SlideShare ist ein Scribd-Unternehmen logo

Manish Chasta - Android forensics

Als PPT, PDF herunterladen
Positive Hack Days
Positive Hack Days
Technologie
1 von 32
PRESENTED BY Manish Chasta, Principal Consultant, Indusface Android Forensics Manish Chasta, CI S S P | CHF I
Agenda Introduction to Android Rooting Android Seizing Android Device Forensic Steps Chain of Custody Indian Cyber Laws
Introduction to Android • Most widely used mobile OS • Developed by Google • OS + Middleware + Applications • Android Open Source Project (AOSP) is responsible for maintenance and further development
Presence in the Market • According to Gartner report, Android captured 36% market share in Q1 of 2011. • Listed as the best selling Smartphone worldwide by Canalys. 4
Android Architecture 5
Android Architecture: Linux Kernel • Linux kernel with system services: – Security – Memory and process management – Network stack • Provide driver to access hardware: – Camera – Display and audio – Wifi – … 6
Android Architecture: Android RunTime • Core Libraries: – Written in Java – Provides the functionality of Java programming language – Interpreted by Dalvik VM • Dalvik VM: – Java based VM, a lightweight substitute to JVM – Unlike JVM, DVM is a register based Virtual Machine – DVM is optimized to run on limited main memory and less CPU usage – Java code (.class files) converted into .dex format to be able to run on Android platform 7
SQLite Database • SQLite Database: – SQLite is a widely used, lightweight database – Used by most mobile OS i.e. iPhone, Android, Symbian, webOS – SQLite is a free to use and open source database – Zero-configuration - no setup or administration needed. – A complete database is stored in a single cross- platform disk file. 8
How Android can be used in Cyber Crime? • Software Theft • Terrorism Activity • Pornography / Child Pornography • Financial Crime • Sexual harassment Cases • Murder or other Criminal activities 9
Forensic Process: An Open Source Approach • Seizing the device • Creating 1:1 image • Recovering the useful data • Analyzing the image to discover evidences • Maintain Chain of Custody 10
Seizing Android Device • If device is Off – Do not turn ‘ON’ • If device is On – Let it ON and keep device charging • Take photos and display of the device • Seize all other accessories available i.e. Memory card, cables etc. • Label all evidences and document everything 11
Creating 1:1 Image • Creating Image of Memory Card • Creating Image of Device 12
Creating Image of Memory Card • Fat 32 file system • Easy to create image • In most cases, applications wont store any sensitive data in memory card • Number of commercials and open source tools are available 13
Creating Image of Memory Card • Using Winhex 14
Creating Image of the Device • Android’s file systems • Importance of rooting • Rooting Samsung Galaxy device 15
Rooting Android Device Step 1: Download CF Rooted Karnal files and Odin3 Software 16
Rooting Android Device • Step 2: Keep handset on debugging mode 17
Rooting Android Device • Step 3: Run Odin3 18
Rooting Android Device • Step 4: Reboot the phone in download mode • Step 5: Connect to the PC 19
Rooting Android Device • Step 6: Select required file i.e: PDA, Phone, CSC files • Step 7: Click on Auto Reboot and F. Reset Time and hit Start button 20
Rooting Android Device • If your phone is Rooted... You will see PASS!! In Odin3 21
Creating Image of the Device • Taking backup with DD – low-level copying and conversion of raw data – Create bit by bit image of disk – Output Can be readable by any forensic tool – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd – Interesting Locations • datadata • datasystem 22
Creating Image of the Device 23
Creating Image of the Device • Taking image with viaExtract tool 24
Recovering Data • Using WinHex 25
Analysing Image • Reading the Image • Looking for KEY data • Searching techniques (DT Search) 26
Analysing Image • Winhex • Manual Intelligence • viaExtract 27
Analyzing SQLite • SQLite stores most critical information • Interesting place for Investigators • Tools – Epilog – sqlite database browser – sqlite_analyzer 28
Analyzing SQLite • Epilog 29
Maintaining ‘Chain of Custody’ • What is Chain of Custody? • CoC can have following information:  What is the evidence?  How did you get it?  When was it collected?  Who has handled it?  Why did that person handle it?  Where has it travelled, and where was it ultimately stored? 30
Indian Laws covering Digital Crimes • We can categorize Cyber crimes in two ways: – The Computer as a Target – The computer as a weapon • Indian Laws: – IT Act 2000 – IT(Amendment) Act, 2008 – Rules under section 6A, 43A and 79 • MIT site: http://mit.gov.in/content/cyber-laws 31
Manish Chasta manish.chasta@owasp.org chasta.manish@gmail.com

Empfohlen

Data security
Data securityData security
Data securityMuhammad Yasir
 
Ca presentation
Ca presentationCa presentation
Ca presentationNazir Ahmed
 
Apts and other stuff
Apts and other stuffApts and other stuff
Apts and other stuffPositive Hack Days
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...Positive Hack Days
 
PostScript: Danger Ahead?!
PostScript: Danger Ahead?!PostScript: Danger Ahead?!
PostScript: Danger Ahead?!Positive Hack Days
 
Практические аспекты мобильной безопасности
Практические аспекты мобильной безопасностиПрактические аспекты мобильной безопасности
Практические аспекты мобильной безопасностиPositive Hack Days
 
Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...Positive Hack Days
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Positive Hack Days
 

Empfohlen

Data security
Data securityData security
Data securityMuhammad Yasir
 
Ca presentation
Ca presentationCa presentation
Ca presentationNazir Ahmed
 
Apts and other stuff
Apts and other stuffApts and other stuff
Apts and other stuffPositive Hack Days
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...Positive Hack Days
 
PostScript: Danger Ahead?!
PostScript: Danger Ahead?!PostScript: Danger Ahead?!
PostScript: Danger Ahead?!Positive Hack Days
 
Практические аспекты мобильной безопасности
Практические аспекты мобильной безопасностиПрактические аспекты мобильной безопасности
Практические аспекты мобильной безопасностиPositive Hack Days
 
Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...Positive Hack Days
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Positive Hack Days
 
Android
AndroidAndroid
AndroidVibhu Mishra
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Android Presentation
Android PresentationAndroid Presentation
Android PresentationSaurabh Wahile
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
My androidpresentation
My androidpresentationMy androidpresentation
My androidpresentationniteshnarayanlal
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptxHarshiniB11
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Computer information mft review
Computer information mft reviewComputer information mft review
Computer information mft reviewVijay Selvam
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Coder Tech
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systemsNicolas Demetriou
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating SystemAmit Kundu
 
Android Programming
Android ProgrammingAndroid Programming
Android ProgrammingPasi Manninen
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions newJoe Jacob
 
android
androidandroid
androidAkhil Kumar
 
Seminar report on android os
Seminar report on android osSeminar report on android os
Seminar report on android osAppsthentic Technology
 
Basic Android OS
Basic Android OSBasic Android OS
Basic Android OSYong Heui Cho
 
Android PPT
Android PPTAndroid PPT
Android PPTsaikrishnabachuwar
 
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 

Weitere ähnliche Inhalte

Ähnlich wie Manish Chasta - Android forensics

Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptxHarshiniB11
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Computer information mft review
Computer information mft reviewComputer information mft review
Computer information mft reviewVijay Selvam
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Coder Tech
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating SystemAmit Kundu
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions newJoe Jacob
 

Ähnlich wie Manish Chasta - Android forensics (20)

Android
AndroidAndroid
Android
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Android Presentation
Android PresentationAndroid Presentation
Android Presentation
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
 
My androidpresentation
My androidpresentationMy androidpresentation
My androidpresentation
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Computer information mft review
Computer information mft reviewComputer information mft review
Computer information mft review
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systems
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating System
 
Android Programming
Android ProgrammingAndroid Programming
Android Programming
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
 
android
androidandroid
android
 
Seminar report on android os
Seminar report on android osSeminar report on android os
Seminar report on android os
 
Basic Android OS
Basic Android OSBasic Android OS
Basic Android OS
 
Android PPT
Android PPTAndroid PPT
Android PPT
 

Mehr von Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

Mehr von Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Manish Chasta - Android forensics

  • 1. PRESENTED BY Manish Chasta, Principal Consultant, Indusface Android Forensics Manish Chasta, CI S S P | CHF I
  • 2. Agenda Introduction to Android Rooting Android Seizing Android Device Forensic Steps Chain of Custody Indian Cyber Laws
  • 3. Introduction to Android • Most widely used mobile OS • Developed by Google • OS + Middleware + Applications • Android Open Source Project (AOSP) is responsible for maintenance and further development
  • 4. Presence in the Market • According to Gartner report, Android captured 36% market share in Q1 of 2011. • Listed as the best selling Smartphone worldwide by Canalys. 4
  • 6. Android Architecture: Linux Kernel • Linux kernel with system services: – Security – Memory and process management – Network stack • Provide driver to access hardware: – Camera – Display and audio – Wifi – … 6
  • 7. Android Architecture: Android RunTime • Core Libraries: – Written in Java – Provides the functionality of Java programming language – Interpreted by Dalvik VM • Dalvik VM: – Java based VM, a lightweight substitute to JVM – Unlike JVM, DVM is a register based Virtual Machine – DVM is optimized to run on limited main memory and less CPU usage – Java code (.class files) converted into .dex format to be able to run on Android platform 7
  • 8. SQLite Database • SQLite Database: – SQLite is a widely used, lightweight database – Used by most mobile OS i.e. iPhone, Android, Symbian, webOS – SQLite is a free to use and open source database – Zero-configuration - no setup or administration needed. – A complete database is stored in a single cross- platform disk file. 8
  • 9. How Android can be used in Cyber Crime? • Software Theft • Terrorism Activity • Pornography / Child Pornography • Financial Crime • Sexual harassment Cases • Murder or other Criminal activities 9
  • 10. Forensic Process: An Open Source Approach • Seizing the device • Creating 1:1 image • Recovering the useful data • Analyzing the image to discover evidences • Maintain Chain of Custody 10
  • 11. Seizing Android Device • If device is Off – Do not turn ‘ON’ • If device is On – Let it ON and keep device charging • Take photos and display of the device • Seize all other accessories available i.e. Memory card, cables etc. • Label all evidences and document everything 11
  • 12. Creating 1:1 Image • Creating Image of Memory Card • Creating Image of Device 12
  • 13. Creating Image of Memory Card • Fat 32 file system • Easy to create image • In most cases, applications wont store any sensitive data in memory card • Number of commercials and open source tools are available 13
  • 14. Creating Image of Memory Card • Using Winhex 14
  • 15. Creating Image of the Device • Android’s file systems • Importance of rooting • Rooting Samsung Galaxy device 15
  • 16. Rooting Android Device Step 1: Download CF Rooted Karnal files and Odin3 Software 16
  • 17. Rooting Android Device • Step 2: Keep handset on debugging mode 17
  • 18. Rooting Android Device • Step 3: Run Odin3 18
  • 19. Rooting Android Device • Step 4: Reboot the phone in download mode • Step 5: Connect to the PC 19
  • 20. Rooting Android Device • Step 6: Select required file i.e: PDA, Phone, CSC files • Step 7: Click on Auto Reboot and F. Reset Time and hit Start button 20
  • 21. Rooting Android Device • If your phone is Rooted... You will see PASS!! In Odin3 21
  • 22. Creating Image of the Device • Taking backup with DD – low-level copying and conversion of raw data – Create bit by bit image of disk – Output Can be readable by any forensic tool – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd – Interesting Locations • datadata • datasystem 22
  • 23. Creating Image of the Device 23
  • 24. Creating Image of the Device • Taking image with viaExtract tool 24
  • 26. Analysing Image • Reading the Image • Looking for KEY data • Searching techniques (DT Search) 26
  • 27. Analysing Image • Winhex • Manual Intelligence • viaExtract 27
  • 28. Analyzing SQLite • SQLite stores most critical information • Interesting place for Investigators • Tools – Epilog – sqlite database browser – sqlite_analyzer 28
  • 30. Maintaining ‘Chain of Custody’ • What is Chain of Custody? • CoC can have following information:  What is the evidence?  How did you get it?  When was it collected?  Who has handled it?  Why did that person handle it?  Where has it travelled, and where was it ultimately stored? 30
  • 31. Indian Laws covering Digital Crimes • We can categorize Cyber crimes in two ways: – The Computer as a Target – The computer as a weapon • Indian Laws: – IT Act 2000 – IT(Amendment) Act, 2008 – Rules under section 6A, 43A and 79 • MIT site: http://mit.gov.in/content/cyber-laws 31
  • 32. Manish Chasta manish.chasta@owasp.org chasta.manish@gmail.com