Author: Andrew Hoog
Aimed at: Those who want an introduction to computer forensics specific to Android
Pros: Some interesting inclusions
Cons: Lacks depth for the expert, lacks explanations for beginner
Reviewed by: Alex Armstrong
Covering "Investigation, Analysis and Mobile Security for Google Android" - what does it tell you?
Computer Forensics is a strange subject and mostly about recovering data that the user might not want you to have. In this case the target of the recovery is an Android phone or tablet.
You can't help but think that people who get attracted to digital forensics are probably chasing the image portrayed by TV's Bones.Well, if you can have forensic anthropologist, why not a digital one? Being slightly more serious digital forensics is about the only way of getting evidence that someone is up to no good or that they are innocent.
Even if you are not interested in digital forensics you can see that knowledge of such techniques could be generally useful. The big problem is how to learn about the underlying idea.
This book starts off with a look at the Android platform and most of it is waffle. Why we need to cover the market shares of other operating systems is a mystery. We also go over a lot of very obvious information, such as the history of Android and where you find it. We are then told how to install Linux under a VM - this is very basic stuff and if you don't know it all ready you probably shouldn't be getting into digital forensics. Even the section on Linux forensic tools is mostly about standard Linux commands that you should already know how to use. From here we have an explanation of open source and the Android open source project in particular.
Chapter 2 is about hardware and it not only explains not only the basics of Android as a computer but some comments on radio, flash memory, GPS and so on. As in Chapter 1 most of the ideas are very general and not really about forensics - its mostly background. Then we get to some deep technical information about the Android boot sequence. This incorporates material from a blog a post Android Boot Process From Power On used with full permission of the original author. The chapter closes with a look at the update process.
The SDK is the subject of the next chapter and if you have developed any apps for Android you won't need to read about installing and using it. Chapter 4 explains the Android file system, which is mostly just a rehash of the Linux file systems. If you don't already know about Linux file systems this is quite interesting and makes for a reasonable introduction.
Chapter 5 should also be fairly technical, as it introduces the Android security system. Unfortunately a lot of the material is obvious and very general, such as a description of the man-in-the-middle attack and the law relating to hacking. It hardly scratches the surface and is at the level of "passwords are a good idea".
Chapter 6 might be where it all really gets going - Android Forensic Techniques - but again we have some fairly general ideas. If you have never thought about the forensic problem in examining a device then you might find it interesting. However, It doesnt' really provide anything beyond the obvious. For example, if you find a device and it is on and working then why not change the password. Of course if you find a device and it is locked then the advice isn't quite as useful - we can hope that the device has USB debugging enabled, look fro smudges on the screen, hope there is a recovery ROM or look things up on the web. When it comes to advanced methods such as using JTAG or removing chips the book basically tells you that this might be possible but it's difficult. The chapter closes with a look at commercial forensic providers who probably do know how to get at data that is difficult to get at. Chapter 7 continues the look at forensic analysis but applied to applications. This is more or less just looking at the files that apps create and basically involves a hex editor.
If this book was about forensic anthropology it would mostly be filled with a description of what a human was and then when shown a bone it would say - "it's a bone, if you want to know what sort of bone then ask someone else". Perhaps this is a little cruel because the book does identify some obvious bones and it describes the use of standard tools that mostly aren't particularly specific to Android.
There are some interesting things to read in this book, but it really isn't a magic way to become a digital forensic anything. If you happen to find an Android device that isn't locked and you want to copy some files for examination then this is about as useful as it gets. If you already know the technology well enough to, say, examine a file using a hex editor and perhaps debug an Android program, this book isn't going to teach you much. If you don't know any of these things then what the book says will sound more impressive, but you probably aren't going to understand the fine detail.
In short this book won't help you become a digital Temperance Brennan and you would probably do better reading some books on the technical side of general computing followed by some Linux and then Android specific books.