16 August 2011

[Forensic] Dành cho ai thích nghịch Android


Bài viết liên quan:


Source: http://viaforensics.com

Tool:

We had posted several tools which can assist in learning and analyzing Android forensics.  The free Android Forensic tools are available online and currently cover the following:
  1. YAFFS2 example (Bash script)
  2. Remove OOB (Python script)
  3. Android scalpel conf (Config file)
  4. Parse Android Physical image (Python script)
Other:


For those watching the smartphone race, comScore recently released updated Smartphone Platform Market Share in the US.   Android remains the top platform and increased 5.4% in the last quarter, totaling 40.1% of the market (and Apple was second with 26.6%, up 1.1%).
Of course, this means that all of us will continue to see growth on the number of cases involving Android devices.  This has been an emphasis of my research and interest since the G1 came out and we continue to release resources you can use to stay on top of Android forensics.  Here are some recent updates:

Presentations

We presented at the MFC conference in Myrtle Beach this June and released all 46-pages of our presentation, Advancements in Android Forensics, online.
We plan on posting as many of our presentation as we can so check out the list (only 4 right now) at http://viaforensics.com/education/presentations/.

Book(s)

Our two books were published this June by Syngress and are doing well.  The book leverages F/OSS software heavily and has many examples which readers can follow along using the Linux VM we walk them through creating.  For this the Android Forensics: Investigation, Analysis and Mobile Security for Google Android book is on topic.   While you’re at it, you might also want to check out our well received iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices book.

Free Forensic Software and Tools

If you are active law enforcement or work for approved government agencies, you can download the free AFLogical software which performs a logical analysis of Android devices and extracts up to 41 distinct content providers.  A recent review by two detectives rated AFLogical as the best tool for Android forensics.
We had posted several tools which can assist in learning and analyzing Android forensics.  The free Android Forensic tools are available online and currently cover the following:
  1. YAFFS2 example (Bash script)
  2. Remove OOB (Python script)
  3. Android scalpel conf (Config file)
  4. Parse Android Physical image (Python script)
One final option for Android Forensics research and testing is to use viaExtract.  While the software is commercial, you can download and use it as much as you like however it will only return 10 records per “Content Provider”.  This allows you to test different devices, see how it works, etc. and at no cost.  To use the software for investigations or commercially, it must be licensed.   However, until that time, it can be a free and valuable resource.
The software is only about 3.5MB however we bundle it in a Linux VM so the environment is well controlled.   The core software is a mix of Java (Android agent), Python (GUI, program flow) and some key libraries such as PyCrypto and some C bindings.  We hope to post full install directions for those who wish to download the software only, not the full forensic VM.

Knowledge Base

Finally, we are continuing to build out our forensic knowledge base.  Over time this will include pages for specific Android devices in addition to the current pages which cover AFLogical and other Android Forensic topics.  At this time, much of the content is restricted but we are working at including more free articles.  Our blog posts are always free and there are some great articles in the Android Forensics category.

0 comments:

Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))