Mobile devices hold a trove a data that could be crucial to criminal cases, and they also can play a key role in accident reconstructions, IP theft investigations and more. It’s not just investigators who care about examining a mobile device — so do those interested in application research and data, and enterprises who rely on smartphones and tablets to perform work tasks, engage with customers and deliver new services. Effectively accessing and testing smartphones requires an optimal application toolbox, and the chops to use it. Join SANS today for a webinar that details how to build your Android application testing toolbox to ensure you’re set up to successfully access and examine the information you need from Android mobile phones.
SANS instructor Domenica Crognale, who is one of the course co-authors of SANS FOR585: Advanced Smart Phone Forensics, and who teaches the course as well, will detail why testing of mobile phone applications is critical — especially given the fact that Android apps change weekly and even daily. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that examiners are after. It’s not just commercially available applications you have to consider. Often, custom-built apps aren’t parsed by commercial tools, so you’ll need to know how to access and parse any data stored on the device.
During the webinar, Domenica will talk about the importance of rooting Android devices as well as ways to access and parse the data. She will explain how to do this using utilities that exist on the SIFT workstation or that can be downloaded for free from the SANS website.
This webcast will explore topics such as:
- Choosing the best test device
During a forensics acquisition, many tools will apply a soft root onto the phone that is then removed once the data is obtained. But a full physical acquisition is not always necessary for application testing. Ideally, we want a test phone that is always rooted, whether or not the device loses power, because the root basically unlocks access to the core of the device’s operating system so you can access, add, remove or tweak anything inside the phone.
- Rooting your Android
During the webinar, Domenica will walk through a demo of a root, how to locate the root and share information on free and publicly-available root tools.
- Utilizing File Browsers for quick file/folder access
Sometimes a file browser is all you really need to get to the data you’re after. Domenica will share her favorite third-party applications for accessing the file system.
- Examining application directories of interest
Once you have access to the files you need, utilize tools available on the SIFT workstation to view the contents of SQLite databases.
Log in to participate in the webinar, “Building your Android application testing toolbox” today at 3:30 p.m. EST. You also can now attend the webcast using your mobile device, through the Apple App Store and Google Play. And check out our FOR585: Advanced Smart Phone Forensics, a week-long course that teaches you how to find key evidence on a smartphone, how to recover deleted mobile device data that forensic tools miss, advanced acquisition terminology and free techniques to gain access to data on smartphones, how to handle locked or encrypted devices, applications, and containers, and much more.
Domenica will be teaching FOR585: Advanced Smart Phone Forensics at SANS Cyber Defense Initiative Dec 13-18. Register to attend live here: sans.org/u/JGl or to try it from home via Simulcast register here: sans.org/u/JGq
For additional course runs log in here
*** This is a Security Bloggers Network syndicated blog from SANS Digital Forensics and Incident Response Blog authored by sansdfir. Read the original post at: http://feedproxy.google.com/~r/SANSForensics/~3/sLACi9q3uoE/tune-in-how-to-build-an-android-application-testing-toolbox