Information Technology Reference
In-Depth Information
Android app analysis
On Android, everything the user interacts with is an application. While some apps are pre-
installed by the device manufacturer, some apps are downloaded and installed by the user.
Depending on the type of application, most of these apps store sensitive information on the
internal memory or the SD card on the device. Using the forensic techniques described
earlier, it is possible to get access to the data stored by these applications. However, a
forensic examiner needs to develop the necessary skills to convert the available data into
useful data. This is achieved when you have a comprehensive understanding of how the ap-
plication handles data.
The examiner may need to deal with applications that stand as a barrier to accessing re-
quired information. For instance, take the case of the gallery on a phone locked by an app
locker application. In this case, in order to access the pictures and videos stored on the gal-
lery, you first need to enter the passcode to the app locker. Hence, it would be interesting to
know how the app locker app stores the password on the device. You might look into the
sqlite database files, but if they are encrypted, then it's hard to even predict that it's a pass-
word. Reverse engineering applications would be helpful in such cases where you want to
better understand the application and how the application stores the data.
