This course will cover the most common issues facing mobile devices and general tips for securing mobile applications. Upon completion of general mobile security overview, the course will delve into a proven practice in Mobile Device Forensics and Mobile Application Penetration Testing for Android devices. Over the two-day course, students will get hands-on time with open-source and commercial forensics tools, setup and explore reverse engineering development environments, and experience the process with which professional mobile security engineers have successfully applied to several projects. Areas covered include, identifying application vulnerabilities, code analysis, memory and file system analysis, and insecure storage of sensitive data.
This class serves as a foundation for mobile digital forensics, forensics of Android operating systems, and penetration testing of Android applications. Although delivered in a single offering, the course can be broken into separate offerings. The mobile digital forensics portion could be leveraged and reused for introducing forensics of other mobile platforms.
The instructor-led lab work will include:
- Creating an Android Virtual Device for use during the class
- Identifying file system directories and becoming familiar with the directory tree
- Extract and analyze data from an Android device.
- Manipulate Android file systems and directory structures.
- Understand techniques to bypass passcodes.
- Utilize logical and physical data extraction techniques.
- Reverse engineer Android applications.
- Analyze acquired data.