Android Forensics: Investigation, Analysis and Mobile Security for Google Android

Paperback (Print)
Buy New
Buy New from
Used and New from Other Sellers
Used and New from Other Sellers
from $50.33
Usually ships in 1-2 business days
(Save 28%)
Other sellers (Paperback)
  • All (15) from $50.33   
  • New (12) from $50.33   
  • Used (3) from $54.57   


Android Forensics: Investigation, Analysis, and Mobile Security for Google Android examines the Android mobile platform and shares techniques for the forensic acquisition and subsequent analysis of Android devices. Organized into seven chapters, the book looks at the history of the Android platform and its internationalization; it discusses the Android Open Source Project (AOSP) and the Android Market; it offers a brief tutorial on Linux and Android forensics; and it explains how to create an Ubuntu-based virtual machine (VM).
The book also considers a wide array of Android-supported hardware and device types, the various Android releases, the Android software development kit (SDK), the Davlik VM, key components of Android security, and other fundamental concepts related to Android forensics, such as the Android debug bridge and the USB debugging setting. In addition, it analyzes how data are stored on an Android device and describes strategies and specific utilities that a forensic analyst or security engineer can use to analyze an acquired Android device.
Core Android developers and manufacturers, app developers, corporate security officers, and anyone with limited forensic experience will find this book extremely useful.

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Ability to forensically acquire Android devices using the techniques outlined in the book
  • Detailed information about Android applications needed for forensics investigations
  • Important information about SQLite, a file based structured data storage relevant for both Android and many other platforms.
Read More Show Less

Editorial Reviews

From the Publisher
"If you want to truly understand and perform forensics on Android this is the book. There is no other reference that goes to this level of detail on the Android operating systems idiosyncrasies and quirks. Android Forensics is a must have for the mobile device examiner’s bookshelf."-Jim Steele, Director of Digital Forensics , a Tier 1 Wireless Carrier

"Andrew Hoog in his latest book, Android Forensics, provides exceptionally well written coverage of Android for the Computer Forensics Investigator. No small task given the ever changing nature of Google’s preeminent mobile operating system."—Matthew M. Shannon, Principal, F-Response

"…provides an excellent and comprehensive coverage of the Android platform, including its design, implementation, operation, investigation and analysis. At 364 pages of content, organized over seven chapters, with a focus on the ‘practical’ – demonstrating system design, implementation, operation and investigation, for instance, through hands-on "experiments" – this sizable text will resonate particularly well with readers disposed to activity-centric, learning-by-doing styled narrative. The text is peppered throughout with device and application (GUI) screenshots, as well as command line execution/output and directory listings."—

"In conclusion, we feel that Android Forensics is a good introduction to a field that still seems very ‘fresh’ and new to forensic examiners… As a quick reference during forensic analysis, the last chapter proves to be an excellent resource."—Computer and Security

"At 364 pages of content, organized over seven chapters, with a focus on-the ‘practical’ – demonstrating system design, implementation, operation and investigation, for instance, through hands- on "experiments" – this sizable text will resonate particularly well with readers disposed to activity-centric, learning-by- doing styled narrative…With a practical focus from the outset that includes how to acquire and install the Android SDK and build an Android Virtual Device (AVD), this text is particularly suited to those disposed to a hands-on approach to learning about the Android platform from a security and investigation perspective."—Best Digital Forensics Book in InfoSecReviews Book Awards

Read More Show Less

Product Details

  • ISBN-13: 9781597496513
  • Publisher: Elsevier Science
  • Publication date: 6/29/2011
  • Pages: 432
  • Sales rank: 1,487,907
  • Product dimensions: 7.40 (w) x 9.10 (h) x 1.10 (d)

Meet the Author

Andrew Hoog is a computer scientist, certified forensic analyst (GCFA and CCE), computer and mobile forensics researcher, former adjunct professor (assembly language) and owner of viaForensics, an innovative computer and mobile forensic firm. He divides his energies between investigations, research and training about the computer and mobile forensic discipline. He writes computer/mobile forensic how-to guides, is interviewed on radio programs and lectures and trains both corporations and law enforcement agencies. As the foremost expert in Android Forensics, he leads expert level training courses, speaks frequently at conferences and is writing a book on Android forensics.

Read More Show Less

Read an Excerpt

Android Forensics

Investigation, Analysis, and Mobile Security for Google Android
By Andrew Hoog


Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-652-0

Chapter One

Android and mobile forensics


• Android platform

• Linux, Open source software and forensics

• Android Open Source Project

• Internationalization

• Android Market

• Android forensics


Digital forensics is an exciting, fast-paced field that can have a powerful impact on a variety of situations including internal corporate investigations, civil litigation, criminal investigations, intelligence gathering, and matters involving national security. Mobile forensics, arguably the fastest growing and evolving digital forensic discipline, offers significant opportunities as well as many challenges. While the interesting part of Android forensics involves the acquisition and analysis of data from devices, it is important to have a broad understanding of both the platform and the tools that will be used throughout the investigation. A thorough understanding will assist a forensic examiner or security engineer through the successful investigation and analysis of an Android device.


Android is an open source mobile device platform based on the Linux 2.6 kernel and managed by the Open Handset Alliance, a group of carriers, mobile device and component manufacturers, and software vendors.

Android has made a significant impact on the smartphone market and, consequently, in the area of forensics. Two years and one month after the first Android device was introduced (October 2008), Android became the second largest smartphone platform capturing 26.0% of the 61.5 million US smartphone subscribers (comScore reports, n.d.). Table 1.1 shows the top smartphone platforms as of November 2010, according to comScore, Inc.

But Android's influence extends well beyond the US market. According to Gartner, Inc., the Android operating system (OS) was the second most popular during the third quarter of 2010 and accounted for 25.5% of worldwide smartphone sales (Gartner says, n.d.), as shown in Table 1.2.

According to the web site Google Investor, Google CEO Eric Schmidt reported that over 350,000 Android devices were being activated each day as of February 2011 (Google investor, n.d.). These statistics focus on the smartphone market, which is only one of the many types of Android devices available in the market.

The open source nature of Android has not only established a new direction for the industry, but also has enabled developers, code savvy forensic analysts, and (unfortunately) sophisticated criminals to understand the device at the most fundamental level. As the core platform quickly matures and continues to be provided free of charge, carriers and hardware vendors alike can focus their efforts on customizations intended to retain their customers.

History of Android

For over three decades, companies have invested significant resources into research and development of handheld computing devices in the hopes that they would open new markets. As with traditional computers, the hardware components central to building such devices have advanced significantly and now provide a small, though powerful, mobile platform for handheld computers.

A central figure in the development of Android is Andy Rubin whose past employers include robotics firms, Apple, WebTV, and Danger Inc. His previous company, Danger Inc., developed a smartphone and support OS most recognized from the T-Mobile Sidekick. This mobile operating system, DangerOS, was built using Java. It provided a software development kit and had some of the features found in current smartphones. In 2004, Rubin left Danger and tinkered with several new ideas. He again returned to smartphone development and teamed with several engineers from past companies. The company Rubin formed in 2003 was called Android, Inc.

While the team began development, Rubin was actively marketing Android to both potential investors and wireless carriers. One of the companies he spoke with was Google, who subsequently acquired Android in July 2005. The acquisition, combined with new patents and services involving mobile and a large bid for wireless spectrum, fueled significant speculation that Google was developing their own smartphone and perhaps was aiming to be a full wireless carrier.

However, on November 5, 2007, Andy Rubin announced a more ambitious plan on the official Google blog (Official Google blog, n.d.):

Android is the first truly open and comprehensive platform for mobile devices. It includes an operating system, user-interface and applications—all of the software to run a mobile phone, but without the proprietary obstacles that have hindered mobile innovation. We have developed Android in cooperation with the Open Handset Alliance, which consists of more than 30 technology and mobile leaders including Motorola, Qualcomm, HTC and T-Mobile. Through deep partnerships with carriers, device manufacturers, developers, and others, we hope to enable an open ecosystem for the mobile world by creating a standard, open mobile software platform. We think the result will ultimately be a better and faster pace for innovation that will give mobile customers unforeseen applications and capabilities.

One week later, Google released an early look at the Android software development kit (SDK) to developers. This allowed Google to create the first Android Developer Challenge, which ran from January 2008 through April 2008. Google set aside $1,000,000 to reward the most innovative Android apps. The top 50 apps are available for review at

In August 2008, Google announced the availability of the Android Market where developers could upload their apps for mobile device owners to browse and install. The initial release did not support paid apps. However, that feature was added in early 2009. Finally, October 2008 marked both the official release of the Android Open Source Project (AOSP) (Bort, n.d.) and the first publicly available Android smartphone, the T-Mobile G1.

Since inception, the Android ecosystem has grown significantly and is comprised of diverse groups of contributors. Table 1.3 summarizes significant milestones for the Android platform.

Open Handset Alliance

The Open Handset Alliance (OHA) is a collaboration among mobile technology companies including wireless carriers, handset and component manufacturers, software developers, and other support and integration companies. The alliance, established on November 5, 2007, originally had 34 members. However, by January 2011 there were nearly 80 members.

The OHA is committed "to accelerate innovation in mobile and offer consumers a richer, less expensive, and better mobile experience" (Alliance FAQ, n.d.) with the primary focus on the coordination, development, and release of Android devices. Google is the driving force behind both the OHA and AOSP. Some have complained that the alliance is simply a marketing technique that offers little value to the members or consumers. However, new members have joined throughout 2010 and the OHA will undoubtedly continue well into the future. The members, as of February 3, 2011, listed in Table 1.4, are grouped by mobile operators, handset manufacturers, semiconductor companies, software companies, and commercialization companies (Alliance members, n.d.).

Android Features

While we explore the various Android device types more in the next chapter, there are several features common to most Android devices that we can discuss here.

First, Android was engineered from the beginning to be online, whether using cellular networks such as Global System for Mobile Communications and Code Division Multiple Access (GSM/CDMA) or wireless networks (Wi-Fi). Regardless of the venue, the ability to be online is a core feature of any Android device. Many of the devices are indeed smartphones and thus support sending and receiving phone calls, text messages, and other services found on cellular networks. Interacting with the device is typically via a touch screen, but many devices also allow for keyboards or other buttons, which support user interaction.

A second core feature of Android devices is the ability to download and install applications (apps) from the Android Market. This is a primary feature to many users because it allows them to extend the functionality of the device. These apps also typically happen to be a rich source of information for forensic analysts.

The final core feature is the ability for users to store their data on the devices. This, of course, is the basis for the forensics work covered in detail in this book. Most Android devices come with some on-device storage using flash (NAND) memory as well as an external SD card that is portable and intended to store larger amounts of data. Some recent HTC devices are now shipping with an emulated SD card which is a separate USB device ID mapped to the NAND and presented as an SD card. The emulated SD cards are typically formatted with Microsoft's FAT32 file system.

Supported Cellular Networks

As smartphones are the largest category of Android devices, it is important to understand the various cellular technologies Android currently supports.

The first Android device, the HTC DREA100 or T-Mobile G1, was a Global System for Mobile Communications (GSM) phone. GSM is the most widely used and supported cellular system with excellent support throughout the world. Major wireless providers in the United States that support GSM include AT&T and T-Mobile. The GSM system leverages a subscriber identity module (SIM) or universal subscriber identity module (USIM) to identify the user to the cellular network.

The next cellular system supported by Android is the Code Division Multiple Access, often referred to as CDMA. CDMA is the technique used to encode and send the voice, data, and control signals used by a CDMA phone. It is popular in the United States, but less so around the world. In the United States, the primary technology standard used is called CDMA2000. Major carriers include Verizon Wireless, Sprint, U.S. Cellular, and Cricket Communications.

The final cellular system supported by Android is the Integrated Digital Enhanced Network, or iDEN, whose primary attraction is its support of the popular push-to-talk (PTT) feature. In the United States, the only large carrier supporting iDEN is Sprint Nextel (who also owns Boost Mobile). Motorola, the developer of iDEN, also developed the Motorola i1, the first Android phone supporting iDEN.

Google's Strategy

Android is clearly a powerful mobile device platform which costs an enormous amount in development. So why did Google give Android away for free?

The answer starts with Google's clearly defined mission (Corporate information: about, n.d.):

Google's mission is to organize the world's information and make it universally accessible and useful.

Cell phones are the most popular consumer device, numbering over 4 billion, so by providing an advanced mobile stack at no cost, Google believes they are fulfilling the universally accessible portion of their mission. But, obviously there must still be some benefit for Google. When more people are online, more people use search, which ultimately drives ad revenue—Google's primary source of income. In a March 2009 interview, Andy Rubin explained:

Google has a great business model around advertising, and there's a natural connection between open source and the advertising business model. Open source is basically a distribution strategy, it's completely eliminating the barrier to entry for adoption. (Krazit, n.d.)

One of the criticisms of Android is that the market is now highly fragmented with different versions and variations of Android—a direct result of how Google releases Android to the manufacturers. This is in contrast to other devices, such as the iPhone where Apple has total control over the hardware and OS and significant influence over third-party application. Rubin defends this model, however. In the same interview, Rubin further commented on this aspect (Krazit, n.d.):

Controlling the whole device is great, (but) we're talking about 4 billion handsets. When you control the whole device the ability to innovate rapidly is pretty limited when it's coming from a single vendor. You can have spurts of innovation. You can nail the enterprise, nail certain interface techniques, or you can nail the Web-inthe-handset business, but you can't do everything. You're always going to be in some niche. What we're talking about is getting out of a niche and giving people access to the Internet in the way they expect the Internet to be accessed. I don't want to create some derivative of the Internet, I don't want to just take a slice of the Internet, I don't want to be in the corner somewhere with some dumbed-down version of the Internet, I want to be on the Internet.


Excerpted from Android Forensics by Andrew Hoog Copyright © 2011 by Elsevier Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1. Android and Mobile Forensics Chapter 2. Android Hardware Platforms Chapter 3. Android Software Development Kit and Android Debug Bridge Chapter 4. Android File Systems and Data Structures Chapter 5. Android Device, Data and App Security Chapter 6. Android Forensic Techniques Chapter 7. Android Application and Forensic Analysis

Read More Show Less

Customer Reviews

Average Rating 1
( 2 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted July 30, 2013

    Why the hell would some one buy this

    Screw this book wth

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted February 20, 2012

    Why wold wou buy this book?

    This book is exspensive why wold any body buy this

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)