Investigating Android 10
This lab introduces mobile forensics. It concentrates on the android10 mobile system. The device focused on is the Pixel 3 mobile device. It includes instructions on how to investigate both built-in and third-party apps.
0 Intro Pixel 3
This slide gives a brief introduction of the android device chosen for this lab, Pixel 3. It gives a brief history of android devices, its architecture, and the forensics steps to be taken.
1 Pixel 3 Image
In this slide, the steps to investigate the stock image of an Android10 and the file system structure is discussed. The Android10 application package is also introduced; it details some methods to investigate common Android10 apps.
2 Pixel 3 Device Investigation
This slide focuses on the process of forensic investigations on the hardware, accounts, mac address, and wi-fi of the Pixel 3 device. It provides ideas on how to process both device and account information.
3 Pixel 3 System Settings
This slide introduces the process of investigating system settings of the android device, Pixel 3. It goes over both the Google Mobile Services (GMS) and Google Services Framework (GSF). There is also an in-depth investigation of system setting for all users and each user.
4 Overview: App Life Cycle
This slide discusses the app life cycle; it introduces the type of apps that can be downloaded on an android phone, how the apps can be tracked, and how the user uses said apps. It also quickly talks about the app life cycle.
5.1.1 AOSP App Investigations: Messaging
This is the first of three android open source projects on app investigation; it gives an explanation of what AOSP is. This slide introduces messaging services and provides the steps/methods needed to investigate them.
5.1.2 AOSP App Investigations: Contacts
This AOSP app investigation focuses on contact management services. It introduces the service, then provides a guide for investigating contact information, call log information, and voicemail.
5.1.3 AOSP App Investigations: Calendar
This AOSP app investigation focuses on calendar services. It gives a brief introduction to the service and reason it should be investigated, then provides a sample method of investigation.
5.2.1 GMS App Investigations: Messaging
This is the first google mobile service app investigation; it focuses on the introduction and investigation of google messages. Included is also a brief explanation the concept of GMS.
5.2.2 GMS App Investigations: Dialer
This GMS app investigation focuses on the google phone dialer app. It briefly explains the app’s features then lists a method of investigation.
5.2.3 GMS App Investigations: Maps
This GMS app investigation focuses on the google maps app. It briefly explains what google maps is and what kind of information can be gotten from it. Then, using a scenario, it provides the steps to be taken for investigation.
5.2.4 GMS App Investigations: Photos
This GMS app investigation focuses on the google photos. It explains what it is, where to find the evidence, and how to conduct an investigation. It also explains what a backup in this case is and how to know if one was carried out.
5.3.1 Third Party App Investigation: Kik
This slide introduces the concept of third party apps on android; the main goal being the investigation of the third party app Kik. It gives a brief introduction of the app and the types of evidence it could hold then provides the steps for investigation using a scenario.
5.3.2 Third Party App Investigation: TextNow
This slide give a brief introduction to the third party app TextNow and the evidence types it could hold. Using a scenario, it goes over the method of investigation.
5.3.3 Third Party App Investigation: WhatsApp
This slide introduces the third party app WhatsApp, what it is and the types of evidence that can be found on it. It also uses a scenario to introduce the steps for investigating the app.
6 Pixel3 Rooting
In this slide, the concept of android rooting and its methods are discussed. Then ROMs/Android OS images and booting modes are introduced. It also discusses the steps and software needed to root an android.
Forum Search
Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...
By AP Malla, 11 months ago
How should I approach network forensic? Would you recommend learning tools like WireShark?
By AP Malla, 11 months ago
Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...
By AP Malla, 12 months ago
