Syllabus - Mobile Security and Forensics (CY-702(C))

CSE-Cyber Security/ Cyber Security

Mobile Security and Forensics (CY-702(C))

VII-Semester

Unit1

Introduction to Mobile Forensics

Mobile forensics, Challenges in mobile forensics The mobile phone evidence extraction, Documenting and reporting phase, Presentation phase, Archiving phase, Practical mobile forensic approaches: Overview of mobile operating systems, Data acquisition methods, Examination and analysis of evidence stored on mobile phones.

Unit2

Android Forensics

Understanding Android, Android model, Android security- Secure kernel, Security- Enhanced Linux, Full Disk Encryption, Trusted Execution Environment, Android file system. Android Forensic Setup and Pre-Data Extraction Techniques, Android Data Extraction Techniques, Android Data Analysis and Recovery, Android data recovery, Android App Analysis, Malware, and Reverse Engineering: Analyzing Android apps; Reverse engineering. Android apps; extracting an APK file from an Android device; Android malware.

Unit3

iOS Forensics

Introducing iOS Application Security, Basics of iOS and application development, Developing your first iOS app, Running apps on iDevice, iOS MVC design, iOS security model, iOS secure boot chain, iOS application signing, iOS application.

Unit4

Android Security

Sandboxing and the permission model, Application signing, Android startup process, Setting up the development environment, Creating an Android virtual device, Useful utilities for Android Pentest, Android Debug Bridge, Burp Suite, APKTool.

Unit5

Traffic Analysis

Traffic Analysis for Android Devices, Android traffic interception. Ways to analyze Android traffic, Passive analysis, Active analysis, HTTPS Proxy interception.

Course Objective

To gain knowledge on mobile phone evidence extraction process, To understand the practical mobile forensic approaches, To engage students in forensic acquisition and analysis of mobile computing devices, specifically Android device, To gain an understanding of mobile device identification

Course Outcome

Understand what data is able to be acquired from mobile devices and be able to acquire and investigate data from mobile devices using forensically sound and industry standard tools, Comprehend the relationship between mobile and desktop devices in relationship to criminal and corporate investigations, Analyse mobile devices, their backup files, and artifacts for forensic evidence

Practicals

  • Setup of memory forensic environment and extract various artifacts from memory dump and analyze the memory dump, using different tools like Volatility, LiME, etc.

  • Windows artifact analysis using different forensic tools, which includes MRU, link file, USB analysis, Prefetch analysis, shell bag, web cache etc.

  • Using APKTool to reverse an Android application, Auditing Android applications.

  • Perform the following on different Android Image files: • Using a custom recovery android image. • Using AFLogical to extract contacts, calls, and text messages. • Dumping application databases manually. • Logging the logcat and using backup to extract an application's data.

  • Developing your first iOS app and running apps on iDevice.

Reference Books

  • Cyber Security by Nina Godbole - John Wiley Publication.

  • Digital Forensic by Dr. Nilakshi Jain - John Wiley Publication

  • Aditya Gupta, “Learning Pentesting for Android Devices”, Packt Pub Ltd; Illustrated edition, 2014.

  • SwaroopYermalkar, “Learning iOS Penetration Testing Paperback”, Packt Publishing, 2004.