Chapter 7. Forensic Analysis of Android Applications
This chapter will cover application analysis, using free and open source tools. It will focus on analyzing the data that would be recovered using any of the logical or physical techniques detailed in Chapters 4 and Chapter 5. It will also rely heavily on the storage methods discussed in Chapter 2. We will see numerous SQLite databases, XML files, and other file types from various locations within the file hierarchy described in the second chapter. By the end of this chapter, you should be familiar with the following topics:
- An overview of application analysis:
- Contacts/Calls/SMS
- Wi-Fi
- User dictionary
- Third-party applications and various methods used by popular applications to store and obfuscate data listed as follows:
- Plain text
- Epoch time
- WebKit time
- Misnaming file extensions
- Julian dates
- Base64 encoding
- Encryption
- Basic steganography
- SQLCipher
- Basic application reverse engineering