Android Forensics: Investigation, Analysis and Mobile Security for Google Android

Andrew Hoog has done an outstanding job presenting a complex topic that should interest not only advanced forensic practitioners but the typical Android Smartphone user as well. Highly recommended, whether its for work, or you want to know what "rooting" your Android phone actually does to the device.

No clue what to say..bought this as a gift. I didn't even look at it, Computer Forensics is not my thing.

This book provides a well defined knowledge base of the Android platform and how to float around the software to avhieve any goals.

As Brian Carrier is to file system forensics and Harlan Carvey is to Windows registry analysis, Andrew Hoog is to the Android operating system. The level of detail in this book demonstrates a deep understanding of this complex and unique operating system. Chapter 1 begins with an overview of both Android and Linux in general. Instructions are provided for creating a virtual machine environment so the reader can follow along with the examples in the book. Throughout, the reader is encouraged to follow along, and ample opportunities are provided. This is highly appreciated as most technical books overwhelm the reader with information rather than guide them along the way. Chapter 2 presents an overview of the hardware that is supported by the Android OS. Chapter 3 begins the discussion of the Android OS proper. Included in this chapter are instructions on augmenting the previously created VM with the Android SDK providing additional tools for use in analysis. Chapter 4 is devoted to discussing the file systems likely to be encountered in the Android environment. Special attention is paid to YAFFS and YAFFS2. Chapter 5 discusses securing the data within the device. Also presented are recommendations for securely using Android devices in an enterprise environment. Additional advice is given for both users and developers to limit the exposure of sensitive data. Chapter 6 covers the most significant portion of the book with instructions on acquiring the data from device. Logical and physical acquisitions from the handset as well as the removable storage are discussed. The issue of passcode circumvention is discussed along with potential solutions. Chapter 7 finishes with timeline analysis techniques for the YAFFS file system and the FAT file system. Additional locations of interest to both security researchers and forensic analysts are also presented. Overall the book is enjoyable to read and will be a valuable asset for both forensic analysts and researchers.

One reviewer commented that code samples are unreadable for the Kindle version. That seems to be true for standard, small screen, non-color devices (i.e. classic Kindles). However, on my iPad Kindle app the code samples are fine. In fact you can unpinch them to zoom in, and rotate your device to portrait mode if needed. Also, the online Kindle Cloud Reader shows the code samples clearly. Hopefully future conversions of technical texts such as this one will be done with more care to allow resizing of special text. For now you will need your PC with the free Cloud Reader, or some large screen tablet device to take advantage of this ebook.

A very well written book that contains Android essentials and advanced topics. Andrew Hoog does a great job explaining concepts and making even the most complex topics understandable. Highly recommended!

The Kindle version is pretty bad. Schematics and code examples are unreadable because they're too small and there are enough typo's to make reading the text an irritating experience (Davlik instead of dalvik in a book about Android).