Learning Android Forensics

More Information
  • Understand the Android system architecture and its significance for Android forensics
  • Build a forensically sound workstation
  • Utilize ADB to acquire data
  • Bypass Android security such as PINs and passwords
  • Perform both logical and full physical extractions to retrieve data
  • Reverse-engineer applications  
  • Analyze data from many popular applications including Gmail, WhatsApp, and Snapchat
  • Discover free and open source tools to aid in data acquisition and analysis

Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. This book will introduce you to the Android platform and its architecture, and provides a high-level overview of what Android  forensics entails. You will see how data is stored on Android devices and how to set up a digital forensic examination environment. Next, you will go through the various physical and logical techniques to extract data from devices to obtain forensic evidence. You will also learn how to reverse-engineer applications and forensically analyze the data with the help of various open source and commercial tools.

By the end of this book, you will have a complete understanding of the Android forensic process.

  • A professional, step-by-step approach to forensic analysis complete with key strategies and techniques
  • Analyze the most popular Android applications using free and open source tools
  • Learn forensically-sound core data extraction and recovery techniques
Page Count 322
Course Length 9 hours 39 minutes
ISBN 9781782174578
Date Of Publication 29 Apr 2015


Rohit Tamma

Rohit Tamma is a security program manager currently working for Microsoft. With over 9 years of experience in the field of security, his background spans management and technical consulting roles in the areas of application and cloud security, mobile security, penetration testing, and security training. Rohit has also co-authored a couple of books, Practical Mobile Forensics and Learning Android Forensics, which explain a number of ways of performing forensics on mobile platforms. You can contact him on Twitter at @RohitTamma.

Donnie Tindall

Donnie Tindall is a Principal Incident Response Consultant with the Crypsis Group, where he handles incident response engagements encompassing the full lifecycle of cyber security events. His corporate and consulting background is primarily in conducting sensitive forensics examinations for federal government clients, particularly the U.S. military and the Intelligence Community. Before moving into Incident Response, Donnie had an extensive background in mobile forensics, application security research, and exploitation. He is also an IACIS Certified Forensic Computer Examiner and former Community Instructor of FOR585, the SANS Institute's smartphone forensics course.