In this phase, different software tools are used to extract the data from the memory image. In addition to the tools, an investigator may also need the help of a hex editor, as tools do not always extract all of the data. There is no single tool that can be used in all cases. Hence, examination and analysis requires a sound knowledge of various file systems, file headers, and so on.
Examination and analysis
by Rohit Tamma, Donnie Tindall, Oleg Skulkin
Learning Android Forensics - Second Edition
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Introducing Android Forensics
- Setting up the Android Forensic Environment
- Understanding Data Storage on Android Devices
- Extracting Data Logically from Android Devices
- Extracting Data Physically from Android Devices
- Recovering Deleted Data from an Android Device
- Forensic Analysis of Android Applications
- Application analysis overview
- Why do app analysis?
- Layout of this chapter
- Determining which apps are installed
- Understanding Unix epoch time
- Wi-Fi analysis
- Contacts/Call analysis
- SMS/MMS analysis
- User dictionary analysis
- Gmail analysis
- Google Chrome analysis
- Google Maps analysis
- Google Hangouts analysis
- Google Keep analysis
- Converting a Julian date
- Google Plus analysis
- Facebook analysis
- Facebook Messenger analysis
- Skype analysis
- Recovering video messages from Skype
- Snapchat analysis
- Viber analysis
- Tango analysis
- Decoding Tango messages
- WhatsApp analysis
- Kik analysis
- WeChat analysis
- Summary
- Android Forensic Tools Overview
- Identifying Android Malware
- Android Malware Analysis
- Other Books You May Enjoy
Examination and analysis
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.