Android Mobile forensics with custom recoveries

•Download as PPTX, PDF•

4 likes•2,260 views

The presentation describes how can we do Android Mobile forensics through custom recovery partitions. It explains that different forensics functionalities can be done on android phones through the custom recovery partition. Some of these functionalities are Logical/Physical data acquisition, PIN/Pattern/Passcode bypass, rooting, adb shell and many other functionalities. The presentation also illustrates how can we build our own custom recoveries.

Technology

Android forensics and
Custom Recoveries
Ibrahim M. El-Sayed
1

Outline
 Introduction to Android
 Custom Recoveries
 Custom recoveries and Forensics
 Challenges and Goals
 Conclusion
2

Introduction To Android
 Android ?
 Robot with a human appearance
 Open-source operating system currently
Developed by Google
3

Introduction To Android
 Android Market Share (US)
4

Introduction To Android
 Android Market Share (Else Where)
5

Introduction To Android
 Android Architecture
6

Introduction To Android
 Android partition layout
/system: mounted read-only system files
/data: user data and applications
/cache: partition used by the dalvik machine for
performance
/boot: the kernel of device
/recovery: minimal kernel + file system
/sdcard: removable sdcard
7

Custom Recoveries
 What are Recoveries partition?
 A mode on android devices that boots a minimal Linux
environment. (Similar to Safe-mode in Windows OS)
 Why stock recoveries?
 Update The Operating System
 Backup and maintenance
8

Custom Recoveries
 How do their architecture look like?
9
RECOVERY.IMG

Digital forensics
 Digital forensics: is a branch of forensic science
encompassing the recovery and investigation of
material found in digital devices, often in relation to
computer crime.
 Digital Forensics Process
10
Seizure Acquisition Analysis Reporting

Custom recoveries and
Forensics
 What might be the relation between Custom Recoveries
and Forensics?
 File system is not encrypted!
 Boot-loaders!
 Hypothesis: If we managed to develop a custom recovery
with forensics functionalities, we will be able to
forensically analyze mobile devices
 What are the forensics functionalities?
11

Custom recoveries and
Forensics
 Forensics Functionalities – Viaforensic!
 Passphrase/pin/pattern bypass
 Logical data acquisition
 Physical data acquisition
 Rooting
 Adb Shell
12

Custom Recoveries
 How to develop a Custom recovery?
1. Install Linux/Mac OsX to start building
2. Download Cyangonmod source code
3. Develop the forensics functions
4. Build your Custom Recovery
5. Flash it on the device if you have the correct device
configuration!!!
13

Custom Recoveries
 Develop the forensics functions
 Logical Acquisition
 Physical Acquisition
 Rooting
 ADB
14

Custom Recoveries
 Build Custom Recovery
 Known devices in Cyangonmod source tree. (Samsung S3)
 Let’s see the Build guide provided by Cyangonmod
website :)
15

Custom Recoveries
 Build Custom Recoveries for new devices!
 What is the needed information?
 Partition info
 BoardConfig
 kernel
 Information Gathering
1. Already built stock-ROMs
2. Pull from rooted devices
3. Mobiles are similar
 How much possible you will get device configuration?
16

Custom Recoveries
 Flashing your Custom Recovery
 ODIN/Heimdall
 Samsung devices
 fastboot
 Almost all other android devices
 HBOOT
17

Testing
 The technique have been tested with
 Samsung Galaxy S2, S3, S4
 Samsung Note I, Note II
 Oppo N1
 Theortically applicable with
 90% of Samsung devices
 Why Samsung is THAT bad?
 It also possible with
 Sony devices
 Might work with
 Nexus
 HTC
18

Challenges and Goals
 Challenges
 Locked boot-loaders
 Device configuration
 Goals
 Boot from SD-Cards
 Bypass locked boot-loaders
19

Acknowledgments
 Eng. Waleed Zakira
 Eng. Mohamed Nasr
 Eng. Mohamed Zaki
 Eng. Mahmoud Raouf
20

What's hot

Building Custom Android Malware BruCON 2013

Stephan Chenette

A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port. The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved. I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware. Kenji Toda At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems) http://codeblue.jp/en-speaker.html#KenjiToda

A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...

CODE BLUE

Live Memory Forensics on Android devices

Nikos Gkogkos

SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing

Brent Muir

Brief Tour about Android Security

National Cheng Kung University

Android Hacking

antitree

Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details. Igor Skochinsky Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.

Secret of Intel Management Engine by Igor Skochinsky

CODE BLUE

DefCon 2012 - Gaining Access to User Android Data

Michael Smith

Android Security Overview and Safe Practices for Web-Based Android Applications

h4oxer

Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI. In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company. Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique). Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.

CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...

CODE BLUE

Смирнов Александр, Security in Android Application

SECON

Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces

Igor Korkin

Android booting sequece and setup and debugging

Utkarsh Mankad

MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel

Igor Korkin

Android secure offline storage - CC Mobile

Steve De Zitter

Android sandbox

Anusha Chavan

This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.

Practical Security Assessments of IoT Devices and Systems

Ollie Whitehouse

Android security

Mobile Rtpl

What & How to Customize Android?

Industrial Technology Research Institute (ITRI)(工業技術研究院, 工研院)

iOS jailbreaking

Varun Luthra

What's hot (20)

Building Custom Android Malware BruCON 2013

A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...

Live Memory Forensics on Android devices

SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing

Brief Tour about Android Security

Android Hacking

Secret of Intel Management Engine by Igor Skochinsky

DefCon 2012 - Gaining Access to User Android Data

Android Security Overview and Safe Practices for Web-Based Android Applications

CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...

Смирнов Александр, Security in Android Application

Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces

Android booting sequece and setup and debugging

MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel

Android secure offline storage - CC Mobile

Android sandbox

Practical Security Assessments of IoT Devices and Systems

Android security

What & How to Customize Android?

iOS jailbreaking

Viewers also liked

Computer Forensics & Windows Registry

somutripathi

Digital forensics track schroader-rob when forensics collide

ISSA LA

Windowsforensics

Santosh Khadsare

Shelton mobile forensics

i4box Anon

Forensics of a Windows System

Conferencias FIST

Cell Phone Forensics Research

Houston Rickard

Mobile forensics

noorashams

Windows 10 Forensics: OS Evidentiary Artefacts

Brent Muir

Viewers also liked (8)

Computer Forensics & Windows Registry

Digital forensics track schroader-rob when forensics collide

Windowsforensics

Shelton mobile forensics

Forensics of a Windows System

Cell Phone Forensics Research

Mobile forensics

Windows 10 Forensics: OS Evidentiary Artefacts

Similar to Android Mobile forensics with custom recoveries

Taking Control of Your Mobile Device - Rooting-n-Roms

jimboks

Rooting Android Devices

Lokendra Rawat

Learning AOSP - Building AOSP for Nexus 7

Nanik Tolaram

Hacking Android OS

Jimmy Software

Over the years Linux is being used as operating system in many intelligent and smart electronic devices starting from mobile phone, refrigerator to cow milking devices apart from desktops and server computers. Though Linux is open source, its often difficult for a beginner to get started. In this presentation embedded system and embedded Linux have been introduced through examples, animation and short explanation. This presentation is targeted to the absolute beginner or embedded software engineer who wants to be part of exciting world of Linux and the enthusiast or even manager who just wants to get idea about embedded Linux.

Introduction to Embedded Linux

Hossain Reja

Android and ios cracking, hackintosh included !

Veduruparthy Bharat

Rooting an Android phone

Arnav Gupta

Introduction to Android (Jeudis du libre)

cbeyls

Android is an open source Platform or a software stack for mobile. It is a Google product. but still as it is a open source so anyone can develop its application It run on dalvik VM and its applications are written in java. Android is a terrifically growing mobile platform and also a user loveable OS for mobile phone. We can see that its new versions are coming with a small or can say with in a minimum interval . Recently we have android 5.0 and on its release google had announced for android 5.0.1 also. The Android OS project was started in 2001. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance. 1-HISTORY OF ANDROID:- In 2005 Google buys android Incorporation and started dalvik. At that time it is not possible for Google to go out and buy the companies to work on android, so Google in 2007 announced Android as an Open Handset Alliance so it a point to be noted that know android is not owned by only by Google or Google is the owner of android but OHA is the owner of android. 2008 to 2010 the android become a biggest used platform for mobile, it was world wide accepted mobile platform domain. In 2011 the chairman of Google Mr. Eric had decided to more to other device also like gaming, tablets, Tv watches, Car GPRS systems, etc. YEAR TASK 2005 Google buys ANDROID Inc. 2007 Open Handset Alliance. Announced FIRST SDK. 2008 Android become the domain of mobile platform 2011 Games, tablets, watches,etc Why Dalvik VM not Java VM (JVM) ? Android runs java app so why don’t we use java vm ? because of two good reasons 1- business. 2- Technical. Business is Java is owned by Oracle. So We have to buy license for java VM. Due to which Android will no longer be free, and there is no reason that why Google will give profit to Oracle. And it is not easy for Google to buy license from oracle for each VM After all it is the reason for its pride. There are main two technical reasons 1-battery consumption of java vm. As java is optimized and is designed to run on Intel chips easily and Intel chips need more and more power to run and in mobiles the battery in main consistent so intel chips are replaced by armed chips, so it is not possible to run java vm on it. 2- Memory consumption in java vm to run any app first we have to load it class for memory to Hard disk or RAM, so to run first we have to wait for vm to search and load class in HD or RAM. And in mobile we don’t have such a large memory that we load classes every before running any app. So it better to replace JVM with dalvik vm which use classes but there is no need to load it in RAM it run it directly. Difference b\w Delvik and ART 0 In dalvik runtime, the JIT in bounded to CPU but ART frees the CPU from translating DEX to machine code during app’s execution thus reduce energy consumption. o ART is faster as it directly convert. DEX byte-code to NAT

Android introduction and rooting technology

Gagandeep Nanda

Backing Up Android

POSSCON

Security Issues in Android Custom Rom - Whitepaper

n|u - The Open Security Community

WhitePaper : Security issues in android custom rom

Anant Shrivastava

Android Attacks

Michael Scovetta

Android rooting

Vikalp Sajwan

ODROID Magazine August 2014

Nanik Tolaram

Security Issues in Android Custom ROM

Anant Shrivastava

Security Issues in Android Custom Rom

n|u - The Open Security Community

Android Rooting

Ajay Dasila

My session in AnDevcon, November 2011, Burlingame, CA. In the cloud era, most software projects have shifted from asking "What hardware architecture should be chosen for my back-end?" to "Which cloud configuration should be used for my back-end?" Bringing up a cloud server has become an obvious choice for any Linux or Windows-based deployment. As Android emerges as the new Embedded Linux for a growing number of industries, it only makes sense to consider its cloud application as a server. In this class, we will discuss why and how Android can be brought on the cloud system, and on any cloud infrastructure, using AWS (Amazon Web Services) as an example. LEVEL: Intermediate AUDIENCE: Developer Essentials For Training/Consulting requests: info@thepscg.com

Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)

Ron Munitz

Q4.11: Porting Android to new Platforms

Linaro

Similar to Android Mobile forensics with custom recoveries (20)

Taking Control of Your Mobile Device - Rooting-n-Roms

Rooting Android Devices

Learning AOSP - Building AOSP for Nexus 7

Hacking Android OS

Introduction to Embedded Linux

Android and ios cracking, hackintosh included !

Rooting an Android phone

Introduction to Android (Jeudis du libre)

Android introduction and rooting technology

Backing Up Android

Security Issues in Android Custom Rom - Whitepaper

WhitePaper : Security issues in android custom rom

Android Attacks

Android rooting

ODROID Magazine August 2014

Security Issues in Android Custom ROM

Security Issues in Android Custom Rom

Android Rooting

Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)

Q4.11: Porting Android to new Platforms

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Scaling API-first – The story of a global engineering organization

Radu Cotescu

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

2024: Domino Containers - The Next Step. News from the Domino Container commu...

AWS Community Day CPH - Three problems of Terraform

Scaling API-first – The story of a global engineering organization

A Domino Admins Adventures (Engage 2024)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Boost Fertility New Invention Ups Success Rates.pdf

How to Troubleshoot Apps for the Modern Connected Worker

Data Cloud, More than a CDP by Matt Robison

HTML Injection Attacks: Impact and Mitigation Strategies

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Driving Behavioral Change for Information Management through Data-Driven Gree...

Android Mobile forensics with custom recoveries

1. Android forensics and Custom Recoveries Ibrahim M. El-Sayed 1

2. Outline  Introduction to Android  Custom Recoveries  Custom recoveries and Forensics  Challenges and Goals  Conclusion 2

3. Introduction To Android  Android ?  Robot with a human appearance  Open-source operating system currently Developed by Google 3

4. Introduction To Android  Android Market Share (US) 4

5. Introduction To Android  Android Market Share (Else Where) 5

6. Introduction To Android  Android Architecture 6

7. Introduction To Android  Android partition layout /system: mounted read-only system files /data: user data and applications /cache: partition used by the dalvik machine for performance /boot: the kernel of device /recovery: minimal kernel + file system /sdcard: removable sdcard 7

8. Custom Recoveries  What are Recoveries partition?  A mode on android devices that boots a minimal Linux environment. (Similar to Safe-mode in Windows OS)  Why stock recoveries?  Update The Operating System  Backup and maintenance 8

9. Custom Recoveries  How do their architecture look like? 9 RECOVERY.IMG

10. Digital forensics  Digital forensics: is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.  Digital Forensics Process 10 Seizure Acquisition Analysis Reporting

11. Custom recoveries and Forensics  What might be the relation between Custom Recoveries and Forensics?  File system is not encrypted!  Boot-loaders!  Hypothesis: If we managed to develop a custom recovery with forensics functionalities, we will be able to forensically analyze mobile devices  What are the forensics functionalities? 11

12. Custom recoveries and Forensics  Forensics Functionalities – Viaforensic!  Passphrase/pin/pattern bypass  Logical data acquisition  Physical data acquisition  Rooting  Adb Shell 12

13. Custom Recoveries  How to develop a Custom recovery? 1. Install Linux/Mac OsX to start building 2. Download Cyangonmod source code 3. Develop the forensics functions 4. Build your Custom Recovery 5. Flash it on the device if you have the correct device configuration!!! 13

14. Custom Recoveries  Develop the forensics functions  Logical Acquisition  Physical Acquisition  Rooting  ADB 14

15. Custom Recoveries  Build Custom Recovery  Known devices in Cyangonmod source tree. (Samsung S3)  Let’s see the Build guide provided by Cyangonmod website :) 15

16. Custom Recoveries  Build Custom Recoveries for new devices!  What is the needed information?  Partition info  BoardConfig  kernel  Information Gathering 1. Already built stock-ROMs 2. Pull from rooted devices 3. Mobiles are similar  How much possible you will get device configuration? 16

17. Custom Recoveries  Flashing your Custom Recovery  ODIN/Heimdall  Samsung devices  fastboot  Almost all other android devices  HBOOT 17

18. Testing  The technique have been tested with  Samsung Galaxy S2, S3, S4  Samsung Note I, Note II  Oppo N1  Theortically applicable with  90% of Samsung devices  Why Samsung is THAT bad?  It also possible with  Sony devices  Might work with  Nexus  HTC 18

19. Challenges and Goals  Challenges  Locked boot-loaders  Device configuration  Goals  Boot from SD-Cards  Bypass locked boot-loaders 19

20. Acknowledgments  Eng. Waleed Zakira  Eng. Mohamed Nasr  Eng. Mohamed Zaki  Eng. Mahmoud Raouf 20

21. Any Questions ? 21

Android Mobile forensics with custom recoveries

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Android Mobile forensics with custom recoveries

Similar to Android Mobile forensics with custom recoveries (20)

Recently uploaded

Recently uploaded (20)

Android Mobile forensics with custom recoveries