Android Operating System

00:00

hi and welcome to everyday digital forensics. I'm your host. Hussaini's in on Today on mobile forensics. We're gonna go over the Android operating system.

00:11

In today's video. We're gonna

00:13

see the structure

00:14

and then from the structure kind of discussed the next colonel. It's libraries, Andrew libraries, runtime applications

00:22

and application components.

00:26

So almost brain, you see the overall android structure. It's broken down into five sections to the sections are kind of intertwined with one another,

00:36

and we'll see why later.

00:38

So on Android operating system is a stack of software components, which roughly divide into the five sections and four major layers shown,

00:47

and we're gonna be reviewing these layers

00:50

from bottom up.

00:53

So first up is the Lennox Colonel.

00:56

This is the bottom layer off on Android operating system.

01:00

It provides a level of abstraction between the device hardware, and it contains all the central hardware drivers, such as your camera, your keypad. You're just by your touch screen, etcetera.

01:10

The Lenox colonel handles networking and a vast array of device drivers

01:15

from attacker standpoint. They could modify the colonel's memory to create a very sophisticated colonel root kits.

01:23

There's a number techniques out there for infecting Colonel at run time. And these are things that investigator must take into consideration one examine device.

01:33

Some of the things that could happen is they enter Oppa handed her patching. There's function trampolines,

01:40

debug, register root kits, exception table infections. We're not going to get into how to modify current memory and things of those natures. That's more events for this picture.

01:53

So

01:55

on top of your colonel's, there's a set of libraries, including your open source Web browser engine weapon

02:01

Well known, my Very Living

02:04

Years sequel Light Database. And that's a very useful repository for storage and sharing of application data.

02:12

You have libraries to pay a record audio and video.

02:15

You're SSL libraries return responsible for network security and so long.

02:22

So as far as the libraries go injured, is

02:25

composed of Java based libraries very specific to an Andrew develop.

02:31

Libraries include your application frameworks, your user interface, your geographical drawing and your database access.

02:39

So within this within the android libraries layers, you just don't have drama bays libraries. You also have some cc postal space libraries containing this layer.

02:52

You have your android app, which provides access to application models and is a cornerstone of all android applications.

03:00

You're ANDREY content facilitates constant access machine and messaging between applications

03:07

and these application components local into application components

03:13

in the upcoming sides. We also have your android database, which is used to access data published

03:20

by the content providers.

03:22

And this includes your secret light database for management.

03:25

Android Open Geo. This is a job interface to open Geo ES

03:30

three D graphics.

03:34

You have your Android OS, which provides applications with access to the standard operating system services such as master messaging, insistent services and inter process communications.

03:46

Next up is Andrew Texts, which is used to render and manipulate text

03:51

your view, which is your fundamental building blocks of application interface. You also have your widget, which is a rich collection of pre built user interface components.

04:01

These can be seen as your buttons, your labels, your list, your layout managers, your radio buttons and then loss is your work. It

04:10

is a set of classes attended to allow Web browsing capabilities to be built into your application.

04:16

Within the layer of libraries, you have a section. This section provides a very key component called Doll Vic Virtual Machine,

04:25

which is very similar in nature to the job of virtual machine. It has been specifically designed and optimized for Andrew.

04:33

The straw back Virtual Machine makes use of in the next court features such as memory management and most with multi threading. And it also enables every android application to run its own process with its own instance of this virtual Shane.

04:47

As discussed in the previous line, the enduring runtime also provides a set core libraries which able on Android application developer to write android applications using the Java programming. So with this section, it allows developer to use Java programming and now have to learn a specifically new language

05:06

so revealing the application frameworks. It provides a high level service to applications in the form of Java classes. These are your activity monitoring content providers, resource manager, notification manager, you manager and others seen in the picture below. These farmers are available during the application development process.

05:26

Once of Alma Pain and Android application. This is the layer which your application

05:30

will be written and installed in pretty much living. They will sit side by side with privado applications, centrist contact, books, browsers and games.

05:40

But whenever you build an android application. It's actually living in this section. So in an investigation process, if you go into the section, you can also find applications that either the spot suspect has written or has installed

05:57

not moving over to android components. These are the building blocks of any android application,

06:03

very loosely coupled with the application manifest filed. Also known as injury manifesto XML,

06:11

as it describes each component that they interact with.

06:14

You have your activity component, which handles you are in user interactions

06:18

your services with which handle back ground processing. Broadcast receivers, which handles communication

06:26

and contact providers for trandahl data and database management.

06:30

Some additional components,

06:32

which is this with the main ones, are your fragments reviews your layouts, your intense your resource is and your Met office.

06:41

So in today's brief video, we just went over the enjoyed operating system structure. Such a salon external of the libraries, the 100 libraries, the run time application of components.

06:54

There's not too much of a dive into this

06:56

into understanding the android operating system structure for the forensics purpose. I just kind of wanted to give you an overview of what the system kind of look size

07:05

So when we do an investigation, we can point out these different layers

07:10

and components

07:12

during our best during our investigation.

07:15

So I hope you enjoyed today's video