Android Investigations

Question 1

What kind of networks does Android support?

Answer 1

GSM- Global System for Mobile Communications
DEN- Integrated Digital Enhanced Network
CDMA- Code Division Multiple Access

Question 2

What is the Android system normally referred to as?

Answer 2

The stack, which is the system layout for the Android platform

Question 3

What are the layers in The Stack?

Answer 3

1. Linux Kernel
2. Native Libraries
3. Application Framework
4. Applications/APKs

Question 4

Why was Linux chosen as the base for the Android stack?

Answer 4

1. Portability
2. Security
3. Features

Question 5

What are some Native Libraries in the Stack?

Answer 5

1. Web kit-Fast web rendering engine
2. Sqlite- full featured sql database
3. Apache Harmony-Open source implementation of Java
4. OpenGL- 3D graphics libraries
5. OpenSSL- Secure socket layer

Question 6

What is Dalvik VM?

Answer 6

A purpose built virtual machine designed for Android

Question 7

What services would you find in the Application Framework Layer?

Answer 7

1. Location sensors
2. Wifi
3. Telephony

Question 8

What are the three main components of an APK file?

Answer 8

1. Dalvik Executable - Compiled Java Source code
2. Resources- images/audio/xml files describing layout etc.
3. Native Libraries- Optionally, an app may contain some native code

Question 9

What file systems are supported by Android?

Answer 9

1. YAFFS
2. YAFFS2
3. EXT3
4. EXT4
5. RFS
6. FAT32
7. VFAT

Question 10

What methods can developers choose to store data to an Android device?

Answer 10

1. Shared preferences
2. Internal Storage
3. External Storage
4. SQlite
5. Network

Question 11

What kind of evidence can be found on an SD csrd?

Answer 11

1. App data
2. Large Files (Videos/Images)

Question 12

What is NAND?

Answer 12

A type of non - volatile, high density flash memory.

Question 13

What is eMMC

Answer 13

Embedded MultiMedia Card

Question 14

What is a SIM card?

Answer 14

Subscriber Identity Module card. Used to authenticate users on a carriers network.

Question 15

What is EEPROM?

Answer 15

Electronically Erasable, Programmable, Read Only Memory. A SIM card has this.
It contains the file system.

Question 16

What is EF_ADN?

Answer 16

Elementary file.
Abbreviated Dialling Numbers, it’s the contact list

Question 17

What is EF_FPLMN?

Answer 17

Elementary file.
Forbidden Public Land Mobile Network.
Stores when a user tries to connect to a forbidden network. Eg. Eir customer trying to connect to Vodafone

Question 18

What is EF_LND?

Answer 18

Elementary file.
Last numbers dialled.
Logs for both incoming and outgoing files.

Question 19

What is EF_LOCI?

Answer 19

Elementary file.
Contains location information on where the user last powered down the phone.

Question 20

What is EF_SMS?

Answer 20

Elementary file.
Contains sms info like numbers sent to, possibly texts themselves.

Question 21

What is rooting an Android?

Answer 21

The act of bypassing/removing security to gain access to the file system settings so they can be changed

Question 22

What is Android SDK?

Answer 22

Android Software Developer Kit, used to develop Android Apps.

Question 23

What can be found in the Android SDK?

Answer 23

1. Software Libraries
2. APIs
3. Reference material
4. An emulator

Question 24

What is DDMS and where is it found?

Answer 24

Dalvik Debug Monitor Service, found in /tools folder of the SDK.

Question 25

What are the five functional areas of DDMS?

Answer 25

1. Task management - emulators and connected handsets are listed 2. File Management - Can browse/copy files on a device/emulator 3. Emulator Interaction - DDMS can send simulated events eg. Calls/sms 4. Logging - logcat utility is integrated into DDMS 5. Screen Capture

Question 26

What are some risks of rooting and Android device?

Answer 26

1. Bricking a phone 2. Change System Files

Question 27

What two cache files deal with location information?

Answer 27

1. .cache.wifi - contains a database of WiFi routers with MAC address and gps 2. .cache.cell - database of mobile communication cells and their gps

Question 28

What is an FCC ID?

Answer 28

A unique identifier for a specific device model. FCC= Federal Communications Commission

Question 29

What is Android Debug Bridge

Answer 29

ADB is a programming tool that allows an Android device to be communicated with, and controlled over USB or TCP.

Question 30

What does ADB "devices" command do?

Answer 30

Lists connected devices

Question 31

What does ADB command "$adb shell" do?

Answer 31

Allows you to open a shell on the Android device and begin interaction with the system. Can use common Linux commands.

Question 32

What command allows you to copy a file from your forensic workstation to an emulator?

Answer 32

Adb push (local) (remote)

Question 33

How do you copy a file from an emulator to your workstation?

Answer 33

Adb pull (remote) (local)

Question 34

What is JTAG?

Answer 34

Joint Test Action Group. Is the standard for test, maintenence and support of assumbled circuit boards

Question 35

What is a PCB?

Answer 35

Printed Circuit Board

Question 36

What is a TAP ?

Answer 36

Test Access Port

Question 37

What six popular signals does a JTAG expose?

Answer 37

1. TDI- Test Data In 2. TDO- Test Data Out 3. TCK- Test Clock 4. TMS- Test Mode Select 5. TRST- Test Reset 6. RTCK- Return Test Clock

Question 38

What is a flasher box?

Answer 38

A mobile phone service device used by service providers and shops. Mainly used to recover user data from dead phones.