I am doing a forensic course and as a requirement I have been asked to develop a forensic investigation tool (windows based) for Google's Android OS (Galaxy s). The requirement is such that given an image file, the tool should be able to display the databases that the applications are using, call history, messages and etc.. I have little experience in Java but I have no experience in Android development. The research so far has given me nothing on how to go about this. If anyone could point me in the right direction I would much appreciate it. Thanks in advance.
The Andoid Developers site would be a good start in understanding the structures associated with applications in an Android environment
http//
Good luck!
nakaxava,
Do you have an idea in which format is this image file?
Do they expect you to reconstruct the file system and then decode data from the database files?
@ RonS
the image file should be a .dd image.. yeah.. thats the main task..
Thanx
You could also try getting help over at the XDA forums. They code hacks and ROM's etc for Android devices so may know a lot about how Android works.
http//
I would spend some time with the Emulator that comes with the SDK. Paired with the ADB tool (Android Debug Bridge) there is a LOT you can learn about the platform.
Bare in mind those that in the Emulator you have root access - this won't be the case in most handsets you come across.
You should also check out Andrew Hoog's research at Via Forensics http//
I'm curious. What class are you taking that wants you to come up with a tool but not give you any resource to create it. Seems like blood from a stone there. If you allready did get it figured out I would love to see your finished product.
I am with texas42. Is your instructor really expecting from students that they create the tool for galaxy S? or just simply acquire data through dd?
Are you studying at a college or taking forensic courses?
I can share some info. with you.
So far, there are only two models on Korean market which could acquire data with dd Galaxy S and Dell Streak. The other androids' models have YAFF2 which doesn't accept dd command.
** Acquisition
1. ADB
2. Admin account
** Analysis
Since file system is FAT, you can do something if you know about FAT file system. Most PIMS data is structured by .db format. So just using SQLite to see the live data.