Many forensic examiners rely on commercial, push-button tools to retrieve and analyze data, even though there is no tool that does either of these jobs perfectly. This book will introduce you to the Android platform and its architecture, and provides a high-level overview of what Android forensics entails. You will see how data is stored on Android devices and how to set up a digital forensic examination environment. Next, you will go through the various physical and logical techniques to extract data from devices to obtain forensic evidence. You will also learn how to reverse-engineer applications and forensically analyze the data with the help of various open source and commercial tools.
By the end of this book, you will have a complete understanding of the Android forensic process.
This book is packed with so much information simply reading it twice isn't enough, you'll need to make a few pots of coffee in order to digest all the information made available in this book. Rohit takes a unique approach to organizing and presenting material in this book, while the humor lacks in the book it is technically sound and straight forward. Few books have amazed me, and I've probably reviewed 100 books by now, this one has left a mark on my brain that will last for the remainder of my life. Now, that is certainly a bold claim and I certify this book is well worth such a claim. While I would have liked to seen some work on fingerprint passwords that was simply not covered in the book, but you'll be happy to know that swipe patterns are covered which are still in wide use today.
From the setup of the environment required to do the forensic work, theory behind the work involved, and then applying it in real world examples make this book worth the cost. My favorite part about this book would have to be the use of JTAG to recover data from damaged devices, and why you should smash your phone into a billion pieces if you have something to hide of great importance. This book is an eye opener and should be read by anyone who is paranoid about their security, and probably why you should or shouldn't root your Android device. The author answers everything clearly and concise with litter room for misunderstanding the message behind the learning activity. The frozen device was actually really intriguing, at a certain temperature the memory contained data longer and allowed data extraction, simply brilliant if I do say so myself.
Recovering delete files, application data, and the many methods to do so are covered. I've looked over this book a few dozen times already and still shake my head at the various recovery options available despite the 'security' appliances allowed on the device and how easily they're bypassed. So in short, don't do anything that you'd have to hide or you'll be pretty shocked when they uncover the deleted data you thought was gone forever!
Bottom Line Yes, I would recommend this to a friend