+ }+ r e t u r n n u l l ;+ }+@Overridep u b l i c Cursor query ( Uri uri , S t r i n g [ ] p r o j e c t i o n , S t r i n g s e l e c t i o n , S t r i n g [ ] s e l e c t i o n A r g s ,S t r i n g sortOrder ) {@@ −4199 ,6 +4219 ,13 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccounLog . v (TAG, ” query : ” + u r i ) ;}+ Log . i (TAG, ”Query from : ” + getProcessNameFromPid ( Binder . g e t C a l l i n g P i d ( ) ) ) ;+ Log . i (TAG, ” URI : ” + u r i . t o S t r i n g ( ) ) ;+ Log . i (TAG, ” P r o j e c t i o n : ” + Arrays . t o S t r i n g ( p r o j e c t i o n ) ) ;+ Log . i (TAG, ” S e l e c t i o n : ” + s e l e c t i o n ) ;+ Log . i (TAG, ” S e l e c t i o n arguments : ” + Arrays . t o S t r i n g ( s e l e c t i o n A r g s ) ) ;+ Log . i (TAG, ” Sort o r d e r : ” + sortOrder ) ;+f i n a l SQLiteDatabase db = mDbHelper . getReadableDatabase ( ) ;75SQLiteQueryBuilder qb = new SQLiteQueryBuilder ( ) ;@@ −4210 ,15 +4237 ,18 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccounf i n a l i n t match = sUriMatcher . match ( u r i ) ;switch ( match ) {c a s e SYNCSTATE:+ Log . i (TAG, ” Branch SYNCSTATE” ) ;r e t u r n mDbHelper . getSyncState ( ) . query ( db , p r o j e c t i o n , s e l e c t i o n , s e l e c t i o n A r g s ,sortOrder ) ;c a s e CONTACTS: {+ Log . i (TAG, ” Branch CONTACTS” ) ;setTablesAndProjectionMapForContacts ( qb , uri , p r o j e c t i o n ) ;break ;}c a s e CONTACTS ID: {+ Log . i (TAG, ” Branch CONTACTS ID” ) ;long c o n t a c t I d = ContentUris . p a r s e I d ( u r i ) ;setTablesAndProjectionMapForContacts ( qb , uri , p r o j e c t i o n ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , S t r i n g . valueOf ( c o n t a c t I d ) ) ;
@@ −4228 ,6 +4258 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccounc a s e CONTACTS LOOKUP:c a s e CONTACTS LOOKUP ID: {+ Log . i (TAG, ” Branch CONTACTS LOOKUP( ID ) ” ) ;L i s t pathSegments = u r i . getPathSegments ( ) ;i n t segmentCount = pathSegments . s i z e ( ) ;i f ( segmentCount < 3) {@@ −4267 ,6 +4298 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e CONTACTS AS VCARD: {+ Log . i (TAG, ” Branch CONTACTS AS VCARD” ) ;// When r e a d i n g as vCard always use r e s t r i c t e d viewf i n a l S t r i n g lookupKey = Uri . encode ( u r i . getPathSegments ( ) . get ( 2 ) ) ;qb . s e t T a b l e s ( mDbHelper . getContactView ( t r u e /∗ r e q u i r e r e s t r i c t e d ∗ / ) ) ;@@ −4278 ,6 +4310 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}76c a s e CONTACTS AS MULTI VCARD: {+ Log . i (TAG, ” Branch CONTACTS AS MULTI VCARD” ) ;SimpleDateFormat dateFormat = new SimpleDateFormat (”yyyyMMdd HHmmss ” ) ;S t r i n g c u r r e n t D a t e S t r i n g = dateFormat . format ( new Date ( ) ) . t o S t r i n g ( ) ;r e t u r n db . rawQuery (@@ −4288 ,6 +4321 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e CONTACTS FILTER: {+ Log . i (TAG, ” Branch CONTACTS FILTER” ) ;S t r i n g f i l t e r P a r a m = ” ” ;i f ( u r i . getPathSegments ( ) . s i z e ( ) > 2) {f i l t e r P a r a m = u r i . getLastPathSegment ( ) ;@@ −4298 ,6 +4332 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccounc a s e CONTACTS STREQUENT FILTER:c a s e CONTACTS STREQUENT: {+ Log . i (TAG, ” Branch CONTACTS STREQUENT( FILTER ) ” ) ;S t r i n g f i l t e r S q l = n u l l ;i f ( match == CONTACTS STREQUENT FILTER&& u r i . getPathSegments ( ) . s i z e ( ) > 3) {
- Page 2:
AbstractIn forensic analysis of mob
- Page 8 and 9:
Chapter 1IntroductionAccording to t
- Page 10 and 11:
forensics tools Cellebrite and XRY
- Page 12 and 13:
2.1.1 Data hidingFor PC anti-forens
- Page 14 and 15:
Detecting a USB connection suffers
- Page 16 and 17:
protected program can access it, as
- Page 18 and 19:
modifications at different times, t
- Page 20 and 21:
esponsible for handling security an
- Page 22 and 23:
contact lists registers that it pro
- Page 24 and 25:
Several projects have built upon th
- Page 26 and 27:
to return false data to the tools.
- Page 28 and 29:
6. Connection to a forensic analysi
- Page 30 and 31:
To install it, then, requires the c
- Page 32 and 33: Step 4 According to the documentati
- Page 34 and 35: Chapter 5Implementation, testing an
- Page 36 and 37: The two modules are raw contacts an
- Page 38 and 39: 200-500 small writes in the time fr
- Page 40 and 41: make the data impossible to spot in
- Page 42 and 43: had time to isolate the phone befor
- Page 44 and 45: abort the extraction and show the e
- Page 46 and 47: (a) Extraction summary(b) Extractio
- Page 48 and 49: Figure 5.11: Cellebrite extraction
- Page 50 and 51: Figure 5.14: Contacts fed to Celleb
- Page 52 and 53: (a) Cellebrite extraction report(b)
- Page 54 and 55: (a) SIM contacts visible(b) SIM con
- Page 56 and 57: Chapter 6ConclusionsThis dissertati
- Page 58 and 59: Android is an open system, with spe
- Page 60 and 61: • Hide SIM contacts from the fore
- Page 62 and 63: that it is possible to use Java ref
- Page 64 and 65: 7.3 EncryptionStarting with version
- Page 66 and 67: operating system components, but th
- Page 68 and 69: Appendix BTool behaviourThe followi
- Page 70 and 71: S e l e c t i o n : i d = 1 ANDmime
- Page 72 and 73: Appendix CSource codeC.1 USBMonitor
- Page 74 and 75: ∗/private S t r i n g e o l ;priv
- Page 76 and 77: }}Bundle e x t r a s = i n t e n t
- Page 78 and 79: index 3 bee54d . . 0 0 be75e 100644
- Page 80 and 81: 73import android . p r o v i d e r
- Page 84 and 85: @@ −4349 ,6 +4384 ,7 @@ p u b l i
- Page 86 and 87: c a s e POSTALS: {+ Log . i (TAG,
- Page 88 and 89: qb . setProjectionMap ( sGroupsSumm
- Page 90 and 91: c a s e RAW CONTACT ENTITIES: {+ Lo
- Page 92 and 93: index f 2 b 6 f c e . . 1 eb2972 10
- Page 94 and 95: 87++ // A t t r i b u t e s c o n s
- Page 96 and 97: 89+ i n t s t r O f f = s t O f f +
- Page 98 and 99: C.4 Delayed responsesThis is the co
- Page 100 and 101: + p r i v a t e boolean c a l l e r
- Page 102 and 103: 95index 00 be75e . . cb000e9 100644
- Page 104 and 105: p r i v a t e boolean i n i t i a l
- Page 106 and 107: 99+ // no d e l e t e d c o n t a c
- Page 108 and 109: 101+ Log . i (TAG, ” Unknown quer
- Page 110 and 111: 103+ // I n t e n t i o n a l l y r
- Page 112 and 113: 105+ ” n u l l as ” + Structure
- Page 114 and 115: 107+ ” ” + PhoneticNameStyle .U
- Page 116 and 117: C.6 False data from alternate datab
- Page 118 and 119: − p r i v a t e s t a t i c f i n
- Page 120 and 121: +import com . android . p r o v i d
- Page 122 and 123: Log . i (TAG, ” S e l e c t i o n
- Page 124 and 125: C.7 Delayed restorationThis is the
- Page 126 and 127: 119+ Log . i (TAG, ” Faking ” +
- Page 128 and 129: 121− // b e f o r e and a f t e r
- Page 130 and 131: C.8 Hiding SIM contactsThis is the
- Page 132 and 133:
++ // This i s the CyanogenMod 7 .
- Page 134 and 135:
ArrayList r e s u l t s ;− i f (
- Page 136 and 137:
index c218592 . . a4dbaae 100644−
- Page 138 and 139:
131+ /∗+ ∗ ( non−Javadoc )+
- Page 140 and 141:
package com . android . p r o v i d
- Page 142 and 143:
135++ /∗+ ∗ ( non−Javadoc )+
- Page 144 and 145:
137+ Log . i (TAG, ” Running quer
- Page 146 and 147:
Appendix EDeclaration of originalit
- Page 148 and 149:
[8] Android development guides—Th
- Page 150 and 151:
[34] Tarpit (networking). http://en
- Page 152 and 153:
[53] ACPO e-crime working group. Go
- Page 154 and 155:
[73] Android Open Source Project. L
- Page 156:
[94] Randal Vaughn and Gadi Evron.