Smartphone can be used in various criminal present in the market. Among these Mobile OS, Android, activities). iOS and RIM are more popular than others. Android is the most widely used Mobile OS present in the market. Cyber Crimes through Smartphones According to Gartner report, Android had more than 36% Software Theft: Software theft is now a common attack. share of the market by end of the first quarter of 2011. If codebase of your software is stolen and sold to your It is quite obvious that the widely used platform is likely rival, he can make a great loss to your company. Your to be targeted more, as in the case of Microsoft Windows rivals are ready to invest huge money to obtain source Operating System. A hacker wants to target mass and code of your key software. for doing that he has to target the most commonly used A Smartphone can carry large volume of sensitive platform. Android is one such commonly used platform. data. It can be used in carrying codebase of any key As Android is capturing market, it is becoming favorite software of any company. There are security guards target platform of hackers. and other mechanism in place to check the employees It is always a challenge for forensic examiners to and visitors, if they are carrying any business critical discover the evidences from the Android devices. information in any form. But still they hardly check for Android has a different and newer file system, Mobile phones. directory structure, runtime environment, kernel and In one classic case of Software theft, an unhappy libraries which make Android more complex to forensic employ of a company used to carry all source code of examiner. We will discuss detailed forensics steps to the key software of the company in her smart phone. examine Android device in later part of this article. She first copied the code in her phone’s external storage and then deleted the same data from the phone. When How Android can be used in Cyber Crime her phone was observed at security check, nothing was Android can be used in cyber crime in two ways: found in her phone. When she reached home, she used 22 02/2012
Android Forensics a tool to recover the deleted data. This way she took all really needs to learn something special to analyze the data out from her company and latterly she sold the Android devices?? Can evidences be discovered from source code to the rival of her employer. the device?? Are they admissible in the court of law?? Terrorist Activities: Terrorists also use Smartphones Next section of the article will answer all the above to exchange and store the information. They use questions in further detail. Smartphones to communicate with the other member of the terrorist organization. They also use GPS to Forensic Process of Android Device find locations. They can store various data in the Forensic process of Android phone will comprise of Smartphone like maps or photos of target locations, following steps: encrypted and stagno files, instructions etc. They can Seizing Android device: If an Android device or any use the phone to click photos of target locations. Smartphone is discovered from any crime location, first Pornography/Child Pornography: Pornography thing a forensic investigator should do is to click the is fully banned in a number of countries. And child photos of the crime scene including the photo of the pornography is considered a big offence across the device. If phone is ON, take photo of display as well. world. Smartphone can be used to store, view, capture If you find mobile to be ON then keep charging the and exchange such kind of materials. mobile so that the battery does not drain. In case, Sexual Harassment Cases: Smartphone can play big we don’t charge the phone and the phone goes OFF, role in sexual harassment kind of cases. If a Smartphone we may lose the important data especially regarding is discovered from accused, a forensic examiner can current or recent applications. If phone is OFF at the get treasures of information from the device. time it was recovered, keep it OFF. Seize all other Financial Crimes: Every other bank is developing available accessories i.e. memory card, data cable etc. banking and other non-financial application to facilitate As soon as we recover anything, start labeling it. It their mobile customers. These applications can be is required to maintain and present a chain of custody used for malicious activities by hackers. A Smartphone at the court of law. A label should have the following recovered in financial fraud cases can give many minimum information on it: evidences about the case. Murder Cases: Even in murder or other criminal cases, • What is the evidence? a Smartphone can provide evidence useful in solving the • How did you obtain it? case. Right from call records and SMSes to facebook • When was it collected? records or GPS data can be recovered from the phone. • Who all have handled it? Let us think about, what all evidences can be • Why did that person handle it? recovered from a Smartphone?? Where to look in the • Where has it travelled and where was it ultimately Smartphone?? We will discuss in coming section that stored? what all evidences we can discover from a Smartphone: • What is Case ID? Interesting locations for Forensics Chain of Custody is a chronological documentation of Investigation individuals who had physical possession of the evidence. Maintaining the chain of custody is vital and it guarantee • Phone Browser Memory • Application storage • External Card • SQLite database files • SMS • GPS data • Call records • Contact list • Social networking application (Facebook, Twitter, Orkut) records • Messenger (Yahoo, MSN) records • Email client data • System storage • Data stored in external card How investigation of Android device is different than other Smartphones?? Does forensic investigators Figure 1. Chain of Custody Form www.hakin9.org/en 23
MOBILE SECURITY the integrity of the evidence, right from collection to the final test result. Chain of custody is something must to have document in any criminal trial. If proper Chain of custody has not been maintained, court may not consider that evidence in making final verdict. Creating 1:1 Image Figure 3. Winhex Making device Write Protected Creating image is the most important task in any forensic analysis. It is the thumb rule in forensic investigation One more thing we should take care of before that you cannot work on primary evidences if you want creating image is to make the target device in write them to take in the court of law. For that we need to protected mode. Whenever you connect any device to create bit-by-bit image of the target device. your computer, there are chances that some data can What is bit-by-bit image and how it is different from be written on the devices by any software, application the copy-paste the content of entire disk?? or OS. In that case your evidence (device) is no more If we copy and paste the content of a disk, this will genuine. Just to avoid this kind of situation, make the only copy visible, hidden and system files. Whatever disk or device write protected. To do that, use write is deleted or not accessible by the OS would not be protected cables present in the market. In this article, copied by copy command. So, for a thorough analysis, we will make device write protected by software to it is required to create a 1:1 image of the disk. Bit-by- explain the technique. bit image is as good as the original image. Thorough Creating image of external memory card: We will analysis is not the only reason we need to take 1:1 start with simpler part of imaging, which is creating image, it is also required by the court of law. If you have image of the memory card. In most of the cases, file not taken 1:1 image, your evidences are not admissible system of the memory card is FAT32 and it is easy to in the court of law. image. There are lots of free and commercial tools How we will take image of an Android device?? available in the market which can help us in creating How I can verify that my image is exact bit-by-bit copy image of the memory card. We will use free version of original disk or device?? How can I establish the of Winhex to do that. Winhex is a powerful forensic authenticity of the image?? tool. It is available in both freeware and commercial There are two locations to be taken image of in case versions. of Android device. One is the device and other is the external card. We will see in following section that how Note to create a bit-by-bit image of the Android device. But Only commercial tools should be used to discover the before that we will see how to verify the image. evidences in case you want to take evidences to the Before starting the imaging of original disk, calculate court. the hash value of it and note that down. Now after taking Here are the detailed steps to take the 1:1 image of image, calculate the hash value again for the image. the memory card: If hash values are same for both the image and disk, First remove the SD card and connect the card to the we can be sure that we have taken exact image of the computer with any card reader. Now we will make the original disk. Now we can work on image and evidences device write protected through Winhex. Follow below discovered from the image can be taken to the court step to do that: Open the disk in Winhex: Figure 2. along with the hash values calculated. The hash value Go to Options then Edit mode and select first option establishes the authenticity of the image that it has not write protected mode: Figure 3. been tampered. Now calculate the hash value for SD card. Figure 2. Winhex Opening SD Card Figure 4. Winhex Creating Image 24 02/2012
Android Forensics To calculate hash, go to Tools then Compute hash and the device to get the superuser permission. There are choose any H ashing a lgorithm. We have t o compare various techniques available in the market that can help this hash value w ith the hash value computed earlier you in rooting your Android phone. Among them, Odin3 for the image. Now we create the image of the disk. Go software is one such popular tool. All you need to do is to File menu and click on Create Disk Image option for to check the build number of your phone. You can check creating an image. Choose Raw image option (.dd) to create image, as dd image is interpreted by almost all commercial and open source forensic tools (Figure 4). Image o f memory card is c reated. W e will use t his image for analysis in later part of the article. Creating Image of Android device This is a tricky part. A ndroid does not p rovide any direct w ay t o access o r view i ts i nternal d irectories or system f iles and d irectories. B ut i nternal o r system locations may have most critical data stored. Almost all applications write some application data and temporary data in t hese d irectories only. /data/data i s the most interesting location for the forensic investigator which is not accessible to the user. Only application or root users have access to these locations. How w e can access A ndroid internal d irectory structure?? H ow t o create the image o f the Android internal directory structure?? For this we need to obtain ROOT permission on the Android OS. In Android terminology, we need to ROOT Figure 5. Kernal Build Number 25
MOBILE SECURITY Figure 6. DD Command Figure 8. Winhex Interpreting Image as Disk it by visiting the following location in any Android phone: As it is known to all that Android uses Linux kernel Settings-> About Phone-> Build number. Now Google 2.6. By downloading Terminal Emulator application for the rooted kernel for this build number and pass all from the Android Market, we can run almost all Linux the files to Odin3 software. This way you can ROOT commands. So, to create image of device, we will be your phone. There number of good tutorial available in using dd command. DD stands for Data Description, the market on Android Rooting. As per my knowledge it does low-level copying of data in Linux. The dd ROOTING is legal and it does not void any warranty. command will help us in creating bit-by-bit image of Still check local laws before rooting your phone. I have Android device. never come across such situations; still it is a general To take backup, insert a fresh SD card in device belief that rooting may harm your system or you may and copy the target data there. Typical syntax of DD lose your entire data stored on the phone. command: Note dd if=/dev/fd0 of=tmp.image In the rooting process, something will be written on target device and as I mentioned earlier, we can’t write Where if is input file and of is output file. Again, output anything on the phone, if we want to take that into of the dd command is understood by all commercial court of law as evidence. The method and technique and open source forensic tools including WinHex, explained in this example may not be accepted by the EnCase, Helix, Forensic Toolkit etc. court. In this case, one can take approval in advance To take the backup of the Android system folders, from the court. That is again subject to local laws. So go to /proc/mnt file and open the mnt file. You will have now we have root access on the phone, what next?? similar to following structure: Figure 7. Winhex Reading Image Figure 9. Winhex Hidden Files and Folders 26 02/2012
Android Forensics dev: size erasesize name like FTK or EnCase have inbuilt feature of identifying mtd0: 000a0000 00020000 „misc” and restoring deleted data. mtd1: 00480000 00020000 „recovery” mtd2: 00300000 00020000 „boot” Analyzing the Data mtd3: 0fa00000 00020000 „system” Analyzing Android data is a bit different; one should mtd4: 02800000 00020000 „cache” know the important locations to be checked out. More mtd5: 093a0000 00020000 „userdata” manual intelligence is required in this step of forensic analysis of Android device. For example, in case of Copy one by one location through DD command. money laundering related cases; email, browser data To understand the concept, we will be copying some and banking application related data must be looked at directories with dd command as shown Figure 6. to discover any clue. Same is true in the case of sexual harassment case; emails, social networking data, SMS Recovering Data will be interesting locations to search for evidences. Now we are done with the imaging part. The image For example below file was recovered from Skype created in above steps can be accepted by any forensic application. I have used same dd command to recover tool. We will be using free version of Winhex to recover this file. The format for this file was .DAT. I have opened and analyze the data as well. this file in a text editor (notepad in this case). You can In most of cases, criminal deletes suspicious data or even format the entire disk. Suppose in any records; everything in plain text. Same way you can pornography related case, we hardly find anything in the get useful information from other applications like device, because all data has been intestinally deleted. Facebook, Yahoo Messenger, Twitter etc. All application So, before starting analysis part, it is recommended to related data can be found at the following location: recover all deleted or destroyed data first. /data/data/com.application/; (Figure 10). To recover deleted data, open the image file in Winhex. Go to File menu then Open option, select the image file and click ok. Figure 7 show the opened image SQLite database files are most interesting files for file. forensic investigators. One will get most critical As we can see from the above screenshot, all information here, even username and passwords in data is represented in hex form. To make the data some cases. understandable, we need to interpret the image as disk. SQLite is a lightweight database (RDBMS) and used To do that, go to Specialist menu and click on Interpret by almost all Smartphone OS like Android, iOS and Image File As Disk as shown Figure 8. Blackberry. SQLite files can be found at the following Folders highlighted in the Figure 9 are the deleted location: folders. To recover deleted files or folder, right click on target /data/data/com.application_name/databases folder and click on Recover/Copy and select location to save the file. For example we want to see all SQLite files created There are number of tools available to recover and maintained by Facebook. Then we need to look at deleted or destroyed data. All well known forensic tools following location for db files: /data/data/com.facebook.katana/ databses All SQLite files stored with .db format. I have copied a few sample .db files (from Facebook, email client etc) using dd command to explain analysis of SQLite database files. To understand the concept, I will be using free version of Epilog tool. Epilog is a powerful tool for all kind of SQLite files. Open a db file in Epilog tool, Figure 10. Skype File in this example we are opening www.hakin9.org/en 27
MOBILE SECURITY with all the useful information like Contacts, SMSes, IM records etc. Figure 12 shows the HTML report from viaExtract tool, we cans see all SMS details here. Note Even viaExtract will write something on the device. Reporting Evidences Reporting has to be done on case to case basis. There are different ways of reporting evidences in corporate cases and criminal cases. Reported Figure 11. evidences should be clear, give direct or indirect reference to the possible scenarios of crime. In a criminal case, where we want to present evidences in the court of law, it is also required to map the findings with respective laws. In addition to evidences, it is also required to present Chain of Custody. Again reporting depends on country to country, as the Cyber Laws varies with geography. Conclusion To summarize, analyzing Android for forensic purpose employs Figure 12. viaExtract Report totally different techniques than the traditional forensics. It involves fb.db (Facebook db file). Check Do Generic Record heavy manual intelligence and interference. Maintaining Extraction checkbox and click on process (Figure 11). integrity of primary evidences is also a challenge. There You can observe in above screenshot, fb.db file contain are tools available in the market for Android Forensics some really useful information. In our case, we can see but still there are gaps to be filled and a lot to be done in full names, email ids, phone numbers of the friends added this direction. After learning about forensic process, it will in Facebook friendlist of the suspect. By opening the correct db file, we can even find all the chat logs, personal messages and other details. In some cases, you may even MANISH CHASTA find username and password stored in a SQLite files. Analyst, working with Indusface (Mumbai) as viaExtract Tool Principal Consultant. He is having more than 5.5 years of There are a number of good forensic tools available in experience in Information and Application security. He is the market, out of them I found viaExtract tool to be very currently managing team of security engineers and doing useful and easy to use for Android forensic. This tool is a vast research in Mobile Application Security. He is also specially meant for Android forensic by viaForensic. handling prime customer accounts for the company. He In this tool, you just need to connect the phone to the has authored numerous security articles for ClubHack and machine where viaExtract is installed. Phone should Palisade. He has audited 200+ mobile and web-applications be in USB debugging mode. To make phone in USB in the areas of Internet Banking, Core Banking (Flexcube), Debugging mode, go to Settings-> Applications-> Finance, Healthcare, CRM, telecom and eCommerce. He has Development and select USB Debugging mode. Now you just need to click Next and tool will recover and Security and Ethical Hacking to multiple clients. analyze the device. As an output, you get final report Email id: chasta.manish@gmail.com 28 02/2012

Recomendados

Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone SecurityGuneet Pahwa
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone SecurityMalasta Hill
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Report
ReportReport
ReportMassimo Salvato
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 

Recomendados

Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone SecurityGuneet Pahwa
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone SecurityMalasta Hill
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Report
ReportReport
ReportMassimo Salvato
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
Protect smartphone from hackers
Protect smartphone from hackersProtect smartphone from hackers
Protect smartphone from hackersAndrew
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital Worldalxdvs
 
38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)IAESIJEECS
 
Puna 2015
Puna 2015Puna 2015
Puna 2015Salaj Goyal
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationIBM Danmark
 
Bg24375379
Bg24375379Bg24375379
Bg24375379IJERA Editor
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic ConceptsAde Okuboyejo
 
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...Ravi Chandra
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyNick Bilogorskiy
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
Computer Hacking by Rudy
Computer Hacking by RudyComputer Hacking by Rudy
Computer Hacking by RudyUdieh Moody
 
PLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field CommunicationPLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field CommunicationKristen Yarmey
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for SmartphoneEditor IJMTER
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...Pierre Metivier
 
Smartphone apps
Smartphone appsSmartphone apps
Smartphone appsMalcolm Sheppard
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Corp cultures
Corp culturesCorp cultures
Corp culturesAmany1910
 
Megashopping_proiecte print
Megashopping_proiecte printMegashopping_proiecte print
Megashopping_proiecte printneagust_mirela
 

Mais conteúdo relacionado

Mais procurados

Protect smartphone from hackers
Protect smartphone from hackersProtect smartphone from hackers
Protect smartphone from hackersAndrew
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital Worldalxdvs
 
38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)IAESIJEECS
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationIBM Danmark
 
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...Ravi Chandra
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
Computer Hacking by Rudy
Computer Hacking by RudyComputer Hacking by Rudy
Computer Hacking by RudyUdieh Moody
 
PLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field CommunicationPLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field CommunicationKristen Yarmey
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for SmartphoneEditor IJMTER
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...Pierre Metivier
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 

Mais procurados (20)

Protect smartphone from hackers
Protect smartphone from hackersProtect smartphone from hackers
Protect smartphone from hackers
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
 
38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
How to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your OrganisationHow to Keep Hackers Out of Your Organisation
How to Keep Hackers Out of Your Organisation
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeacons
 
Computer Hacking by Rudy
Computer Hacking by RudyComputer Hacking by Rudy
Computer Hacking by Rudy
 
PLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field CommunicationPLA 2012: Librarian's Field Guide to Near Field Communication
PLA 2012: Librarian's Field Guide to Near Field Communication
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for Smartphone
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-history
 
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
CONNECTED OBJECTS - how NFC technology enables a more environmentally-friendl...
 
Smartphone apps
Smartphone appsSmartphone apps
Smartphone apps
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverage
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 

Destaque

Corp cultures
Corp culturesCorp cultures
Corp culturesAmany1910
 
Megashopping_proiecte print
Megashopping_proiecte printMegashopping_proiecte print
Megashopping_proiecte printneagust_mirela
 
Spawn the shell
Spawn the shellSpawn the shell
Spawn the shellInfosys
 
Securing Android Applications
Securing Android ApplicationsSecuring Android Applications
Securing Android ApplicationsInfosys
 
Hybrid website security from Indusface
Hybrid website security from IndusfaceHybrid website security from Indusface
Hybrid website security from IndusfaceInfosys
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

Destaque (6)

Corp cultures
Corp culturesCorp cultures
Corp cultures
 
Megashopping_proiecte print
Megashopping_proiecte printMegashopping_proiecte print
Megashopping_proiecte print
 
Spawn the shell
Spawn the shellSpawn the shell
Spawn the shell
 
Securing Android Applications
Securing Android ApplicationsSecuring Android Applications
Securing Android Applications
 
Hybrid website security from Indusface
Hybrid website security from IndusfaceHybrid website security from Indusface
Hybrid website security from Indusface
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Semelhante a MOBILE SECURITY: ANDROID FORENSICS

IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET Journal
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensicsi4box Anon
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptxAlAsad4
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
1668170.ppt
1668170.ppt1668170.ppt
1668170.ppt230405
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
A Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesA Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesIOSR Journals
 
A Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesA Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesIOSR Journals
 
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceEvidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceIJCSIS Research Publications
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OSPranav Saini
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfBest Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfonestore3
 
A Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files SystemA Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files SystemCSCJournals
 

Semelhante a MOBILE SECURITY: ANDROID FORENSICS (20)

IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various Tools
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
 
Cyber crime - and digital device.pptx
Cyber crime - and digital device.pptxCyber crime - and digital device.pptx
Cyber crime - and digital device.pptx
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
776 s0005
776 s0005776 s0005
776 s0005
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Smartphone
SmartphoneSmartphone
Smartphone
 
1668170.ppt
1668170.ppt1668170.ppt
1668170.ppt
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
A Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesA Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android Smartphones
 
A Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android SmartphonesA Survey on Mobile Forensic for Android Smartphones
A Survey on Mobile Forensic for Android Smartphones
 
C017211519
C017211519C017211519
C017211519
 
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceEvidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android Device
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OS
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
 
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdfBest Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
Best Android Spy Apps_ Ensuring Safety and Monitoring with Consent.pdf
 
A Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files SystemA Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files System
 

Último

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

MOBILE SECURITY: ANDROID FORENSICS

  • 1. MOBILE SECURITY Android Forensics Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today through the e-mail client installed on their Smartphone. R ight from booking movie tickets to making fund • Android device is targeted by the attacker. transfers, all e-commerce and online banking • Android device is used as a means to carry out transactions can be done using a Smartphone. cyber crime. With high speed of 3G, Smartphones are getting more popular specially among working professionals and Let us consider some of the real world cases. What if students. an Android device is discovered from a crime location?? As Smartphone market is growing, it is also catching What all evidences can be discovered from the bad guy’s attentions. For bad guys or hackers, it is device?? Where exactly to look for the evidences?? easy to target mobile users as they are less aware and These are some challenges faced while doing bother less about the risks associated with the mobile forensic analysis on Android device. First we will see and mobile applications. what all bad things can be done with the Smartphone There are number of Mobile Operating Systems (or how a Smartphone can be used in various criminal present in the market. Among these Mobile OS, Android, activities). iOS and RIM are more popular than others. Android is the most widely used Mobile OS present in the market. Cyber Crimes through Smartphones According to Gartner report, Android had more than 36% Software Theft: Software theft is now a common attack. share of the market by end of the first quarter of 2011. If codebase of your software is stolen and sold to your It is quite obvious that the widely used platform is likely rival, he can make a great loss to your company. Your to be targeted more, as in the case of Microsoft Windows rivals are ready to invest huge money to obtain source Operating System. A hacker wants to target mass and code of your key software. for doing that he has to target the most commonly used A Smartphone can carry large volume of sensitive platform. Android is one such commonly used platform. data. It can be used in carrying codebase of any key As Android is capturing market, it is becoming favorite software of any company. There are security guards target platform of hackers. and other mechanism in place to check the employees It is always a challenge for forensic examiners to and visitors, if they are carrying any business critical discover the evidences from the Android devices. information in any form. But still they hardly check for Android has a different and newer file system, Mobile phones. directory structure, runtime environment, kernel and In one classic case of Software theft, an unhappy libraries which make Android more complex to forensic employ of a company used to carry all source code of examiner. We will discuss detailed forensics steps to the key software of the company in her smart phone. examine Android device in later part of this article. She first copied the code in her phone’s external storage and then deleted the same data from the phone. When How Android can be used in Cyber Crime her phone was observed at security check, nothing was Android can be used in cyber crime in two ways: found in her phone. When she reached home, she used 22 02/2012
  • 2. Android Forensics a tool to recover the deleted data. This way she took all really needs to learn something special to analyze the data out from her company and latterly she sold the Android devices?? Can evidences be discovered from source code to the rival of her employer. the device?? Are they admissible in the court of law?? Terrorist Activities: Terrorists also use Smartphones Next section of the article will answer all the above to exchange and store the information. They use questions in further detail. Smartphones to communicate with the other member of the terrorist organization. They also use GPS to Forensic Process of Android Device find locations. They can store various data in the Forensic process of Android phone will comprise of Smartphone like maps or photos of target locations, following steps: encrypted and stagno files, instructions etc. They can Seizing Android device: If an Android device or any use the phone to click photos of target locations. Smartphone is discovered from any crime location, first Pornography/Child Pornography: Pornography thing a forensic investigator should do is to click the is fully banned in a number of countries. And child photos of the crime scene including the photo of the pornography is considered a big offence across the device. If phone is ON, take photo of display as well. world. Smartphone can be used to store, view, capture If you find mobile to be ON then keep charging the and exchange such kind of materials. mobile so that the battery does not drain. In case, Sexual Harassment Cases: Smartphone can play big we don’t charge the phone and the phone goes OFF, role in sexual harassment kind of cases. If a Smartphone we may lose the important data especially regarding is discovered from accused, a forensic examiner can current or recent applications. If phone is OFF at the get treasures of information from the device. time it was recovered, keep it OFF. Seize all other Financial Crimes: Every other bank is developing available accessories i.e. memory card, data cable etc. banking and other non-financial application to facilitate As soon as we recover anything, start labeling it. It their mobile customers. These applications can be is required to maintain and present a chain of custody used for malicious activities by hackers. A Smartphone at the court of law. A label should have the following recovered in financial fraud cases can give many minimum information on it: evidences about the case. Murder Cases: Even in murder or other criminal cases, • What is the evidence? a Smartphone can provide evidence useful in solving the • How did you obtain it? case. Right from call records and SMSes to facebook • When was it collected? records or GPS data can be recovered from the phone. • Who all have handled it? Let us think about, what all evidences can be • Why did that person handle it? recovered from a Smartphone?? Where to look in the • Where has it travelled and where was it ultimately Smartphone?? We will discuss in coming section that stored? what all evidences we can discover from a Smartphone: • What is Case ID? Interesting locations for Forensics Chain of Custody is a chronological documentation of Investigation individuals who had physical possession of the evidence. Maintaining the chain of custody is vital and it guarantee • Phone Browser Memory • Application storage • External Card • SQLite database files • SMS • GPS data • Call records • Contact list • Social networking application (Facebook, Twitter, Orkut) records • Messenger (Yahoo, MSN) records • Email client data • System storage • Data stored in external card How investigation of Android device is different than other Smartphones?? Does forensic investigators Figure 1. Chain of Custody Form www.hakin9.org/en 23
  • 3. MOBILE SECURITY the integrity of the evidence, right from collection to the final test result. Chain of custody is something must to have document in any criminal trial. If proper Chain of custody has not been maintained, court may not consider that evidence in making final verdict. Creating 1:1 Image Figure 3. Winhex Making device Write Protected Creating image is the most important task in any forensic analysis. It is the thumb rule in forensic investigation One more thing we should take care of before that you cannot work on primary evidences if you want creating image is to make the target device in write them to take in the court of law. For that we need to protected mode. Whenever you connect any device to create bit-by-bit image of the target device. your computer, there are chances that some data can What is bit-by-bit image and how it is different from be written on the devices by any software, application the copy-paste the content of entire disk?? or OS. In that case your evidence (device) is no more If we copy and paste the content of a disk, this will genuine. Just to avoid this kind of situation, make the only copy visible, hidden and system files. Whatever disk or device write protected. To do that, use write is deleted or not accessible by the OS would not be protected cables present in the market. In this article, copied by copy command. So, for a thorough analysis, we will make device write protected by software to it is required to create a 1:1 image of the disk. Bit-by- explain the technique. bit image is as good as the original image. Thorough Creating image of external memory card: We will analysis is not the only reason we need to take 1:1 start with simpler part of imaging, which is creating image, it is also required by the court of law. If you have image of the memory card. In most of the cases, file not taken 1:1 image, your evidences are not admissible system of the memory card is FAT32 and it is easy to in the court of law. image. There are lots of free and commercial tools How we will take image of an Android device?? available in the market which can help us in creating How I can verify that my image is exact bit-by-bit copy image of the memory card. We will use free version of original disk or device?? How can I establish the of Winhex to do that. Winhex is a powerful forensic authenticity of the image?? tool. It is available in both freeware and commercial There are two locations to be taken image of in case versions. of Android device. One is the device and other is the external card. We will see in following section that how Note to create a bit-by-bit image of the Android device. But Only commercial tools should be used to discover the before that we will see how to verify the image. evidences in case you want to take evidences to the Before starting the imaging of original disk, calculate court. the hash value of it and note that down. Now after taking Here are the detailed steps to take the 1:1 image of image, calculate the hash value again for the image. the memory card: If hash values are same for both the image and disk, First remove the SD card and connect the card to the we can be sure that we have taken exact image of the computer with any card reader. Now we will make the original disk. Now we can work on image and evidences device write protected through Winhex. Follow below discovered from the image can be taken to the court step to do that: Open the disk in Winhex: Figure 2. along with the hash values calculated. The hash value Go to Options then Edit mode and select first option establishes the authenticity of the image that it has not write protected mode: Figure 3. been tampered. Now calculate the hash value for SD card. Figure 2. Winhex Opening SD Card Figure 4. Winhex Creating Image 24 02/2012
  • 4. Android Forensics To calculate hash, go to Tools then Compute hash and the device to get the superuser permission. There are choose any H ashing a lgorithm. We have t o compare various techniques available in the market that can help this hash value w ith the hash value computed earlier you in rooting your Android phone. Among them, Odin3 for the image. Now we create the image of the disk. Go software is one such popular tool. All you need to do is to File menu and click on Create Disk Image option for to check the build number of your phone. You can check creating an image. Choose Raw image option (.dd) to create image, as dd image is interpreted by almost all commercial and open source forensic tools (Figure 4). Image o f memory card is c reated. W e will use t his image for analysis in later part of the article. Creating Image of Android device This is a tricky part. A ndroid does not p rovide any direct w ay t o access o r view i ts i nternal d irectories or system f iles and d irectories. B ut i nternal o r system locations may have most critical data stored. Almost all applications write some application data and temporary data in t hese d irectories only. /data/data i s the most interesting location for the forensic investigator which is not accessible to the user. Only application or root users have access to these locations. How w e can access A ndroid internal d irectory structure?? H ow t o create the image o f the Android internal directory structure?? For this we need to obtain ROOT permission on the Android OS. In Android terminology, we need to ROOT Figure 5. Kernal Build Number 25
  • 5. MOBILE SECURITY Figure 6. DD Command Figure 8. Winhex Interpreting Image as Disk it by visiting the following location in any Android phone: As it is known to all that Android uses Linux kernel Settings-> About Phone-> Build number. Now Google 2.6. By downloading Terminal Emulator application for the rooted kernel for this build number and pass all from the Android Market, we can run almost all Linux the files to Odin3 software. This way you can ROOT commands. So, to create image of device, we will be your phone. There number of good tutorial available in using dd command. DD stands for Data Description, the market on Android Rooting. As per my knowledge it does low-level copying of data in Linux. The dd ROOTING is legal and it does not void any warranty. command will help us in creating bit-by-bit image of Still check local laws before rooting your phone. I have Android device. never come across such situations; still it is a general To take backup, insert a fresh SD card in device belief that rooting may harm your system or you may and copy the target data there. Typical syntax of DD lose your entire data stored on the phone. command: Note dd if=/dev/fd0 of=tmp.image In the rooting process, something will be written on target device and as I mentioned earlier, we can’t write Where if is input file and of is output file. Again, output anything on the phone, if we want to take that into of the dd command is understood by all commercial court of law as evidence. The method and technique and open source forensic tools including WinHex, explained in this example may not be accepted by the EnCase, Helix, Forensic Toolkit etc. court. In this case, one can take approval in advance To take the backup of the Android system folders, from the court. That is again subject to local laws. So go to /proc/mnt file and open the mnt file. You will have now we have root access on the phone, what next?? similar to following structure: Figure 7. Winhex Reading Image Figure 9. Winhex Hidden Files and Folders 26 02/2012
  • 6. Android Forensics dev: size erasesize name like FTK or EnCase have inbuilt feature of identifying mtd0: 000a0000 00020000 „misc” and restoring deleted data. mtd1: 00480000 00020000 „recovery” mtd2: 00300000 00020000 „boot” Analyzing the Data mtd3: 0fa00000 00020000 „system” Analyzing Android data is a bit different; one should mtd4: 02800000 00020000 „cache” know the important locations to be checked out. More mtd5: 093a0000 00020000 „userdata” manual intelligence is required in this step of forensic analysis of Android device. For example, in case of Copy one by one location through DD command. money laundering related cases; email, browser data To understand the concept, we will be copying some and banking application related data must be looked at directories with dd command as shown Figure 6. to discover any clue. Same is true in the case of sexual harassment case; emails, social networking data, SMS Recovering Data will be interesting locations to search for evidences. Now we are done with the imaging part. The image For example below file was recovered from Skype created in above steps can be accepted by any forensic application. I have used same dd command to recover tool. We will be using free version of Winhex to recover this file. The format for this file was .DAT. I have opened and analyze the data as well. this file in a text editor (notepad in this case). You can In most of cases, criminal deletes suspicious data or even format the entire disk. Suppose in any records; everything in plain text. Same way you can pornography related case, we hardly find anything in the get useful information from other applications like device, because all data has been intestinally deleted. Facebook, Yahoo Messenger, Twitter etc. All application So, before starting analysis part, it is recommended to related data can be found at the following location: recover all deleted or destroyed data first. /data/data/com.application/; (Figure 10). To recover deleted data, open the image file in Winhex. Go to File menu then Open option, select the image file and click ok. Figure 7 show the opened image SQLite database files are most interesting files for file. forensic investigators. One will get most critical As we can see from the above screenshot, all information here, even username and passwords in data is represented in hex form. To make the data some cases. understandable, we need to interpret the image as disk. SQLite is a lightweight database (RDBMS) and used To do that, go to Specialist menu and click on Interpret by almost all Smartphone OS like Android, iOS and Image File As Disk as shown Figure 8. Blackberry. SQLite files can be found at the following Folders highlighted in the Figure 9 are the deleted location: folders. To recover deleted files or folder, right click on target /data/data/com.application_name/databases folder and click on Recover/Copy and select location to save the file. For example we want to see all SQLite files created There are number of tools available to recover and maintained by Facebook. Then we need to look at deleted or destroyed data. All well known forensic tools following location for db files: /data/data/com.facebook.katana/ databses All SQLite files stored with .db format. I have copied a few sample .db files (from Facebook, email client etc) using dd command to explain analysis of SQLite database files. To understand the concept, I will be using free version of Epilog tool. Epilog is a powerful tool for all kind of SQLite files. Open a db file in Epilog tool, Figure 10. Skype File in this example we are opening www.hakin9.org/en 27
  • 7. MOBILE SECURITY with all the useful information like Contacts, SMSes, IM records etc. Figure 12 shows the HTML report from viaExtract tool, we cans see all SMS details here. Note Even viaExtract will write something on the device. Reporting Evidences Reporting has to be done on case to case basis. There are different ways of reporting evidences in corporate cases and criminal cases. Reported Figure 11. evidences should be clear, give direct or indirect reference to the possible scenarios of crime. In a criminal case, where we want to present evidences in the court of law, it is also required to map the findings with respective laws. In addition to evidences, it is also required to present Chain of Custody. Again reporting depends on country to country, as the Cyber Laws varies with geography. Conclusion To summarize, analyzing Android for forensic purpose employs Figure 12. viaExtract Report totally different techniques than the traditional forensics. It involves fb.db (Facebook db file). Check Do Generic Record heavy manual intelligence and interference. Maintaining Extraction checkbox and click on process (Figure 11). integrity of primary evidences is also a challenge. There You can observe in above screenshot, fb.db file contain are tools available in the market for Android Forensics some really useful information. In our case, we can see but still there are gaps to be filled and a lot to be done in full names, email ids, phone numbers of the friends added this direction. After learning about forensic process, it will in Facebook friendlist of the suspect. By opening the correct db file, we can even find all the chat logs, personal messages and other details. In some cases, you may even MANISH CHASTA find username and password stored in a SQLite files. Analyst, working with Indusface (Mumbai) as viaExtract Tool Principal Consultant. He is having more than 5.5 years of There are a number of good forensic tools available in experience in Information and Application security. He is the market, out of them I found viaExtract tool to be very currently managing team of security engineers and doing useful and easy to use for Android forensic. This tool is a vast research in Mobile Application Security. He is also specially meant for Android forensic by viaForensic. handling prime customer accounts for the company. He In this tool, you just need to connect the phone to the has authored numerous security articles for ClubHack and machine where viaExtract is installed. Phone should Palisade. He has audited 200+ mobile and web-applications be in USB debugging mode. To make phone in USB in the areas of Internet Banking, Core Banking (Flexcube), Debugging mode, go to Settings-> Applications-> Finance, Healthcare, CRM, telecom and eCommerce. He has Development and select USB Debugging mode. Now you just need to click Next and tool will recover and Security and Ethical Hacking to multiple clients. analyze the device. As an output, you get final report Email id: chasta.manish@gmail.com 28 02/2012