Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Android forensics an Custom Recovery Image

6,120 views

Published on

Mobile Forensic Process
Different Mobile Forensic Scenario
Acquisition Guide
Challenges of Android Forensics
How to Circumvent the Pass Code
Types Of Analyses(Logical analysis)
Types Of Analyses(Physical analysis)
Android Partition Layout
Custom Recovery Modifications
How Data are Stored In Android
Example of Useful Data extracted from Android Image

Published in: Education
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Real people just like you are kissing the idea of punching the clock for someone else goodbye, and embracing a new way of living. The internet economy is exploding, and there are literally THOUSANDS of great earnings opportunities available right now, all just one click away. ◆◆◆ http://t.cn/AisJWzdm
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Android forensics an Custom Recovery Image

  1. 1. Android Forensics Presented By: Mohamed Khaled Thanks to: Ibrahim Mosaad Mohamed Shawky
  2. 2. Agenda • Mobile Forensic Process • Different Mobile Forensic Scenario • Acquisition Guide • Challenges of Android Forensics • How to Circumvent the Pass Code • Types Of Analyses(Logical analysis) • Types Of Analyses(Physical analysis) • Android Partition Layout • Custom Recovery Modifications • How Data are Stored In Android • Example of Useful Data extracted from Android Image
  3. 3. Mobile Forensic Process Intake Identification Preparation Isolation Processing Verification Documenting Presentation Archiving • Receive device as evidence. • Receive request for examination• Identify device specifications & capabilities • Identify Goals of Examination • Prepare methods and tools to be used • Prepare media and forensic workstation for examination • Prepare tools to most recent version • Protect the evidence – Prevent remote data destruction • Isolate from the Cellular network, bluetooth, and Wi-Fi • Conduct forensic acquisition – Perform forensic analysis – Scan for malware • Validate your acquisition – Validate your forensic findings• Keep notes about your findings and process • Draft and finalize your forensic reports • Prepare exhibits – Present your findings • Keep a gold copy of data in a safe place • Keep data in common formats for future
  4. 4. Data Acquisition Types Manual Logical Physical
  5. 5. scenarios The device might be found to be turned off after seizure. have internal or removable memory Locked /unlocked Have access via USB debug mode or not
  6. 6. Acquisition Guide A-(Unlocked) • Airplane Mode • SIM ID Cloning Isolate Device from the Network • Remove passcode • Enable USB debugging • Enable “Stay Awake” • Disable timed screen lock features Take the necessary steps to ensure physical device access is possible • Acquire supporting media • SIM card(s) • Media cards • Check associated media for device backups Physical Acquisitions
  7. 7. A1 - Isolate Device from the Network • Airplane Mode • Remove the SIM card. • Place device in a shielded bag, box, tent, or room.
  8. 8. A 2-Ensure physical device access is possible • Enable USB debugging • Enable “Stay Awake” option • Disable timed screen lock features
  9. 9. A3 - Physical Acquisitions • Acquire supporting media • SIM card(s) • Media cards • Check associated media for device backups(Connected PC or Network)
  10. 10. Acquisition Guide B-(Locked) 1 Physical access requires that USB debugging mode is enabled. Forensic tools will use custom bootloaders to bypass the passcode if applicable. 2 Acquire supporting media • SIM cards • Media card(s) 3 Check associated computers and media for device backups • Computers and media cards
  11. 11. Challenges of Android Forensics • Access to system partitions is Restricted to The Android OS. • Techniques for obtaining root privilege differ depending on Android version, device manufacturer and model. • The OS has Authentication mechanisms that uses passwords, tactile patterns or biometric information
  12. 12. How to Circumvent the Pass Code • The smudge attack • Flash a New Recovery Partition (Our Solution) • Know Gmail user name and password for the device • JTAG and Chip-off
  13. 13. Types Of Analyses(Logical analysis) • It is possible to backup all the present data in a cell phone without rooting – Using Android Debug Bridge (adb backup command). • $ adb backup -apk -shared -system -all -f %1.backup – created a backup file which was later converted to .tar archive • $ java -jar abe.jar unpack %1.backup %1.tar
  14. 14. Physical Analysis (Low level analysis ) • Low level analysis is based on exact, bit to bit, copy of userdata partition. • After the copy, this partition is stored as a single file. • which is later used as input for other analysis tools. • Only a root user can make such a copy, so the phone must have been rooted at first.
  15. 15. What is rooting? • Process of overcoming limitations imposed by manufacturers on smartphone or tablet owners. • Gives an owner the ability to replace and/or alter system applications and settings • Run applications requiring administrator-level privileges • This includes listing active mounted partitions and cloning them
  16. 16. Physical analysis(Recovery Mode) • Another Way to Do Physical Analysis is by using Recovery Rom • But first We Are Going to Talk About the Android Partition Layout
  17. 17. Android Partition Layout • boot loader • Splash • Boot • Recovery • System • Userdata or Data • Cache • Radio
  18. 18. Android Partition Layout (Cont.) • boot loader: Stores the phone’s boot loader program, which takes care of : – Initializing the hardware when the phone boots – Booting the Android kernel – Implementing alternative boot modes such as download mode. • boot: Stores the Android boot image, which consists of : – Linux kernel(zImage) – and the root file system ram disk (initrd). • splash: Stores the first splash screen image seen right after powering on the device.
  19. 19. Android Partition Layout (Cont.) • userdata (data): this is the device’s internal storage for – Application data – User files such as: pictures, videos, audio, downloads. – This is mounted as /data on a booted system. • system: Stores the Android system image that is mounted as /system on a device. Contains – the Android framework. – Libraries. – system binaries. – pre-installed applications.
  20. 20. Android Partition Layout (Cont.) • cache: Used to store various utility files such as : – recovery logs and update packages downloaded over-the- air. On devices with applications installed on an SD card – it may also contain the dalvik-cache folder, which stores the Dalvik Virtual Machine (VM) cache.
  21. 21. Physical analysis(Recovery Mode) • It is an operating designed to – apply updates – format the device – perform other maintenance on the devices. • The stock recovery mode on most devices is very basic – Only provides a number of limited functions – Does not provide root privileges in a shell.
  22. 22. Physical analysis(Recovery Mode) • Should use extreme caution when installing a custom recovery partition as the process often contains kernel and radio updates • Could render the device unusable “bricked”. • Extensive testing must be performed on a lab device first to ensure no issues occur. • Examiners should understand what is being modified on the device during the installation of a custom recovery firmware.
  23. 23. Custom Recovery Rom Examples • Cyanogenmod Recovery (clockworkmod) • TeamWin (TWRP)
  24. 24. Custom Recovery Modifications • We are going to modify in the Cyanogenmod source code • The source code is writen in C Programming language.
  25. 25. Custom Recovery Modifications Remove Security Pattern • The pattern file is at – /data/system/gesture.key • Other security pattern are in file – /data/system/password.key • We will also use the pre defined function”__system”. – Which will enable us to run Linux commands like ls,rm,…etc – __system("rm /data/system/gesture.key"); //remove the pattern – __system("rm /data/system/password.key"); // remove any other lock like face or voice or password.
  26. 26. • In order to do physical imaging you have to run command like – dd if = /dev/sda1 of =/media/pc/file.dd – Where if is the source(the media whci we want to image). – The of is the destination • So We have to know: – the name of the driver of the source partition (i.e /data or /system) – The name of the destination driver (USB Flash for example) Custom Recovery Modification Physical imaging
  27. 27. How To Know The Name Of The Driver For The Source Partition • Using the file – /etc/recovery.fstab • We will search in the /etc/recovery.fstab till we find the driver name equivalent to the partition we want to image
  28. 28. Who to Know The name Of The Destination Driver (USB Flash for example) • Vold: The volume manager daemon. • Automatically Mount Sdcard and USB Flash memory (If connected) – When Device Startup – OR When Connected • We are going to search in the Vold till we find USB or SdCard.
  29. 29. How Data are Stored In Android • Android provides developers with five methods for storing data to a device. 1. Shared preferences 2. Internal storage 3. External storage 4. SQLite 5. Network
  30. 30. How Data are Stored In Android(Shared preferences) • Allow a developer to store key-value pairs of primitive data types in a lightweight XML format. – /data/data/<com.android.contacts>/shared_prefs • Used to set the programs configuartion
  31. 31. How Data are Stored In Android (Internal storage) • Contain more complicated data structures. • The files are stored in the application’s /data/data subdirectory. • Files can only be read by the application. • Indicate data that may be of interest to a forensic analyst
  32. 32. How Data are Stored In Android (External storage) • Files stored on the internal device’s storage have strict security and location parameters. • Files on the various external storage devices have far fewer constraints. • Emulated SdCard and Actual SdCard • Examples – Pictures,Videos,…,etc
  33. 33. How Data are Stored In Android (SQLite) • Databases are used for structured data storage – SQLite is a popular database format appearing in – many mobile systems – traditional operating systems. – /data/data/<packageName>/databases. • SQLite databases are a rich source of forensic data.
  34. 34. How Data are Stored In Android (Network) • Very few applications took advantage of the network as a storage option. • The Android Developer web site provides very few details for those interested in network storage. • You can use the network (when it is available) to store and retrieve data on your own web-based services. – Dropbox – Google Drive – Onedrive
  35. 35. Example of Useful Data extracted from Android Image • Android Browser Password – /data/data/com.android.browser/databases/webv iew.db • .table • select * from password; – data/com.android.chrome/app_chrome/Default/L ogin • Open Login Data file using txt viewer – /data/misc/wifi/ • Open wpa_supplicant.conf file using txt viewer.
  36. 36. References • Android Forensics – by Andrew Hoog • Android Hacker's Handbook – Joshua J. Drake,Pau Oliva Fora,Zach Lanier,Collin Mulliner,Stephen A. Ridley andGeorg Wicherski • Developing Process for Mobile Device Forensics – Det. Cynthia A. Murphy • Android Forensics, Part 1: How we recovered (supposedly) erased data – https://blog.avast.com/2014/07/09/android-foreniscs-pt-2-how-we-recovered-erased-data/ • http://www.cclgroupltd.com/mobile-device-forensics-data-acquisition- types/ • http://www.cclgroupltd.com/mobile-device-forensics-data-acquisition- types/ • http://forum.xda-developers.com/galaxy-nexus/general/guide-phone- backup-unlock-root-t1420351

×