Android Mobile Forensics (W46)

$219.00 $199.00

7 in stock

Get the access to all our courses via Subscription



Do you ever speculate whether your mobile phone knows more about you than your best friend? Endlessly (or rather mindlessly), we take every chance we get to peep into our screens – at work, on the subway, while standing in line or even while cooking a meal! We routinely input so much data into our phone, that a mobile phone behaviorist (likened to a human behaviorist aka psychologist), aka a proficient mobile forensics investigator, can build a healthy dossier just by waving the magic forensic wand over a mobile phone of interest.

Keeping that in mind, some mobiles devices running the Android operating system find their way into an ongoing investigation – simply because of the fact that cyber criminals cannot do without a mobile phone. This course will train you to approach an Android mobile device forensically.

Why this course? 

This course is meticulously curated to teach you the continually relevant aspects of Android Mobile Forensics. In the process of doing so, you will also gain proficiency about how to replenish your forensics skills, to keep in tune with the perpetually changing Android world.

All the modules include hands-on assignments to test your newly-gained skills.

Why take it now? 

We are living at a point in time where the number of mobile devices is nearly the same as the number of humans on this plant. With some people owning two or more mobile devices, the rate of cybercrime, with mobile devices being the key player, is steadily on the rise. 

Who is this course for? 

  • Mobile Forensics Specialists
  • Corporate IT Security Professionals
  • Law Enforcement Mobile Forensics Specialist
  • Students pursuing Digital Forensics degrees
  • Anyone who is eager to perform surgery on an Android mobile device!

It would be a good idea for forensic investigators to train themselves in the Art of Mobile Forensics expeditiously, to remain one step ahead of cyber felons.


What skills will you gain? 

  • You will learn about the intricacies involved in forensically handling an Android device.
  • You will be exposed to a myriad of tools available, which will give you the confidence to experiment with more tools on your own.

What will you learn about? 

  • The difference between Computer Forensics and Mobile Forensics
  • Working of the Android Operating System
  • Forensic Analysis of an Android Mobile device

What tools will you use? 

  • Android Debug Bridge
  • Andriller
  • AFLogical OSE
  • The Sleuth Kit
  • Genymotion
  • strings
  • Carving Tools
  • wxHexEditor

and much more!



DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 


Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join? 

  • Basic working knowledge of an Android Mobile device.

What will you need? 

  • Laptop running Ubuntu 18.04 (a stable version is preferred, with around 50 GB disk space. VM can also be used although a host running Ubuntu is preferred)
  • Unrooted Android Mobile Device
  • Rooted Android Mobile Device (If you have not rooted a device before, it’s okay, you can follow along with me in the demo)
  • USB cable to connect mobile device to computer
  • Internet connection to download tools 


Module 0: Introduction

  • Primer to Mobile Forensics – why are we going to focus on Android?
  • Android Versions

Module 1: Treading into the Android World

This module will provide the preliminary information required to perform Forensic Acquisition and Analysis of an Android Mobile. Processing an unrooted Android mobile device will be discussed.

  • Android Architecture
  • Android Boot Process
  • Partitioning in Android Systems
  • Android Incident Response
  • Terminology relevant to Android Forensics
  • Unrooted Device Analysis

Tools covered:  ADB (shell, logcat, dumpsys) 

Module exercises: There will be 20 multiple choice questions for 2 points each.

  • Your understanding of basic Android concepts will be tested.
  • You will be asked to interpret information extracted from an unrooted device.

Module workload: ~4 to 4.5 hours

Module 2: Rooted Device Analysis

This module will discuss processing a rooted Android mobile device. The student will become aware of the significant forensic differences between unrooted and rooted devices.

  • Understanding Stock ROM and Custom ROM
  • Android Rooting Process
  • Rooted Device Analysis
  • Application Data Analysis (everyday, social, shopping, GPS-based)
  • Recap (up to current point)

Tools covered: ADB, nc, foremost, scalpel, The Sleuth Kit

Module exercises:  There will be 20 multiple choice questions for 2 points each.

  • You will be asked to interpret information extracted from a rooted device.

Module workload: ~4 to 4.5 hours

Module 3: Android Mobile Forensics Tools

This module will explore the various categories of existing tools for Android Mobile Forensics, data extraction and analysis. Android Malware Analysis shall also be addressed.

  • Free and Open Source Tools for Android Forensics
  • A Bird’s eye view of Commercial tools and Virtual Machines 
  • Dissecting the Components of an Android Application
  • Static Android Malware Analysis 
  • Dynamic Android Malware Analysis 

Tools covered:  Andriller, AFLogical OSE, WhatsappKey DB Extractor, Malware Analysis Tools – manual and automated (aapt, apktool, unzip, jadx, MobSF, Drozer) (Tsurugi, Santoku, Android Tamer)

Commercial Tools Overview (tools from vendors like Cellebrite, MSAB, Blackbag Technologies, Magnet Forensics, OSForensics, AccessData, Paraben Corporation, OpenText Security and Belkasoft will be mentioned here – this is to apprise the student about specialized commercial tools for Android Forensics)

Module exercises:   There will be 20 multiple choice questions for 2 points each.

  • Your understanding of the tools discussed in this module will be tested here.

Module workload: ~4 to 4.5 hours

Module 4: Diving deeper into Android forensics

This module will examine some more forensically relevant aspects of an Android Mobile phone.

  • Hidden vault applications
  • Virtual Device Forensics – Genymotion Device, Android Virtual Device (AVD)
  • Multi User Environment on Android Devices
  • SIM Card Analysis
  • An overview of Secure Boot, RFID/NFC
  • Addressing Encrypted Devices
  • Case Study – Putting it all together

Tools covered: ADB, Genymotion, AVD

Module exercises:  There will be 20 multiple choice questions for 2 points each based on the topics discussed in this module.

Module workload: ~4 to 4.5 hours

Final exam:

There will be 20 multiple choice questions for 2 points each. The student will be given 40 minutes to complete the final exam, which will be a medley of theoretical and practical questions. For the practical questions, the student will be given a piece of evidence and asked to interpret it.


Divya Lakshmanan is a graduate in Digital Forensics who has been exploring the field for the past four years. She is an independent researcher who enjoys exploring how things work. She has made various contributions to journals and blogs, and developed our EXT4 course

She enjoys teaching and revels in sharing her findings with fellow curious comrades. During her free time, she wonders about the mystique of the universe.




If you have questions, feel free to contact our course coordinator Marta at [email protected]


Be the first to review “Android Mobile Forensics (W46)”

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


There are no reviews yet.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013