If you have taken or plan to take FOR585: Advanced Smart Phone Forensics( ), you realize how desirable it is to have a rooted Android device for analysis. A rooted Android will provide access to full physical partitions that are not typically available on devices without system level permissions. But let's suppose that you are interested specifically in application research and data that can be found in the USERDATA partition. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that we, as examiners, are after.FOR585, discusses many of the ways that forensic tools will attempt to TEMPORARILY or SOFT root your device in order to extract data. For research purposes, we often seek a device with a FULL root, or one in which the root will persist even after the device loses power.
This webcast explores topics such as 1) Choosing the best test device, 2) Rooting your Android, 3) Utilizing File Browsers for quick file/folder access, and 4) Examining application directories of interest, all using utilities that exist on your SIFT workstation or that can be downloaded for free from the Internet.
Speaker Bio
Domenica Crognale
Domenica is one of the course co-authors of SANS FOR585: Advanced Smartphone Forensics. She has been working in digital forensics for more than 10 years and specializing in mobile devices since 2009. In previous jobs she has provided training to military and government agencies, worked on high-profile cases, tested and validated various mobile forensics utilities, and provided security assessments for many mobile applications. In her day job, she spends time dissecting third-party mobile applications, where there is no shortage of interesting data left behind. She maintains multiple certifications including the GASF, EnCE, CCE, and CISSP. Follow her on twitter: @domenicacrognal
Музыка
Фильмы
ТВ Шоу
Категории видео
