Don't Miss Pen Test Hackefest Summit & Training, November 2-9 near DC!

Reading Room

SANS eNewsletters

Receive the latest security threats, vulnerabilities, and news with expert commentary

Mobile Security

Featuring 4 Papers as of October 14, 2015

  • Forensic Analysis On Android: A Practical Case by Angel Alonso-Parrizas - October 14, 2015 

    Mobile platforms have grown in the last few years very quickly. At the same time, vulnerabilities and malware have evolved affecting the new mobile landscape. In order to respond to this new set of threats it is necessary that existing security techniques and tools adapt to the new situation. As a result, the current techniques, tools and processes to perform forensic analysis in networks and systems, need to cover also mobile platforms. In this paper it will be discussed how it is possible to perform forensic analysis in Android platforms covering the following aspects: the evidences in the logs, the network traffic, file system and in particular the analysis of the memory. A real malware case is investigated using the above aspects.

  • Passing the Sniff (Snort) Test by Matthew Hansen - October 7, 2015 

    They go by several names: Bloatware. Trialware. Pre-installation-ware. Some of them are completely innocuous. Many are designed to automate harvesting of information from the user. The line between these "unwantedware" and malware is thinning. Whether they arrive in our networks from a less-than-perfect supply chain, or as a natural result from Bring-Your-Own-Device (BYOD) policies, or even as an aggressive customer support "service" from the manufacturer, unwantedware shall exist. On the best of days, network defenders will identify, mitigate, and remove said software from their organization in the hopes that it cannot come back. Unfortunately, these herculean efforts are not enough. Users will ignore warnings from the security administrators. Users will pay lip service to the security training their organization provides. Users will rationalize intrusions into their devices through a myriad of worthless excuses: "I'm really boring", or "Anyone who wants to spy on me will have a lot of nothing to do", or "I'm really ugly, turning on my webcam would hurt THEM." Time and again users have shown that they are incapable of understanding the risks involved, they must be trained to dislike being spied on. In this paper we will examine unwanted data exfiltrations initiated by software we are told to trust, be it prepackaged software, chatty smartphone apps, or smart television applications. We will also present methods for detecting said exfiltrations, determining what data is being sent, and alerting the user in a meaningful way.

  • BYOD: Do You Know Where Your Backups Are Stored? Masters
    by Marsha Miller - June 30, 2015 

    Ever striving to reduce costs, companies in increasing numbers are testing Bring Your Own Device (BYOD) as a mobile solution. Although security has become a hot topic, ensuring the protection of confidential information during synchronization of a mobile device to a personal storage location may be overlooked. This paper will touch on elements of how and where data is stored on a mobile Apple and Android device, the default backup solutions, a few legal aspects to consider, and some security solutions offered by AirWatch and Good.

  • Data Charging Bypass: How your IDS can help. Masters
    by Hassan Mourad - October 2, 2014 

    The recent increase in the number of smart devices, the introduction of high speed mobile connections (4G/LTE), as well as the hype in social networking has all led to the dramatic increase in mobile Internet traffic.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted.

Masters - This paper was created by a SANS Technology Institute student as part of their Master's curriculum.