The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Building your Android application testing toolbox

  • Tuesday, November 13th, 2018 at 3:30 PM EST (20:30:00 UTC)
  • Domenica Crognale
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


If you have taken or plan to take FOR585: Advanced Smart Phone Forensics, you realize how desirable it is to have a rooted Android device for analysis. A rooted Android will provide access to full physical partitions that are not typically available on devices without system level permissions. But lets suppose that you are interested specifically in application research and data that can be found in the USERDATA partition. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that we, as examiners, are after.

FOR585, discusses many of the ways that forensic tools will attempt to TEMPORARILY or SOFT root your device in order to extract data. For research purposes, we often seek a device with a FULL root, or one in which the root will persist even after the device loses power. This webcast will explore topics such as 1) Choosing the best test device, 2) Rooting your Android, 3) Utilizing File Browsers for quick file/folder access, and 4) Examining application directories of interest, all using utilities that exist on your SIFT workstation or that can be downloaded for free from the Internet.

Speaker Bio

Domenica Crognale

Domenica is one of the course co-authors of SANS FOR585: Advanced Smartphone Forensics. She has been working in digital forensics for more than 10 years and specializing in mobile devices since 2009. In previous jobs she has provided training to military and government agencies, worked on high-profile cases, tested and validated various mobile forensics utilities, and provided security assessments for many mobile applications. In her day job, she spends time dissecting third-party mobile applications, where there is no shortage of interesting data left behind. She maintains multiple certifications including the GASF, EnCE, CCE, and CISSP. @domenicacrognal

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.