Академический Документы
Профессиональный Документы
Культура Документы
This AccessData Android training course covers the internals of Android devices, the way the OS is designed,
and the way that the devices store data. We will uncover the way to capture these devices data. In the end, like all
other Mobile Forensics, Inc., courses, you as the examiner will be armed with the ability to perform forensic
analysis both using automated tools as well as manually (to double check the results of the tools).
This course uses a multiple-tool approach to mobile phone forensics. We use both free and paid applications and
teach the skills needed to find and process data with the aid of specialized software tools. There is no single tool
that will process every cellular device in its entirety. Mobile Forensics, Inc., trains you to know where information
lies on cell phones and how to extract that informationboth with and without toolsso you can obtain the
maximum amount of data from mobile devices.
Prerequisites
This course is intended for forensics professionals and law enforcement personnel who must conduct mobile
device examinations utilizing multiple tools and a tested forensic process. To obtain the maximum benefit from this
class, you should meet the following requirements:
Android Analysis
Intermediate Learning Management System (LMS)
Lab
Setup the Android SDK and Eclipse
Ensure the ADB command is in the PATH
AVD creation
Locate and activate the various locations of USB Debugging
Module 5: Android File Systems
SQLite DB Viewer
Command line
Course Outline
Objectives
Outline the various file systems used by Android
Discuss the forensic challenges of YAFFS
Discuss the other file systems used by Android
How can examiners utilize the Android temp memory
Lab
Determine the file systems used by the AVD
Determine which file systems are mounted by the Android
device
List the permissions of the /dev and /nodev mounted in
Android
Module 6: Android Partitions
Objectives
What partitions can an examiner expect to find on an
Android device?
Discuss where Android typically stores files of interest and
what partition they may be located on
Discuss files of interest that may be located on a SD card
Discuss what it means to be root.
Lab
Determine the partitions in use on an Android device
Using shell commands, list the partitions and locate files of
interest
Android Analysis
Intermediate Learning Management System (LMS)
(Continued)
Module 7: Android Logical Acquisition
Objectives
Discuss the tools to extract data from an Android
device
Troubleshoot connectivity issues the examiner may
encounter
Learn the different modes when connecting and
Android device
Discuss ADB conflicts
Objectives
Compare and discuss parsed SQLite data with that
found in hex
Discuss deleted data
Lab
Manually parse SQLite database files.
Locate and examine deleted data in hex.
Lab
Hands on with MPE+
Demonstrate the techniques commercial software
uses to extract data from and Android device
Locate and extract the logical filesystem utilizing the
command line