What this book covers

Chapter 1, Introducing Android Forensics, introduces mobile forensics, the general approach, and the challenges faced. This chapter also provides an overview of the Android architecture, security features, boot process, and so on.

Chapter 2, Setting Up an Android Forensic Environment, covers the steps to perform to get an established forensic setup to examine Android devices. This chapter also explains the use of ADB commands on the Android device.

Chapter 3, Understanding Data Storage on Android Devices, provides a detailed explanation of what kind of data is stored in the device, where it is stored, how it is stored, and details of the filesystems in which it is stored.

Chapter 4, Extracting Data Logically from Android Devices, covers various logical data extraction techniques using free and open source tools. The logical methods covered include ADB pull, ADB backup, ADB dumpsys information, and SIM card extractions. Bypassing device lock screens is also covered.

Chapter 5, Extracting Data Physically from Android Devices, demonstrates various physical data extraction techniques. Physical methods include dd and nanddump, as well as using netcat to write data to the examiner's computer. RAM and SD card imaging is also covered.

Chapter 6, Recovering Deleted Data from an Android Device, provides an overview on recovering data deleted from an Android device. This chapter explains procedures to recover data deleted from an SD card and also from a phone's internal storage.

Chapter 7, Forensic Analysis of Android Applications, covers forensic analysis of Android applications, data obfuscation methods used by popular applications, reverse engineering of Android applications, and the methods required for it.

Chapter 8, Android Forensic Tools Overview, explains various open source and commercial tools that are helpful during forensic analysis of Android devices.