SlideShare una empresa de Scribd logo
1 de 32
Descargar para leer sin conexión
PRESENTED BY
                  Manish Chasta,
                  Principal Consultant,
                  Indusface




Android Forensics
  Manish Chasta, CISSP | CHFI
Agenda


     Introduction to Android

     Rooting Android

     Seizing Android Device

     Forensic Steps

     Chain of Custody

     Indian Cyber Laws
Introduction to Android

•   Most widely used mobile OS
•   Developed by Google
•   OS + Middleware + Applications
•   Android Open Source Project (AOSP) is
    responsible for maintenance and further
    development
Presence in the Market

• According to Gartner report, Android captured
  36% market share in Q1 of 2011.




• Listed as the best selling Smartphone
  worldwide by Canalys.
                                                  4
Android Architecture




                       5
Android Architecture: Linux Kernel

• Linux kernel with system services:
  – Security
  – Memory and process management
  – Network stack
• Provide driver to access hardware:
  – Camera
  – Display and audio
  – Wifi
  – …
                                       6
Android Architecture: Android RunTime

• Core Libraries:
   – Written in Java
   – Provides the functionality of Java programming language
   – Interpreted by Dalvik VM
• Dalvik VM:
   – Java based VM, a lightweight substitute to JVM
   – Unlike JVM, DVM is a register based Virtual Machine
   – DVM is optimized to run on limited main memory and less
     CPU usage
   – Java code (.class files) converted into .dex format to be
     able to run on Android platform
                                                                 7
SQLite Database

• SQLite Database:
  – SQLite is a widely used, lightweight database
  – Used by most mobile OS i.e. iPhone, Android,
    Symbian, webOS
  – SQLite is a free to use and open source database
  – Zero-configuration - no setup or administration
    needed.
  – A complete database is stored in a single cross-
    platform disk file.
                                                       8
How Android can be used in Cyber Crime?

•   Software Theft
•   Terrorism Activity
•   Pornography / Child Pornography
•   Financial Crime
•   Sexual harassment Cases
•   Murder or other Criminal activities


                                          9
Forensic Process: An Open Source Approach

•   Seizing the device
•   Creating 1:1 image
•   Recovering the useful data
•   Analyzing the image to discover evidences
•   Maintain Chain of Custody




                                                10
Seizing Android Device

• If device is Off – Do not turn ‘ON’
• If device is On – Let it ON and keep device
  charging
• Take photos and display of the device
• Seize all other accessories available i.e.
  Memory card, cables etc.
• Label all evidences and document everything

                                                11
Creating 1:1 Image

• Creating Image of Memory Card
• Creating Image of Device




                                  12
Creating Image of Memory Card

• Fat 32 file system
• Easy to create image
• In most cases, applications wont store any
  sensitive data in memory card
• Number of commercials and open source
  tools are available



                                               13
Creating Image of Memory Card

• Using Winhex




                                14
Creating Image of the Device

• Android’s file systems
• Importance of rooting
• Rooting Samsung Galaxy device




                                  15
Rooting Android Device

Step 1: Download CF Rooted Karnal
        files and Odin3 Software




                                    16
Rooting Android Device

• Step 2: Keep handset on debugging mode




                                           17
Rooting Android Device

• Step 3: Run Odin3




                         18
Rooting Android Device

• Step 4: Reboot the phone in download mode
• Step 5: Connect to the PC




                                              19
Rooting Android Device

• Step 6: Select required file i.e: PDA, Phone, CSC files
• Step 7: Click on Auto Reboot and F. Reset Time and hit Start button




                                                                        20
Rooting Android Device

• If your phone is Rooted... You will see PASS!! In Odin3




                                                            21
Creating Image of the Device

• Taking backup with DD
  – low-level copying and conversion of raw data
  – Create bit by bit image of disk
  – Output Can be readable by any forensic tool
  – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd
  – Interesting Locations
     • datadata
     • datasystem


                                                        22
Creating Image of the Device




                               23
Creating Image of the Device

• Taking image with viaExtract tool




                                      24
Recovering Data

• Using WinHex




                  25
Analysing Image


• Reading the Image

• Looking for KEY data

• Searching techniques (DT Search)



                                     26
Analysing Image

• Winhex
• Manual Intelligence
• viaExtract




                        27
Analyzing SQLite

• SQLite stores most critical information
• Interesting place for Investigators
• Tools
  – Epilog
  – sqlite database browser
  – sqlite_analyzer



                                            28
Analyzing SQLite

• Epilog




                              29
Maintaining ‘Chain of Custody’

• What is Chain of Custody?
• CoC can have following information:
   What is the evidence?
   How did you get it?
   When was it collected?
   Who has handled it?
   Why did that person handle it?
   Where has it travelled, and where was it
   ultimately stored?

                                               30
Indian Laws covering Digital Crimes

 • We can categorize Cyber crimes in two ways:
    – The Computer as a Target
    – The computer as a weapon

 • Indian Laws:
    – IT Act 2000
    – IT(Amendment) Act, 2008
    – Rules under section 6A, 43A and 79

 • MIT site: http://mit.gov.in/content/cyber-laws


                                                    31
Manish Chasta
   manish.chasta@owasp.org

   chasta.manish@gmail.com

Más contenido relacionado

La actualidad más candente

04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Kranthi
 

La actualidad más candente (20)

Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Logic bomb virus
Logic bomb virusLogic bomb virus
Logic bomb virus
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device Evidence
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Android Security
Android SecurityAndroid Security
Android Security
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 

Similar a Android forensics (Manish Chasta)

Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
hakersinfo
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
HarshiniB11
 
Computer information mft review
Computer information  mft reviewComputer information  mft review
Computer information mft review
Vijay Selvam
 
Introduction to android sessions new
Introduction to android   sessions newIntroduction to android   sessions new
Introduction to android sessions new
Joe Jacob
 

Similar a Android forensics (Manish Chasta) (20)

Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Android
AndroidAndroid
Android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Android Presentation
Android PresentationAndroid Presentation
Android Presentation
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
 
My androidpresentation
My androidpresentationMy androidpresentation
My androidpresentation
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
3. Android Architecture.pptx
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
 
Computer information mft review
Computer information  mft reviewComputer information  mft review
Computer information mft review
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating System
 
Basic Android OS
Basic Android OSBasic Android OS
Basic Android OS
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systems
 
Introduction to android sessions new
Introduction to android   sessions newIntroduction to android   sessions new
Introduction to android sessions new
 
Android Programming
Android ProgrammingAndroid Programming
Android Programming
 
Android overview
Android overviewAndroid overview
Android overview
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Seminar report on android os
Seminar report on android osSeminar report on android os
Seminar report on android os
 
android
androidandroid
android
 

Más de ClubHack

Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 

Más de ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue  February 2012Clubhack Magazine Issue  February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Android forensics (Manish Chasta)

  • 1. PRESENTED BY Manish Chasta, Principal Consultant, Indusface Android Forensics Manish Chasta, CISSP | CHFI
  • 2. Agenda Introduction to Android Rooting Android Seizing Android Device Forensic Steps Chain of Custody Indian Cyber Laws
  • 3. Introduction to Android • Most widely used mobile OS • Developed by Google • OS + Middleware + Applications • Android Open Source Project (AOSP) is responsible for maintenance and further development
  • 4. Presence in the Market • According to Gartner report, Android captured 36% market share in Q1 of 2011. • Listed as the best selling Smartphone worldwide by Canalys. 4
  • 6. Android Architecture: Linux Kernel • Linux kernel with system services: – Security – Memory and process management – Network stack • Provide driver to access hardware: – Camera – Display and audio – Wifi – … 6
  • 7. Android Architecture: Android RunTime • Core Libraries: – Written in Java – Provides the functionality of Java programming language – Interpreted by Dalvik VM • Dalvik VM: – Java based VM, a lightweight substitute to JVM – Unlike JVM, DVM is a register based Virtual Machine – DVM is optimized to run on limited main memory and less CPU usage – Java code (.class files) converted into .dex format to be able to run on Android platform 7
  • 8. SQLite Database • SQLite Database: – SQLite is a widely used, lightweight database – Used by most mobile OS i.e. iPhone, Android, Symbian, webOS – SQLite is a free to use and open source database – Zero-configuration - no setup or administration needed. – A complete database is stored in a single cross- platform disk file. 8
  • 9. How Android can be used in Cyber Crime? • Software Theft • Terrorism Activity • Pornography / Child Pornography • Financial Crime • Sexual harassment Cases • Murder or other Criminal activities 9
  • 10. Forensic Process: An Open Source Approach • Seizing the device • Creating 1:1 image • Recovering the useful data • Analyzing the image to discover evidences • Maintain Chain of Custody 10
  • 11. Seizing Android Device • If device is Off – Do not turn ‘ON’ • If device is On – Let it ON and keep device charging • Take photos and display of the device • Seize all other accessories available i.e. Memory card, cables etc. • Label all evidences and document everything 11
  • 12. Creating 1:1 Image • Creating Image of Memory Card • Creating Image of Device 12
  • 13. Creating Image of Memory Card • Fat 32 file system • Easy to create image • In most cases, applications wont store any sensitive data in memory card • Number of commercials and open source tools are available 13
  • 14. Creating Image of Memory Card • Using Winhex 14
  • 15. Creating Image of the Device • Android’s file systems • Importance of rooting • Rooting Samsung Galaxy device 15
  • 16. Rooting Android Device Step 1: Download CF Rooted Karnal files and Odin3 Software 16
  • 17. Rooting Android Device • Step 2: Keep handset on debugging mode 17
  • 18. Rooting Android Device • Step 3: Run Odin3 18
  • 19. Rooting Android Device • Step 4: Reboot the phone in download mode • Step 5: Connect to the PC 19
  • 20. Rooting Android Device • Step 6: Select required file i.e: PDA, Phone, CSC files • Step 7: Click on Auto Reboot and F. Reset Time and hit Start button 20
  • 21. Rooting Android Device • If your phone is Rooted... You will see PASS!! In Odin3 21
  • 22. Creating Image of the Device • Taking backup with DD – low-level copying and conversion of raw data – Create bit by bit image of disk – Output Can be readable by any forensic tool – Typical Syntax : dd if=/dev/SDA of=/sdcard/SDA.dd – Interesting Locations • datadata • datasystem 22
  • 23. Creating Image of the Device 23
  • 24. Creating Image of the Device • Taking image with viaExtract tool 24
  • 26. Analysing Image • Reading the Image • Looking for KEY data • Searching techniques (DT Search) 26
  • 27. Analysing Image • Winhex • Manual Intelligence • viaExtract 27
  • 28. Analyzing SQLite • SQLite stores most critical information • Interesting place for Investigators • Tools – Epilog – sqlite database browser – sqlite_analyzer 28
  • 30. Maintaining ‘Chain of Custody’ • What is Chain of Custody? • CoC can have following information:  What is the evidence?  How did you get it?  When was it collected?  Who has handled it?  Why did that person handle it?  Where has it travelled, and where was it ultimately stored? 30
  • 31. Indian Laws covering Digital Crimes • We can categorize Cyber crimes in two ways: – The Computer as a Target – The computer as a weapon • Indian Laws: – IT Act 2000 – IT(Amendment) Act, 2008 – Rules under section 6A, 43A and 79 • MIT site: http://mit.gov.in/content/cyber-laws 31
  • 32. Manish Chasta manish.chasta@owasp.org chasta.manish@gmail.com