I have just uploaded to the Papers & Presentations section the slides for my talk on “Latest Advances in Android Forensics” (in Spanish) at the 1st International Symposium for Android Security held in Malaga last week:
- Últimos avances en Análisis Forense de sistemas Android (PDF – 3,8 Mb)
One of the most interesting parts of this presentation (at least for me) is the section that covers Android Memory Acquisition and Analysis, since there is not much investigation available about this. That is definitely changing now, especially since Joe Sylve presented the first tool that is capable of doing a full capture of RAM contents in an Android device. The tool was presented at Shmoocon 2012 as DMD, although its name has now been changed to Lime Forensics.
As I said at the conference, the installation of this Loadable Kernel Module is not trivial. Hence, I plan on posting the steps I followed to successfully compile, install and use this tool together using the latest version of the Android SDK and emulator. Stay tuned!
I believe all the presentations and even the videos will be available at the conference site soon, but in the meantime you can also check the slides for the HACME Android talk presented by my colleague Melissa Augustine. This is another awesome application that follows the successful HACME saga and that you can download from free from:
Hacme Bank™ Android is designed to teach mobile application developers, programmers, architects and security professionals how to create secure software and evaluate their own software to identify vulnerabilities. Hacme Bank simulates a “real-world” web services-enabled mobile banking application, which was built with a number of known and common vulnerabilities. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it.
I also recommend that you visit the Open Security Research channel on Youtube where you’ll find a walkthrough all the Lessons and Exercises. I leave you here with a sample for the first Lesson: