c a s e POSTALS: {+ Log . i (TAG, ” Branch POSTALS” ) ;setTablesAndProjectionMapForData ( qb , uri , p r o j e c t i o n , f a l s e ) ;qb . appendWhere (” AND ” + Data .MIMETYPE + ” = ’”+ S t r u c t u r e d P o s t a l .CONTENT ITEM TYPE + ” ’ ” ) ;@@ −4522 ,6 +4568 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e POSTALS ID : {+ Log . i (TAG, ” Branch POSTALS ID ” ) ;setTablesAndProjectionMapForData ( qb , uri , p r o j e c t i o n , f a l s e ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , u r i . getLastPathSegment ( ) ) ;qb . appendWhere (” AND ” + Data .MIMETYPE + ” = ’”@@ −4531 ,11 +4578 ,13 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}79c a s e RAW CONTACTS: {+ Log . i (TAG, ” Branch RAW CONTACTS” ) ;setTablesAndProjectionMapForRawContacts ( qb , u r i ) ;break ;}c a s e RAW CONTACTS ID: {+ Log . i (TAG, ” Branch RAW CONTACTS ID” ) ;long rawContactId = ContentUris . p a r s e I d ( u r i ) ;setTablesAndProjectionMapForRawContacts ( qb , u r i ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , S t r i n g . valueOf ( rawContactId ) ) ;@@ −4544 ,6 +4593 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e RAW CONTACTS DATA: {+ Log . i (TAG, ” Branch RAW CONTACTS DATA” ) ;long rawContactId = Long . parseLong ( u r i . getPathSegments ( ) . get ( 1 ) ) ;setTablesAndProjectionMapForData ( qb , uri , p r o j e c t i o n , f a l s e ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , S t r i n g . valueOf ( rawContactId ) ) ;@@ −4552 ,11 +4602 ,13 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e DATA: {
+ Log . i (TAG, ” Branch DATA” ) ;setTablesAndProjectionMapForData ( qb , uri , p r o j e c t i o n , f a l s e ) ;break ;}c a s e DATA ID : {+ Log . i (TAG, ” Branch DATA ID ” ) ;setTablesAndProjectionMapForData ( qb , uri , p r o j e c t i o n , f a l s e ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , u r i . getLastPathSegment ( ) ) ;qb . appendWhere (” AND ” + Data . ID + ”=?”);@@ −4564 ,6 +4616 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e PHONE LOOKUP: {+ Log . i (TAG, ” Branch PHONE LOOKUP” ) ;80i f ( T e x t U t i l s . isEmpty ( s ortOrder ) ) {// D e f a u l t the s o r t o r d e r to something r e a s o n a b l e so we get c o n s i s t e n t@@ −4582 ,6 +4635 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e GROUPS: {+ Log . i (TAG, ” Branch GROUPS” ) ;qb . s e t T a b l e s ( mDbHelper . getGroupView ( ) ) ;qb . setProjectionMap ( sGroupsProjectionMap ) ;appendAccountFromParameter ( qb , u r i ) ;@@ −4589 ,6 +4643 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e GROUPS ID : {+ Log . i (TAG, ” Branch GROUPS ID ” ) ;qb . s e t T a b l e s ( mDbHelper . getGroupView ( ) ) ;qb . setProjectionMap ( sGroupsProjectionMap ) ;s e l e c t i o n A r g s = i n s e r t S e l e c t i o n A r g ( s e l e c t i o n A r g s , u r i . getLastPathSegment ( ) ) ;@@ −4597 ,6 +4652 ,7 @@ p u b l i c c l a s s ContactsProvider2 extends SQLiteContentProvider implements OnAccoun}c a s e GROUPS SUMMARY: {+ Log . i (TAG, ” Branch GROUPS SUMMARY” ) ;qb . s e t T a b l e s ( mDbHelper . getGroupView ( ) + ” AS groups ” ) ;
- Page 2:
AbstractIn forensic analysis of mob
- Page 8 and 9:
Chapter 1IntroductionAccording to t
- Page 10 and 11:
forensics tools Cellebrite and XRY
- Page 12 and 13:
2.1.1 Data hidingFor PC anti-forens
- Page 14 and 15:
Detecting a USB connection suffers
- Page 16 and 17:
protected program can access it, as
- Page 18 and 19:
modifications at different times, t
- Page 20 and 21:
esponsible for handling security an
- Page 22 and 23:
contact lists registers that it pro
- Page 24 and 25:
Several projects have built upon th
- Page 26 and 27:
to return false data to the tools.
- Page 28 and 29:
6. Connection to a forensic analysi
- Page 30 and 31:
To install it, then, requires the c
- Page 32 and 33:
Step 4 According to the documentati
- Page 34 and 35:
Chapter 5Implementation, testing an
- Page 36 and 37: The two modules are raw contacts an
- Page 38 and 39: 200-500 small writes in the time fr
- Page 40 and 41: make the data impossible to spot in
- Page 42 and 43: had time to isolate the phone befor
- Page 44 and 45: abort the extraction and show the e
- Page 46 and 47: (a) Extraction summary(b) Extractio
- Page 48 and 49: Figure 5.11: Cellebrite extraction
- Page 50 and 51: Figure 5.14: Contacts fed to Celleb
- Page 52 and 53: (a) Cellebrite extraction report(b)
- Page 54 and 55: (a) SIM contacts visible(b) SIM con
- Page 56 and 57: Chapter 6ConclusionsThis dissertati
- Page 58 and 59: Android is an open system, with spe
- Page 60 and 61: • Hide SIM contacts from the fore
- Page 62 and 63: that it is possible to use Java ref
- Page 64 and 65: 7.3 EncryptionStarting with version
- Page 66 and 67: operating system components, but th
- Page 68 and 69: Appendix BTool behaviourThe followi
- Page 70 and 71: S e l e c t i o n : i d = 1 ANDmime
- Page 72 and 73: Appendix CSource codeC.1 USBMonitor
- Page 74 and 75: ∗/private S t r i n g e o l ;priv
- Page 76 and 77: }}Bundle e x t r a s = i n t e n t
- Page 78 and 79: index 3 bee54d . . 0 0 be75e 100644
- Page 80 and 81: 73import android . p r o v i d e r
- Page 82 and 83: + }+ r e t u r n n u l l ;+ }+@Over
- Page 84 and 85: @@ −4349 ,6 +4384 ,7 @@ p u b l i
- Page 88 and 89: qb . setProjectionMap ( sGroupsSumm
- Page 90 and 91: c a s e RAW CONTACT ENTITIES: {+ Lo
- Page 92 and 93: index f 2 b 6 f c e . . 1 eb2972 10
- Page 94 and 95: 87++ // A t t r i b u t e s c o n s
- Page 96 and 97: 89+ i n t s t r O f f = s t O f f +
- Page 98 and 99: C.4 Delayed responsesThis is the co
- Page 100 and 101: + p r i v a t e boolean c a l l e r
- Page 102 and 103: 95index 00 be75e . . cb000e9 100644
- Page 104 and 105: p r i v a t e boolean i n i t i a l
- Page 106 and 107: 99+ // no d e l e t e d c o n t a c
- Page 108 and 109: 101+ Log . i (TAG, ” Unknown quer
- Page 110 and 111: 103+ // I n t e n t i o n a l l y r
- Page 112 and 113: 105+ ” n u l l as ” + Structure
- Page 114 and 115: 107+ ” ” + PhoneticNameStyle .U
- Page 116 and 117: C.6 False data from alternate datab
- Page 118 and 119: − p r i v a t e s t a t i c f i n
- Page 120 and 121: +import com . android . p r o v i d
- Page 122 and 123: Log . i (TAG, ” S e l e c t i o n
- Page 124 and 125: C.7 Delayed restorationThis is the
- Page 126 and 127: 119+ Log . i (TAG, ” Faking ” +
- Page 128 and 129: 121− // b e f o r e and a f t e r
- Page 130 and 131: C.8 Hiding SIM contactsThis is the
- Page 132 and 133: ++ // This i s the CyanogenMod 7 .
- Page 134 and 135: ArrayList r e s u l t s ;− i f (
- Page 136 and 137:
index c218592 . . a4dbaae 100644−
- Page 138 and 139:
131+ /∗+ ∗ ( non−Javadoc )+
- Page 140 and 141:
package com . android . p r o v i d
- Page 142 and 143:
135++ /∗+ ∗ ( non−Javadoc )+
- Page 144 and 145:
137+ Log . i (TAG, ” Running quer
- Page 146 and 147:
Appendix EDeclaration of originalit
- Page 148 and 149:
[8] Android development guides—Th
- Page 150 and 151:
[34] Tarpit (networking). http://en
- Page 152 and 153:
[53] ACPO e-crime working group. Go
- Page 154 and 155:
[73] Android Open Source Project. L
- Page 156:
[94] Randal Vaughn and Gadi Evron.