Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Android Forensics

You're reading from   Learning Android Forensics Analyze Android devices with the latest forensic tools and techniques

Arrow left icon
Product type Paperback
Published in Dec 2018
Publisher
ISBN-13 9781789131017
Length 328 pages
Edition 2nd Edition
Languages
Tools
Concepts
Arrow right icon
Authors (3):
Arrow left icon
Oleg Skulkin Oleg Skulkin
Author Profile Icon Oleg Skulkin
Oleg Skulkin
Donnie Tindall Donnie Tindall
Author Profile Icon Donnie Tindall
Donnie Tindall
Rohit Tamma Rohit Tamma
Author Profile Icon Rohit Tamma
Rohit Tamma
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Introducing Android Forensics FREE CHAPTER 2. Setting up the Android Forensic Environment 3. Understanding Data Storage on Android Devices 4. Extracting Data Logically from Android Devices 5. Extracting Data Physically from Android Devices 6. Recovering Deleted Data from an Android Device 7. Forensic Analysis of Android Applications 8. Android Forensic Tools Overview 9. Identifying Android Malware 10. Android Malware Analysis 11. Other Books You May Enjoy

Android hardware components

Android is compatible with a wide range of hardware components. The Linux kernel made this easy, as Linux supports a large variety of hardware. This gives manufacturers a lot of flexibility as they can design based on their requirement without worrying about compatibility. This poses a significant challenge for forensic analysts during investigations. Hence, understanding the hardware components and device types will greatly help in understanding Android forensics.

Core components

The components present in a device change from one manufacturer to another and from one model to another. However, there are some components that are found in most mobile devices. The following sections provide an overview of such commonly found components of an Android device.

Central Processing Unit (CPU)

The CPU, also known as the processor, is responsible for executing everything that happens on a mobile device. It tells the device what to do and how to do it. Its performance is measured based on the number of tasks it can complete per second, known as a cycle. For example, a 1 GHz processor can process one billion cycles per second. The higher the capacity of the processor, the smoother the performance of the phone will be. When dealing with smartphones, we come across the following terminologies: ARM, x86 (Intel), MIPS, Cortex, and A5 or A7 or A9. ARM is the name of a company that licenses their architectures (branded Cortex) with different models coming up each year, such as the A series mentioned before. Based on these architectures, chip makers release their own series of chipsets (Snapdragon, Exynos, and so on) that are used in mobile devices. Newer smartphones are powered by dual-core, quad-core, and even octa-core processors.

Baseband processor

Smartphones today support a variety of cellular protocols including GSM, 3G, 4G, and LTE. These protocols are complicated and require a large amount of CPU power to process data, generate packets, and transmit them to the network provider. To handle this process, smartphones now use a baseband modem, which is a separate chip included in smartphones that communicates with the main processor. These baseband modems have their own processor called the baseband processor and run their own operating system. The baseband processor manages several radio control functions such as signal generation, modulation, encoding, as well as frequency shifting. It can also manage the transmission of signals.

The baseband processor is generally located on the same circuit board as the CPU, but consists of a separate radio component.

Memory

Android phones, just like normal computers, use two primary types of memory: RAM and ROM. Although most users are familiar with these concepts, there is some confusion, however, when it comes to mobile devices.

RAM stands for Random Access Memory. It is volatile, which means contents are deleted when the power is removed. RAM is very fast to access and is used primarily for the runtime memory of software applications (including the device's operating system and any applications). In other words, it is used by the system to load and execute the OS and other applications. The number of applications and processes that can be run simultaneously depends on this RAM size.

ROM (commonly referred to as Android ROM) stands for Read-Only Memory. It is non-volatile, which means it retains the contents even when the power is off. The Android ROM contains the boot loader, OS, all of the downloaded applications and their data, settings, and so on.

Note that the part of memory that is used for the boot loader and Android is normally locked and can only be changed through a firmware upgrade. The remaining part of the memory is termed by some of the manufacturers as user memory. The data of each application stored here will not be accessible to other applications. Once this memory gets filled up the device slows down. Both RAM and Android ROM are often manufactured into a single component known as a Multi-Chip Package (MCP).

SD Card

The SD card has great significance with respect to mobile forensics because quite often data that is stored on it can be vital evidence and can be accessed even if the device is locked or encrypted. Many Android devices have a removable memory card commonly referred to as a Secure Digital (SD) card. This is in contrast to Apple's iPhone, which does not have any provision for SD cards. SD cards are non-volatile, which means data is stored in them even when they're powered off. SD cards use flash memory, a type of Electrically Erasable Programmable Read-Only Memory (EEPROM) that is erased and written in large blocks instead of individual bytes. Most of the multimedia data and large files are stored by the apps in an SD card. In order to interoperate with other devices, SD cards implement certain communication protocols and specifications.

In some mobiles, although an SD card interface is present, some portion of the onboard NAND memory (non-volatile) is carved out for creating an emulated SD card. This essentially means the SD card is not removable. Hence, forensic analysts need to check whether they are dealing with an actual SD card or an emulated SD card. SD memory cards come in several different sizes. The mini-SD card and micro-SD card contain the same underlying technology as the original SD memory card, but are smaller in size.

Display

Mobile phone screens have progressed dramatically over the last few years. The following is a brief description of some of the widely used types of mobile screens.

  • TFT LCD stands for Thin Film Transistor Liquid Crystal Display and is the most common type of screen found in mobile phones. These screens have a light underneath them that shines through the pixels to make them visible.
  • AMOLED stands for Active-Matrix Organic Light-Emitting Diode; this is a technology based on organic compounds and known for its best image quality while consuming low power. Unlike LCD screens, AMOLED displays don't need a backlight—each pixel produces its own light—so phones using them can potentially be thinner.

These are described at http://www.in.techradar.com/news/phone-and-communications/mobile-phones/Best-phone-screen-display-tech-explained/articleshow/38997644.cms.

Battery

The battery is the lifeblood of a mobile phone and is one of the major consumer concerns with modern smartphones. The more you use the device and its components, the more battery is consumed. The following are different types of batteries used in mobile phones:

  • Lithium Ion (Li-Ion) batteries are the most popular batteries used in cell phones, as they are light and portable. They are well known for their high energy density and low maintenance. However, they are expensive to manufacture compared to other battery types.
  • Lithium Polymer (Li-Poly) batteries have all of the attributes of a Lithium Ion battery but with ultra slim geometry and simplified packaging. They are the latest technology and found only in few mobile devices.
  • Nickel Cadmium (NiCd) batteries are old technology batteries and suffer from memory effect. As a result, the overall capacity and life span of the battery are reduced. In addition to this, nickel cadmium batteries are made from toxic materials that are not environmentally friendly.
  • Nickel Metal Hydride (NiMH) batteries are the same as nickel cadmium batteries, but can contain higher energy and can run for between 30 and 40 percent longer. They still suffer from memory effect but comparatively less than the Nickel Cadmium (NiCd) Batteries. They are widely used in mobile phones and are affordable.

The battery type can be known by looking at the details present on its body.

Often, the SD card is located behind the battery. During forensic analysis, accessing a SD card may require removing the battery, which would power off the device. This can have certain implications that will be discussed in details in later chapters.

Apart from the components described previously, here are some of the other components that are well known:

  • Global Positioning System (GPS)
  • Wi-Fi
  • Near Field Communication (NFC)
  • Bluetooth
  • Camera
  • Keypad
  • USB
  • Accelerometer and Gyroscope
  • Speaker
  • Microphone
You have been reading a chapter from
Learning Android Forensics - Second Edition
Published in: Dec 2018
Publisher:
ISBN-13: 9781789131017
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image