Summary
This chapter provided an overview of the domains of the forensic and example algorithms for each of these domains. We also showed you how to compare applications installed on an Android device with web services such as Mobile-Sandbox. In the second real-world example, we demonstrated how to sort out benign and known files from a Windows system to reduce the amount of data that is to be analyzed manually. With NSRLquery, the forensic investigations can focus on new or modified content and do not need to waste time on the widely known content of standard applications.
In the following chapters, these algorithms will be applied to a selection of device types, operating systems, and applications for use during forensic investigation.
