World-class instructors teaching today's, critical cyber skills - SANS Online Training

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Forensics

Featuring 107 Papers as of May 6, 2021

  • Identifying the Android Operating System Version thru UsageStats by Alexis Brignoni - April 28, 2021 

    Locating the Android operating system version within a digital forensic extraction is necessary to properly apply operating system specific domain knowledge when parsing the data for forensic artifacts. Most automated tools that parse Android full file system extractions depend on the /system/build.prop file to determine the Android version among other device identifiers. Due to how variable Android implementations are regarding access to the data source a build.prop file might not be available in a particular forensic extraction. Is there a way to determine the Android version of an extraction by only looking at the userdata directory? The answer is yes. This was useful to me since some of my digital forensics tooling for Android extractions would benefit from programmatically identifying the Android version when a build.props file is not available.

  • View All Forensics Papers

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.