0

COURSE IS SELF-PACED, AVAILABLE ON DEMAND

DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

Do you ever speculate whether your mobile phone knows more about you than your best friend? Endlessly (or rather mindlessly), we take every chance we get to peep into our screens – at work, on the subway, while standing in line or even while cooking a meal! We routinely input so much data into our phone, that a mobile phone behaviorist (likened to a human behaviorist aka psychologist), aka a proficient mobile forensics investigator, can build a healthy dossier just by waving the magic forensic wand over a mobile phone of interest.

Keeping that in mind, some mobiles devices running the Android operating system find their way into an ongoing investigation – simply because of the fact that cyber criminals cannot do without a mobile phone. This course will train you to approach an Android mobile device forensically.

Why this course? 

This course is meticulously curated to teach you the continually relevant aspects of Android Mobile Forensics. In the process of doing so, you will also gain proficiency about how to replenish your forensics skills, to keep in tune with the perpetually changing Android world.

All the modules include hands-on assignments to test your newly-gained skills.

Why take it now? 

We are living at a point in time where the number of mobile devices is nearly the same as the number of humans on this planet. With some people owning two or more mobile devices, the rate of cybercrime, with mobile devices being the key player, is steadily on the rise. 

Who is this course for? 

  • Mobile Forensics Specialists
  • Corporate IT Security Professionals
  • Law Enforcement Mobile Forensics Specialist
  • Students pursuing Digital Forensics degrees
  • Anyone who is eager to perform surgery on an Android mobile device!

COURSE BENEFITS

What skills will you gain? 

You will learn about the intricacies involved in forensically handling an Android device. You will be exposed to a myriad of tools available, which will give you the confidence to experiment with more tools on your own.

  • Android Incident Response
  • Unrooted Device Analysis
  • Android Rooting
  • Rooted Device Analysis
  • Application Data Analysis
  • Dissecting the Components of an Android Application
  • Static Android Malware Analysis 
  • Dynamic Android Malware Analysis 
  • Addressing Encrypted Devices
  • SIM Card Analysis

What will you learn about? 

  • Forensic Analysis of an Android Mobile device
  • Android Architecture
  • Android Boot Process
  • Partitioning in Android Systems
  • The differences between Computer Forensics and Mobile Forensics
  • Working of the Android Operating System
  • Hidden vault applications
  • Virtual Device Forensics
  • Multi User Environment on Android Devices

What tools will you use? 

  • Android Debug Bridge
  • Andriller
  • AFLogical OSE
  • The Sleuth Kit
  • Genymotion
  • strings
  • Carving Tools
  • wxHexEditor

and much more!

COURSE PREREQUISITES

Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join? 

  • Basic working knowledge of an Android mobile device.

What will you need? 

  • Laptop running Ubuntu 18.04 (a stable version is preferred, with around 50 GB disk space. VM can also be used although a host running Ubuntu is preferred)
  • Unrooted Android Mobile Device
  • Rooted Android Mobile Device (If you have not rooted a device before, it’s okay, you can follow along with me in the demo)
  • USB cable to connect mobile device to computer
  • Internet connection to download tools 

COURSE SYLLABUS

Module 0: Introduction

  • Primer to Mobile Forensics – why are we going to focus on Android?
  • Android Versions

Module 1: Treading into the Android World

This module will provide the preliminary information required to perform Forensic Acquisition and Analysis of an Android Mobile. Processing an unrooted Android mobile device will be discussed.

  • Android Architecture
  • Android Boot Process
  • Partitioning in Android Systems
  • Android Incident Response
  • Terminology relevant to Android Forensics
  • Unrooted Device Analysis

Tools covered:  ADB (shell, logcat, dumpsys), AFLogical OSE

Module exercises: There will be 20 multiple choice questions for 2 points each.

  • Your understanding of basic Android concepts will be tested.
  • You will be asked to interpret information extracted from an unrooted device.

Module workload: ~4 to 4.5 hours

Module 2: Rooted Device Analysis

This module will discuss processing a rooted Android mobile device. The student will become aware of the significant forensic differences between unrooted and rooted devices.

  • Understanding Stock ROM and Custom ROM
  • Android Rooting Process
  • Rooted Device Analysis
  • Application Data Analysis (everyday, social, shopping, GPS-based)
  • Recap (up to current point)

Tools covered: ADB, nc, foremost, scalpel, The Sleuth Kit

Module exercises:  There will be 20 multiple choice questions for 2 points each.

  • You will be asked to interpret information extracted from a rooted device.

Module workload: ~4 to 4.5 hours

Module 3: Android Mobile Forensics Tools

This module will explore the various categories of existing tools for Android Mobile Forensics, data extraction and analysis. Android Malware Analysis shall also be addressed.

  • Free and Open Source Tools for Android Forensics
  • A Bird’s eye view of Commercial tools and Virtual Machines 
  • Dissecting the Components of an Android Application
  • Static Android Malware Analysis 
  • Dynamic Android Malware Analysis 

Tools covered:  FTK Imager, Autopsy, Andriller, Malware Analysis Tools – manual and automated (aapt, apktool, unzip, jadx, MobSF, JD-GUI, Procyon) (Tsurugi, Santoku, Android Tamer)

Commercial Tools Overview (tools from vendors like Cellebrite, MSAB, Blackbag Technologies, Magnet Forensics, OSForensics, AccessData, Paraben Corporation, and Belkasoft will be mentioned here – this is to apprise the student about specialized commercial tools for Android Forensics)

Module exercises:   There will be 20 multiple choice questions for 2 points each.

  • Your understanding of the tools discussed in this module will be tested here.

Module workload: ~4 to 4.5 hours

Module 4: Diving deeper into Android forensics

This module will examine some more forensically relevant aspects of an Android Mobile phone.

  • Hidden vault applications
  • Virtual Device Forensics – Genymotion Device, Android Virtual Device (AVD)
  • Multi User Environment on Android Devices
  • SIM Card Analysis
  • An overview of Secure Boot, RFID/NFC
  • Addressing Encrypted Devices
  • Case Study – Putting it all together

Tools covered: ADB, Genymotion, AVD

Module exercises:  There will be 20 multiple choice questions for 2 points each based on the topics discussed in this module.

Module workload: ~4 to 4.5 hours

Final exam:

There will be 20 multiple choice questions for 2 points each. The student will be given 40 minutes to complete the final exam, which will be a medley of theoretical and practical questions. For the practical questions, the student will be given a piece of evidence and asked to interpret it.

YOUR INSTRUCTOR - DIVYA LAKSHMANAN

Divya Lakshmanan is a graduate in Digital Forensics who has been exploring the field for the past four years. She is an independent researcher who enjoys exploring how things work. She has made various contributions to journals and blogs, and developed our EXT4 course

She enjoys teaching and revels in sharing her findings with fellow curious comrades. During her free time, she wonders about the mystique of the universe.

Contact:

If you have any questions, please contact us at [email protected].

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023