Choose a device (Nexus One) then the OS (API Level 8) of your new AVD from the “Target” drop-down list. Click “Create…” Enter a name for your Android Virtual Device (AVD_Forensics). Get started with Android emulator in SantokuĪfter login in into your Santoku machine, Navigate to your Android SDK Manager: Santoku –> Development Tools –> Android SDK Manager In this exercise we will use Santoku () a dedicated to mobile forensics, analysis, and security, Linux distribution packaged in an easy to use, Open Source platform. This lab will be covering logical acquisition of Android emulator using Santoku Linux Requirements Physical acquisition always starts by a dumping phase then a decoding phase. Physically acquiring a device is usually a headache but if successfully done, the produced copy can be used to recover deleted fragments and allows the examiner to put his hands on data remnants. Physical acquisition acquires data directly from hardware by direct access to a given disk or flash memory. A full device backup, for instance, can be considered as a logically acquired image. The logical acquisition is a bit-by-bit copy of a given logical storage, (the storage may refer to user data partition as well as system data partition), and this acquisition method produces, in general, a relatively manageable file which can be analyzed and parsed by forensic tools. The only “disturbing” point is that if relying on only this method, system files, systems logs or system partition is not accessible. The direct acquisition technique can be performed if the seized device is either not locked or the PIN/Password/Pattern lock is known by the investigator, this way every data available to the user is available to the examiner via the usual user interface(UI).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |