SlideShare a Scribd company logo

Android Mobile forensics with custom recoveries

Download as PPTX, PDF
Ibrahim Mosaad, profile picture
Ibrahim Mosaad

The document discusses Android forensics and the development of custom recoveries, outlining the architecture of Android and the process of digital forensics. It highlights the potential for custom recoveries to aid forensic investigations by providing functionalities such as data acquisition and bypassing security features. Challenges include locked boot-loaders, while the document concludes with acknowledgments of contributors.

Technology
1 of 21
Downloaded 125 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Android forensics and Custom Recoveries Ibrahim M. El-Sayed 1
Outline  Introduction to Android  Custom Recoveries  Custom recoveries and Forensics  Challenges and Goals  Conclusion 2
Introduction To Android  Android ?  Robot with a human appearance  Open-source operating system currently Developed by Google 3
Introduction To Android  Android Market Share (US) 4
Introduction To Android  Android Market Share (Else Where) 5
Introduction To Android  Android Architecture 6
Introduction To Android  Android partition layout /system: mounted read-only system files /data: user data and applications /cache: partition used by the dalvik machine for performance /boot: the kernel of device /recovery: minimal kernel + file system /sdcard: removable sdcard 7
Custom Recoveries  What are Recoveries partition?  A mode on android devices that boots a minimal Linux environment. (Similar to Safe-mode in Windows OS)  Why stock recoveries?  Update The Operating System  Backup and maintenance 8
Custom Recoveries  How do their architecture look like? 9 RECOVERY.IMG
Digital forensics  Digital forensics: is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.  Digital Forensics Process 10 Seizure Acquisition Analysis Reporting
Custom recoveries and Forensics  What might be the relation between Custom Recoveries and Forensics?  File system is not encrypted!  Boot-loaders!  Hypothesis: If we managed to develop a custom recovery with forensics functionalities, we will be able to forensically analyze mobile devices  What are the forensics functionalities? 11
Custom recoveries and Forensics  Forensics Functionalities – Viaforensic!  Passphrase/pin/pattern bypass  Logical data acquisition  Physical data acquisition  Rooting  Adb Shell 12
Custom Recoveries  How to develop a Custom recovery? 1. Install Linux/Mac OsX to start building 2. Download Cyangonmod source code 3. Develop the forensics functions 4. Build your Custom Recovery 5. Flash it on the device if you have the correct device configuration!!! 13
Custom Recoveries  Develop the forensics functions  Logical Acquisition  Physical Acquisition  Rooting  ADB 14
Custom Recoveries  Build Custom Recovery  Known devices in Cyangonmod source tree. (Samsung S3)  Let’s see the Build guide provided by Cyangonmod website :) 15
Custom Recoveries  Build Custom Recoveries for new devices!  What is the needed information?  Partition info  BoardConfig  kernel  Information Gathering 1. Already built stock-ROMs 2. Pull from rooted devices 3. Mobiles are similar  How much possible you will get device configuration? 16
Custom Recoveries  Flashing your Custom Recovery  ODIN/Heimdall  Samsung devices  fastboot  Almost all other android devices  HBOOT 17
Testing  The technique have been tested with  Samsung Galaxy S2, S3, S4  Samsung Note I, Note II  Oppo N1  Theortically applicable with  90% of Samsung devices  Why Samsung is THAT bad?  It also possible with  Sony devices  Might work with  Nexus  HTC 18
Challenges and Goals  Challenges  Locked boot-loaders  Device configuration  Goals  Boot from SD-Cards  Bypass locked boot-loaders 19
Acknowledgments  Eng. Waleed Zakira  Eng. Mohamed Nasr  Eng. Mohamed Zaki  Eng. Mahmoud Raouf 20
Any Questions ? 21

More Related Content

PDF
Android forensics (Manish Chasta)
ClubHack
 
PPTX
Forensic Investigation of Android Operating System
nishant24894
 
PPTX
Android forensics an Custom Recovery Image
Mohamed Khaled
 
PPTX
Android– forensics and security testing
Santhosh Kumar
 
PDF
Android Forensics: Exploring Android Internals and Android Apps
Moe Tanabian
 
PDF
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
PDF
Tisa mobile forensic
Prathan Phongthiproek
 
PDF
Mobile Forensics on a Shoestring Budget
Brent Muir
 
Android forensics (Manish Chasta)
ClubHack
 
Forensic Investigation of Android Operating System
nishant24894
 
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Android– forensics and security testing
Santhosh Kumar
 
Android Forensics: Exploring Android Internals and Android Apps
Moe Tanabian
 
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Tisa mobile forensic
Prathan Phongthiproek
 
Mobile Forensics on a Shoestring Budget
Brent Muir
 

What's hot (20)

PDF
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
PDF
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
PPT
Live Memory Forensics on Android devices
Nikos Gkogkos
 
PPTX
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
Brent Muir
 
PDF
Brief Tour about Android Security
National Cheng Kung University
 
PDF
Android Hacking
antitree
 
PDF
Secret of Intel Management Engine by Igor Skochinsky
CODE BLUE
 
PDF
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
 
PDF
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
PDF
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
PDF
Смирнов Александр, Security in Android Application
SECON
 
PPTX
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Igor Korkin
 
PPT
Android booting sequece and setup and debugging
Utkarsh Mankad
 
PDF
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
Igor Korkin
 
PPTX
Android secure offline storage - CC Mobile
Steve De Zitter
 
PPTX
Android sandbox
Anusha Chavan
 
PPTX
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
PPTX
Android security
Mobile Rtpl
 
PDF
What & How to Customize Android?
Industrial Technology Research Institute (ITRI)(工業技術研究院, 工研院)
 
PPTX
iOS jailbreaking
Varun Luthra
 
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
Live Memory Forensics on Android devices
Nikos Gkogkos
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
Brent Muir
 
Brief Tour about Android Security
National Cheng Kung University
 
Android Hacking
antitree
 
Secret of Intel Management Engine by Igor Skochinsky
CODE BLUE
 
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
 
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
Смирнов Александр, Security in Android Application
SECON
 
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Igor Korkin
 
Android booting sequece and setup and debugging
Utkarsh Mankad
 
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
Igor Korkin
 
Android secure offline storage - CC Mobile
Steve De Zitter
 
Android sandbox
Anusha Chavan
 
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Android security
Mobile Rtpl
 
What & How to Customize Android?
Industrial Technology Research Institute (ITRI)(工業技術研究院, 工研院)
 
iOS jailbreaking
Varun Luthra
 
Ad

Viewers also liked (8)

PPT
Computer Forensics & Windows Registry
somutripathi
 
PDF
Digital forensics track schroader-rob when forensics collide
ISSA LA
 
PPT
Windowsforensics
Santosh Khadsare
 
PDF
Shelton mobile forensics
i4box Anon
 
PDF
Forensics of a Windows System
Conferencias FIST
 
PDF
Cell Phone Forensics Research
Houston Rickard
 
PPT
Mobile forensics
noorashams
 
PPTX
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
Computer Forensics & Windows Registry
somutripathi
 
Digital forensics track schroader-rob when forensics collide
ISSA LA
 
Windowsforensics
Santosh Khadsare
 
Shelton mobile forensics
i4box Anon
 
Forensics of a Windows System
Conferencias FIST
 
Cell Phone Forensics Research
Houston Rickard
 
Mobile forensics
noorashams
 
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
Ad

Similar to Android Mobile forensics with custom recoveries (20)

PPTX
Taking Control of Your Mobile Device - Rooting-n-Roms
jimboks
 
PPSX
Rooting Android Devices
Lokendra Rawat
 
PPT
Learning AOSP - Building AOSP for Nexus 7
Nanik Tolaram
 
PDF
Hacking Android OS
Jimmy Software
 
PPTX
Introduction to Embedded Linux
Hossain Reja
 
PPTX
Android and ios cracking, hackintosh included !
Veduruparthy Bharat
 
ODP
Rooting an Android phone
Arnav Gupta
 
PDF
Introduction to Android (Jeudis du libre)
cbeyls
 
PPT
Android introduction and rooting technology
Gagandeep Nanda
 
ODP
Backing Up Android
POSSCON
 
PDF
Security Issues in Android Custom Rom - Whitepaper
n|u - The Open Security Community
 
PDF
WhitePaper : Security issues in android custom rom
Anant Shrivastava
 
PDF
Android Attacks
Michael Scovetta
 
PPT
Android rooting
Vikalp Sajwan
 
PDF
Android_Malware_IOAsis_2014_Analysis.pdf
jjb117343
 
PDF
ODROID Magazine August 2014
Nanik Tolaram
 
PDF
Security Issues in Android Custom Rom
n|u - The Open Security Community
 
PDF
Security Issues in Android Custom ROM
Anant Shrivastava
 
PPT
Android Rooting
Ajay Dasila
 
PDF
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Ron Munitz
 
Taking Control of Your Mobile Device - Rooting-n-Roms
jimboks
 
Rooting Android Devices
Lokendra Rawat
 
Learning AOSP - Building AOSP for Nexus 7
Nanik Tolaram
 
Hacking Android OS
Jimmy Software
 
Introduction to Embedded Linux
Hossain Reja
 
Android and ios cracking, hackintosh included !
Veduruparthy Bharat
 
Rooting an Android phone
Arnav Gupta
 
Introduction to Android (Jeudis du libre)
cbeyls
 
Android introduction and rooting technology
Gagandeep Nanda
 
Backing Up Android
POSSCON
 
Security Issues in Android Custom Rom - Whitepaper
n|u - The Open Security Community
 
WhitePaper : Security issues in android custom rom
Anant Shrivastava
 
Android Attacks
Michael Scovetta
 
Android rooting
Vikalp Sajwan
 
Android_Malware_IOAsis_2014_Analysis.pdf
jjb117343
 
ODROID Magazine August 2014
Nanik Tolaram
 
Security Issues in Android Custom Rom
n|u - The Open Security Community
 
Security Issues in Android Custom ROM
Anant Shrivastava
 
Android Rooting
Ajay Dasila
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Ron Munitz
 

Recently uploaded (20)

PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

Android Mobile forensics with custom recoveries

  • 1. Android forensics and Custom Recoveries Ibrahim M. El-Sayed 1
  • 2. Outline  Introduction to Android  Custom Recoveries  Custom recoveries and Forensics  Challenges and Goals  Conclusion 2
  • 3. Introduction To Android  Android ?  Robot with a human appearance  Open-source operating system currently Developed by Google 3
  • 4. Introduction To Android  Android Market Share (US) 4
  • 5. Introduction To Android  Android Market Share (Else Where) 5
  • 6. Introduction To Android  Android Architecture 6
  • 7. Introduction To Android  Android partition layout /system: mounted read-only system files /data: user data and applications /cache: partition used by the dalvik machine for performance /boot: the kernel of device /recovery: minimal kernel + file system /sdcard: removable sdcard 7
  • 8. Custom Recoveries  What are Recoveries partition?  A mode on android devices that boots a minimal Linux environment. (Similar to Safe-mode in Windows OS)  Why stock recoveries?  Update The Operating System  Backup and maintenance 8
  • 9. Custom Recoveries  How do their architecture look like? 9 RECOVERY.IMG
  • 10. Digital forensics  Digital forensics: is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.  Digital Forensics Process 10 Seizure Acquisition Analysis Reporting
  • 11. Custom recoveries and Forensics  What might be the relation between Custom Recoveries and Forensics?  File system is not encrypted!  Boot-loaders!  Hypothesis: If we managed to develop a custom recovery with forensics functionalities, we will be able to forensically analyze mobile devices  What are the forensics functionalities? 11
  • 12. Custom recoveries and Forensics  Forensics Functionalities – Viaforensic!  Passphrase/pin/pattern bypass  Logical data acquisition  Physical data acquisition  Rooting  Adb Shell 12
  • 13. Custom Recoveries  How to develop a Custom recovery? 1. Install Linux/Mac OsX to start building 2. Download Cyangonmod source code 3. Develop the forensics functions 4. Build your Custom Recovery 5. Flash it on the device if you have the correct device configuration!!! 13
  • 14. Custom Recoveries  Develop the forensics functions  Logical Acquisition  Physical Acquisition  Rooting  ADB 14
  • 15. Custom Recoveries  Build Custom Recovery  Known devices in Cyangonmod source tree. (Samsung S3)  Let’s see the Build guide provided by Cyangonmod website :) 15
  • 16. Custom Recoveries  Build Custom Recoveries for new devices!  What is the needed information?  Partition info  BoardConfig  kernel  Information Gathering 1. Already built stock-ROMs 2. Pull from rooted devices 3. Mobiles are similar  How much possible you will get device configuration? 16
  • 17. Custom Recoveries  Flashing your Custom Recovery  ODIN/Heimdall  Samsung devices  fastboot  Almost all other android devices  HBOOT 17
  • 18. Testing  The technique have been tested with  Samsung Galaxy S2, S3, S4  Samsung Note I, Note II  Oppo N1  Theortically applicable with  90% of Samsung devices  Why Samsung is THAT bad?  It also possible with  Sony devices  Might work with  Nexus  HTC 18
  • 19. Challenges and Goals  Challenges  Locked boot-loaders  Device configuration  Goals  Boot from SD-Cards  Bypass locked boot-loaders 19
  • 20. Acknowledgments  Eng. Waleed Zakira  Eng. Mohamed Nasr  Eng. Mohamed Zaki  Eng. Mahmoud Raouf 20