SlideShare ist ein Scribd-Unternehmen logo

Android forensics (Manish Chasta)

ClubHack
ClubHack

This document provides an overview of Android forensics. It discusses rooting Android devices to gain access for forensic imaging. The forensic process involves seizing the device and accessories, creating a bit-by-bit image of the memory card and device to preserve all data, recovering useful data from the image, analyzing the image by examining key locations like the SQLite database and searching for evidence, and maintaining a proper chain of custody. Indian laws like the IT Act 2000 cover digital crimes using computers as targets or weapons.

Technologie
1 von 32
Downloaden Sie, um offline zu lesen
PRESENTED BY Manish Chasta, Principal Consultant, Indusface Android Forensics Manish Chasta, CISSP | CHFI
Agenda Introduction to Android Rooting Android Seizing Android Device Forensic Steps Chain of Custody Indian Cyber Laws
Introduction to Android • Most widely used mobile OS • Developed by Google • OS + Middleware + Applications • Android Open Source Project (AOSP) is responsible for maintenance and further development
Presence in the Market • According to Gartner report, Android captured 36% market share in Q1 of 2011. • Listed as the best selling Smartphone worldwide by Canalys. 4
Android Architecture 5
Android Architecture: Linux Kernel • Linux kernel with system services: – Security – Memory and process management – Network stack • Provide driver to access hardware: – Camera – Display and audio – Wifi – … 6
Android Architecture: Android RunTime • Core Libraries: – Written in Java – Provides the functionality of Java programming language – Interpreted by Dalvik VM • Dalvik VM: – Java based VM, a lightweight substitute to JVM – Unlike JVM, DVM is a register based Virtual Machine – DVM is optimized to run on limited main memory and less CPU usage – Java code (.class files) converted into .dex format to be able to run on Android platform 7
SQLite Database • SQLite Database: – SQLite is a widely used, lightweight database – Used by most mobile OS i.e. iPhone, Android, Symbian, webOS – SQLite is a free to use and open source database – Zero-configuration - no setup or administration needed. – A complete database is stored in a single cross- platform disk file. 8
How Android can be used in Cyber Crime? • Software Theft • Terrorism Activity • Pornography / Child Pornography • Financial Crime • Sexual harassment Cases • Murder or other Criminal activities 9
Forensic Process: An Open Source Approach • Seizing the device • Creating 1:1 image • Recovering the useful data • Analyzing the image to discover evidences • Maintain Chain of Custody 10
Seizing Android Device • If device is Off – Do not turn ‘ON’ • If device is On – Let it ON and keep device charging • Take photos and display of the device • Seize all other accessories available i.e. Memory card, cables etc. • Label all evidences and document everything 11
Creating 1:1 Image • Creating Image of Memory Card • Creating Image of Device 12
Creating Image of Memory Card • Fat 32 file system • Easy to create image • In most cases, applications wont store any sensitive data in memory card • Number of commercials and open source tools are available 13
Creating Image of Memory Card • Using Winhex 14
Creating Image of the Device • Android’s file systems • Importance of rooting • Rooting Samsung Galaxy device 15
Rooting Android Device Step 1: Download CF Rooted Karnal files and Odin3 Software 16
Rooting Android Device • Step 2: Keep handset on debugging mode 17
Rooting Android Device • Step 3: Run Odin3 18
Rooting Android Device • Step 4: Reboot the phone in download mode • Step 5: Connect to the PC 19
Rooting Android Device • Step 6: Select required file i.e: PDA, Phone, CSC files • Step 7: Click on Auto Reboot and F. Reset Time and hit Start button 20
Rooting Android Device • If your phone is Rooted... You will see PASS!! In Odin3 21
Creating Image of the Device • Taking backup with DD – low-level copying and conversion of raw data – Create bit by bit image of disk – Output Can be readable by any forensic tool – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd – Interesting Locations • datadata • datasystem 22
Creating Image of the Device 23
Creating Image of the Device • Taking image with viaExtract tool 24
Recovering Data • Using WinHex 25
Analysing Image • Reading the Image • Looking for KEY data • Searching techniques (DT Search) 26
Analysing Image • Winhex • Manual Intelligence • viaExtract 27
Analyzing SQLite • SQLite stores most critical information • Interesting place for Investigators • Tools – Epilog – sqlite database browser – sqlite_analyzer 28
Analyzing SQLite • Epilog 29
Maintaining ‘Chain of Custody’ • What is Chain of Custody? • CoC can have following information:  What is the evidence?  How did you get it?  When was it collected?  Who has handled it?  Why did that person handle it?  Where has it travelled, and where was it ultimately stored? 30
Indian Laws covering Digital Crimes • We can categorize Cyber crimes in two ways: – The Computer as a Target – The computer as a weapon • Indian Laws: – IT Act 2000 – IT(Amendment) Act, 2008 – Rules under section 6A, 43A and 79 • MIT site: http://mit.gov.in/content/cyber-laws 31
Manish Chasta manish.chasta@owasp.org chasta.manish@gmail.com

Empfohlen

Forensic Investigation of Android Operating System
Forensic Investigation of Android Operating SystemForensic Investigation of Android Operating System
Forensic Investigation of Android Operating System
nishant24894
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
dandb-technology
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Vikas Jain
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
n|u - The Open Security Community
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
Anshul Tayal
 

Empfohlen

Forensic Investigation of Android Operating System
Forensic Investigation of Android Operating SystemForensic Investigation of Android Operating System
Forensic Investigation of Android Operating System
nishant24894
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
dandb-technology
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Vikas Jain
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
n|u - The Open Security Community
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
Anshul Tayal
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
primeteacher32
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
Disha Bedi
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
File Carving
File CarvingFile Carving
File Carving
Aakarsh Raj
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
Sagar Rahurkar
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
9905234521
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
SecureState
 
Android
AndroidAndroid
Android
Vibhu Mishra
 

Weitere ähnliche Inhalte

Was ist angesagt?

Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
Sagar Rahurkar
 

Was ist angesagt? (20)

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Android security
Android securityAndroid security
Android security
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
File Carving
File CarvingFile Carving
File Carving
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Incident response process
Incident response processIncident response process
Incident response process
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 

Ähnlich wie Android forensics (Manish Chasta)

Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
hakersinfo
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
HarshiniB11
 
Computer information mft review
Computer information mft reviewComputer information mft review
Computer information mft review
Vijay Selvam
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
Joe Jacob
 

Ähnlich wie Android forensics (Manish Chasta) (20)

Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Android
AndroidAndroid
Android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Android Presentation
Android PresentationAndroid Presentation
Android Presentation
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
 
My androidpresentation
My androidpresentationMy androidpresentation
My androidpresentation
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
 
Computer information mft review
Computer information mft reviewComputer information mft review
Computer information mft review
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating System
 
Basic Android OS
Basic Android OSBasic Android OS
Basic Android OS
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systems
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
 
Android Programming
Android ProgrammingAndroid Programming
Android Programming
 
Android overview
Android overviewAndroid overview
Android overview
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Seminar report on android os
Seminar report on android osSeminar report on android os
Seminar report on android os
 
android
androidandroid
android
 

Mehr von ClubHack

The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Android forensics (Manish Chasta)

  • 1. PRESENTED BY Manish Chasta, Principal Consultant, Indusface Android Forensics Manish Chasta, CISSP | CHFI
  • 2. Agenda Introduction to Android Rooting Android Seizing Android Device Forensic Steps Chain of Custody Indian Cyber Laws
  • 3. Introduction to Android • Most widely used mobile OS • Developed by Google • OS + Middleware + Applications • Android Open Source Project (AOSP) is responsible for maintenance and further development
  • 4. Presence in the Market • According to Gartner report, Android captured 36% market share in Q1 of 2011. • Listed as the best selling Smartphone worldwide by Canalys. 4
  • 6. Android Architecture: Linux Kernel • Linux kernel with system services: – Security – Memory and process management – Network stack • Provide driver to access hardware: – Camera – Display and audio – Wifi – … 6
  • 7. Android Architecture: Android RunTime • Core Libraries: – Written in Java – Provides the functionality of Java programming language – Interpreted by Dalvik VM • Dalvik VM: – Java based VM, a lightweight substitute to JVM – Unlike JVM, DVM is a register based Virtual Machine – DVM is optimized to run on limited main memory and less CPU usage – Java code (.class files) converted into .dex format to be able to run on Android platform 7
  • 8. SQLite Database • SQLite Database: – SQLite is a widely used, lightweight database – Used by most mobile OS i.e. iPhone, Android, Symbian, webOS – SQLite is a free to use and open source database – Zero-configuration - no setup or administration needed. – A complete database is stored in a single cross- platform disk file. 8
  • 9. How Android can be used in Cyber Crime? • Software Theft • Terrorism Activity • Pornography / Child Pornography • Financial Crime • Sexual harassment Cases • Murder or other Criminal activities 9
  • 10. Forensic Process: An Open Source Approach • Seizing the device • Creating 1:1 image • Recovering the useful data • Analyzing the image to discover evidences • Maintain Chain of Custody 10
  • 11. Seizing Android Device • If device is Off – Do not turn ‘ON’ • If device is On – Let it ON and keep device charging • Take photos and display of the device • Seize all other accessories available i.e. Memory card, cables etc. • Label all evidences and document everything 11
  • 12. Creating 1:1 Image • Creating Image of Memory Card • Creating Image of Device 12
  • 13. Creating Image of Memory Card • Fat 32 file system • Easy to create image • In most cases, applications wont store any sensitive data in memory card • Number of commercials and open source tools are available 13
  • 14. Creating Image of Memory Card • Using Winhex 14
  • 15. Creating Image of the Device • Android’s file systems • Importance of rooting • Rooting Samsung Galaxy device 15
  • 16. Rooting Android Device Step 1: Download CF Rooted Karnal files and Odin3 Software 16
  • 17. Rooting Android Device • Step 2: Keep handset on debugging mode 17
  • 18. Rooting Android Device • Step 3: Run Odin3 18
  • 19. Rooting Android Device • Step 4: Reboot the phone in download mode • Step 5: Connect to the PC 19
  • 20. Rooting Android Device • Step 6: Select required file i.e: PDA, Phone, CSC files • Step 7: Click on Auto Reboot and F. Reset Time and hit Start button 20
  • 21. Rooting Android Device • If your phone is Rooted... You will see PASS!! In Odin3 21
  • 22. Creating Image of the Device • Taking backup with DD – low-level copying and conversion of raw data – Create bit by bit image of disk – Output Can be readable by any forensic tool – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd – Interesting Locations • datadata • datasystem 22
  • 23. Creating Image of the Device 23
  • 24. Creating Image of the Device • Taking image with viaExtract tool 24
  • 26. Analysing Image • Reading the Image • Looking for KEY data • Searching techniques (DT Search) 26
  • 27. Analysing Image • Winhex • Manual Intelligence • viaExtract 27
  • 28. Analyzing SQLite • SQLite stores most critical information • Interesting place for Investigators • Tools – Epilog – sqlite database browser – sqlite_analyzer 28
  • 30. Maintaining ‘Chain of Custody’ • What is Chain of Custody? • CoC can have following information:  What is the evidence?  How did you get it?  When was it collected?  Who has handled it?  Why did that person handle it?  Where has it travelled, and where was it ultimately stored? 30
  • 31. Indian Laws covering Digital Crimes • We can categorize Cyber crimes in two ways: – The Computer as a Target – The computer as a weapon • Indian Laws: – IT Act 2000 – IT(Amendment) Act, 2008 – Rules under section 6A, 43A and 79 • MIT site: http://mit.gov.in/content/cyber-laws 31
  • 32. Manish Chasta manish.chasta@owasp.org chasta.manish@gmail.com