{"id":611,"date":"2016-04-19T14:39:40","date_gmt":"2016-04-19T14:39:40","guid":{"rendered":"https:\/\/www.digitalforensicscorp.com\/blog\/?p=611"},"modified":"2025-03-25T20:52:18","modified_gmt":"2025-03-25T20:52:18","slug":"basics-of-android-malware-forensics","status":"publish","type":"post","link":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/","title":{"rendered":"Basics of Android Malware Forensics"},"content":{"rendered":"<p>Nowadays Android malware analysis becomes more and more common task during mobile forensic investigations. <!--more-->Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0441ious application analysis.<\/p>\n<p>In this article we&#8217;ll show you how to perform basic static and dynamic analysis of a malicious Android application with Apktool, dex2jar, JD-GUI\u00a0and VirusTotal.<\/p>\n<p>We&#8217;re going to start from basic static analysis. The first step is unpacking an APK-file with <a href=\"http:\/\/ibotpeaches.github.io\/Apktool\/install\/\" target=\"_blank\" rel=\"noopener\">Apktool<\/a> in order to get decoded AndroidManifest.xml file which contains the application&#8217;s permissions:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-613\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_apktool.png\" alt=\"Android_malware_forensics_with_apktool\" width=\"454\" height=\"150\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_apktool.png 454w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_apktool-300x99.png 300w\" sizes=\"auto, (max-width: 454px) 100vw, 454px\" \/><\/p>\n<p>Now we have our\u00a0AndroidManifest.xml decoded and ready to be analyzed. Our app requires the following permissons:<\/p>\n<ul>\n<li class=\"enum text-red\" data-original-title=\"Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.\">android.permission.SEND_SMS<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows an application to disable the key lock and any associated password security. A legitimate example of this is the phone disabling the key lock when receiving an incoming phone call, then re-enabling the key lock when the call is finished.\">android.permission.DISABLE_KEYGUARD<\/li>\n<li class=\"enum\" data-original-title=\"Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.\">android.permission.RECEIVE_BOOT_COMPLETED<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows an application to create network sockets.\">android.permission.INTERNET<\/li>\n<li class=\"enum\" data-original-title=\"Allows the application to control the vibrator.\">android.permission.VIBRATE<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows application to write to SMS messages stored on your phone or SIM card. Malicious applications may delete your messages.\">android.permission.WRITE_SMS<\/li>\n<li class=\"enum\" data-original-title=\"Allows an application to view the information about the status of Wi-Fi.\">android.permission.ACCESS_WIFI_STATE<\/li>\n<li class=\"enum\" data-original-title=\"Allows an application to prevent the phone from going to sleep.\">android.permission.WAKE_LOCK<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. \">android.permission.CALL_PHONE<\/li>\n<li class=\"enum\" data-original-title=\"Allows an application to view the status of all networks.\">android.permission.ACCESS_NETWORK_STATE<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.\">android.permission.READ_PHONE_STATE<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows application to read SMS messages stored on your phone or SIM card. Malicious applications may read your confidential messages.\">android.permission.READ_SMS<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows an application to write to the SD card.\">android.permission.WRITE_EXTERNAL_STORAGE<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.\">android.permission.READ_CONTACTS<\/li>\n<li class=\"enum text-red\" data-original-title=\"Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.\">android.permission.RECEIVE_SMS<\/li>\n<\/ul>\n<p>As you can see, there are a lot of suspicious permissions: it can read contact data, send, read and delete SMS messages, has full Internet access, can directly call phone numbers, read phone state and identity, such as it&#8217;s phone number and serial number, also it can modify or delete SD card contents.<\/p>\n<p>Let&#8217;s go further &#8211; extract the .class\u00a0files from the APK with\u00a0<a href=\"https:\/\/sourceforge.net\/projects\/dex2jar\/files\/\" target=\"_blank\" rel=\"noopener\">dex2jar<\/a>. Now we have a JAR file ready to be decompiled.<\/p>\n<p>To do it, open <a href=\"http:\/\/jd.benow.ca\/\" target=\"_blank\" rel=\"noopener\">JD-GUI<\/a>\u00a0and click the corresponding icon, or go to File &#8211; Open File&#8230;, or simply push Ctrl + O and choose the JAR\u00a0file:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-615\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation.png\" alt=\"Android_malware_forensics_with_JD-GUI_decompilation\" width=\"1009\" height=\"929\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation.png 1009w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation-300x276.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation-768x707.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation-512x471.png 512w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_JD-GUI_decompilation-920x847.png 920w\" sizes=\"auto, (max-width: 1009px) 100vw, 1009px\" \/><\/p>\n<p>Now you can walk through the .class files, analyze the codes and, for example, search for interesting \u00a0strings like the IP-address on the illustration.<\/p>\n<p>It&#8217;s time for basic dynamic analysis. We&#8217;ll use <a href=\"https:\/\/virustotal.com\/\" target=\"_blank\" rel=\"noopener\">VirusTotal <\/a>for it. Just upload your sample to it and wait for analysis to complete. Go to &#8220;Behavioural information&#8221; pane and check the results of dynamic analysis:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-616\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal.png\" alt=\"Android_malware_forensics_with_VirusTotal\" width=\"816\" height=\"574\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal.png 816w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal-300x211.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal-768x540.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal-512x360.png 512w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/Android_malware_forensics_with_VirusTotal-280x196.png 280w\" sizes=\"auto, (max-width: 816px) 100vw, 816px\" \/><\/p>\n<p>As you can see, we have a lot of useful information: the app calls APIs that provide access to\u00a0information about the telephony services to collect subscriber&#8217;s info. Also it calls APIs that manage SMS operations and even sends with &#8220;balans&#8221; text to 900 &#8211; its Sberbank number for mobile banking.<\/p>\n<p>Of course, advanced analysis isn&#8217;t as easy as basic. If you want to learn more about it we highly recommend <a href=\"http:\/\/www.amazon.com\/Android-Malware-Analysis-Ken-Dunham\/dp\/1482252198\/\" target=\"_blank\" rel=\"noopener\">Android Malware and Analysis<\/a>\u00a0<span class=\"a-size-small a-color-secondary\">by <\/span><span class=\"a-size-small a-color-secondary\">Ken Dunham and <\/span><span class=\"a-size-small a-color-secondary\">Shane Hartman. But if you need a professional to do it &#8211; use our <a href=\"https:\/\/www.digitalforensicscorp.com\/blog\/contacts-us\/\" target=\"_blank\" rel=\"noopener\">contact form<\/a>.<\/span><\/p>\n<p>About the authors:<\/p>\n<p><a href=\"http:\/\/linkedin.com\/in\/igormikhaylovcf\" target=\"_blank\" rel=\"noopener\">Igor Mikhaylov<\/a><\/p>\n<p>Interests: Computer, Cell Phone &amp; Chip-Off Forensics<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/oleg-skulkin-96652a87\" target=\"_blank\" rel=\"noopener\">Oleg Skulkin<\/a><\/p>\n<p>Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"Nowadays Android malware analysis becomes more and more common task during mobile forensic investigations.","protected":false},"author":126,"featured_media":255,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"csco_display_header_overlay":false,"csco_singular_sidebar":"","csco_page_header_type":"","footnotes":""},"categories":[6],"tags":[],"class_list":{"0":"post-611","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-software","8":"cs-entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Basics of Android Malware Forensics - Resources for Sextortion and Online Blackmail Victims<\/title>\n<meta name=\"description\" content=\"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Basics of Android Malware Forensics\" \/>\n<meta property=\"og:description\" content=\"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/\" \/>\n<meta property=\"og:site_name\" content=\"Resources for Sextortion and Online Blackmail Victims\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/DigitalForensicsCorp\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-19T14:39:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-25T20:52:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Viktor Sobiecki\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ForensicsCorp\" \/>\n<meta name=\"twitter:site\" content=\"@ForensicsCorp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Viktor Sobiecki\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/\"},\"author\":{\"name\":\"Viktor Sobiecki\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/person\\\/db7b63895c111dc8ed48df38d20b84ce\"},\"headline\":\"Basics of Android Malware Forensics\",\"datePublished\":\"2016-04-19T14:39:40+00:00\",\"dateModified\":\"2025-03-25T20:52:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/\"},\"wordCount\":469,\"publisher\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"articleSection\":[\"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/\",\"name\":\"Basics of Android Malware Forensics - Resources for Sextortion and Online Blackmail Victims\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"datePublished\":\"2016-04-19T14:39:40+00:00\",\"dateModified\":\"2025-03-25T20:52:18+00:00\",\"description\":\"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"width\":600,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/basics-of-android-malware-forensics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims\",\"item\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Basics of Android Malware Forensics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\",\"name\":\"Resources for Sextortion and Online Blackmail Victims\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\",\"name\":\"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/df-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/df-logo.png\",\"width\":393,\"height\":343,\"caption\":\"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/DigitalForensicsCorp\\\/\",\"https:\\\/\\\/x.com\\\/ForensicsCorp\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/person\\\/db7b63895c111dc8ed48df38d20b84ce\",\"name\":\"Viktor Sobiecki\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"caption\":\"Viktor Sobiecki\"},\"description\":\"Dr. Viktor Sobiecki currently serves as the Chief Technology Officer (CTO) at Digital Forensics Corporation, where responsibilities span the leadership of advanced cybersecurity initiatives, data breach incident responses, and corporate strategic planning. Professional career has been driven by the intersection of innovation and practical application, particularly in the domains of cybersecurity and cyber crime investigations. He holds a Ph.D. in Computer Science and has contributed extensively to academic and industry advancements through publications, patents, and technological solutions addressing complex real-world challenges. As a professional with over 25 years of experience in the fields of cybersecurity, artificial intelligence, and digital forensics his career spans roles in academic research, software development, corporate leadership, and expert consulting, giving me a comprehensive understanding of the technical, strategic, and practical dimensions of projects. Expertise spans a wide range of technical domains, including: \u2022 Data Breach Incident Response: Managing immediate responses to cybersecurity crises, including the containment and mitigation of threats \u2022 Corporate Strategy Development: Designing long-term strategies to enhance organizational resilience against emerging cyber threats. \u2022 Expert Testimony: Providing legal and technical expertise in high-profile cybersecurity cases. \u2022 Artificial Intelligence and Machine Learning: Designing and implementing algorithms for data analysis, pattern recognition, and anomaly detection. \u2022 Network Security and Data Integrity: Developing solutions to protect critical systems from cyber threats, including encryption protocols and intrusion detection systems. \u2022 Cloud Computing and Hybrid Infrastructures: Creating scalable, resilient architectures for data storage, processing, and security.\",\"sameAs\":[\"https:\\\/\\\/www.digitalforensics.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/viktor-sobiecki\\\/\"],\"honorificPrefix\":\"Dr\",\"jobTitle\":\"Chief Technology Officer (CTO)\",\"worksFor\":\"Digital Forensics Corporation\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/author\\\/visor\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Basics of Android Malware Forensics - Resources for Sextortion and Online Blackmail Victims","description":"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/","og_locale":"en_US","og_type":"article","og_title":"Basics of Android Malware Forensics","og_description":"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.","og_url":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/","og_site_name":"Resources for Sextortion and Online Blackmail Victims","article_publisher":"https:\/\/www.facebook.com\/DigitalForensicsCorp\/","article_published_time":"2016-04-19T14:39:40+00:00","article_modified_time":"2025-03-25T20:52:18+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","type":"image\/png"}],"author":"Viktor Sobiecki","twitter_card":"summary_large_image","twitter_creator":"@ForensicsCorp","twitter_site":"@ForensicsCorp","twitter_misc":{"Written by":"Viktor Sobiecki","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#article","isPartOf":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/"},"author":{"name":"Viktor Sobiecki","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/person\/db7b63895c111dc8ed48df38d20b84ce"},"headline":"Basics of Android Malware Forensics","datePublished":"2016-04-19T14:39:40+00:00","dateModified":"2025-03-25T20:52:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/"},"wordCount":469,"publisher":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","articleSection":["Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/","url":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/","name":"Basics of Android Malware Forensics - Resources for Sextortion and Online Blackmail Victims","isPartOf":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#primaryimage"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","datePublished":"2016-04-19T14:39:40+00:00","dateModified":"2025-03-25T20:52:18+00:00","description":"Thousands of new malware types are created every month, so it becomes critical for any digital forensic examiner to have at least basic understanding of mali\u0421\u0403ious application analysis.","breadcrumb":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#primaryimage","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","width":600,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/basics-of-android-malware-forensics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.digitalforensics.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims","item":"https:\/\/www.digitalforensics.com\/blog\/software\/"},{"@type":"ListItem","position":3,"name":"Basics of Android Malware Forensics"}]},{"@type":"WebSite","@id":"https:\/\/www.digitalforensics.com\/blog\/#website","url":"https:\/\/www.digitalforensics.com\/blog\/","name":"Resources for Sextortion and Online Blackmail Victims","description":"","publisher":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.digitalforensics.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.digitalforensics.com\/blog\/#organization","name":"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims","url":"https:\/\/www.digitalforensics.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2024\/12\/df-logo.png","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2024\/12\/df-logo.png","width":393,"height":343,"caption":"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/DigitalForensicsCorp\/","https:\/\/x.com\/ForensicsCorp"]},{"@type":"Person","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/person\/db7b63895c111dc8ed48df38d20b84ce","name":"Viktor Sobiecki","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","caption":"Viktor Sobiecki"},"description":"Dr. Viktor Sobiecki currently serves as the Chief Technology Officer (CTO) at Digital Forensics Corporation, where responsibilities span the leadership of advanced cybersecurity initiatives, data breach incident responses, and corporate strategic planning. Professional career has been driven by the intersection of innovation and practical application, particularly in the domains of cybersecurity and cyber crime investigations. He holds a Ph.D. in Computer Science and has contributed extensively to academic and industry advancements through publications, patents, and technological solutions addressing complex real-world challenges. As a professional with over 25 years of experience in the fields of cybersecurity, artificial intelligence, and digital forensics his career spans roles in academic research, software development, corporate leadership, and expert consulting, giving me a comprehensive understanding of the technical, strategic, and practical dimensions of projects. Expertise spans a wide range of technical domains, including: \u2022 Data Breach Incident Response: Managing immediate responses to cybersecurity crises, including the containment and mitigation of threats \u2022 Corporate Strategy Development: Designing long-term strategies to enhance organizational resilience against emerging cyber threats. \u2022 Expert Testimony: Providing legal and technical expertise in high-profile cybersecurity cases. \u2022 Artificial Intelligence and Machine Learning: Designing and implementing algorithms for data analysis, pattern recognition, and anomaly detection. \u2022 Network Security and Data Integrity: Developing solutions to protect critical systems from cyber threats, including encryption protocols and intrusion detection systems. \u2022 Cloud Computing and Hybrid Infrastructures: Creating scalable, resilient architectures for data storage, processing, and security.","sameAs":["https:\/\/www.digitalforensics.com\/","https:\/\/www.linkedin.com\/in\/viktor-sobiecki\/"],"honorificPrefix":"Dr","jobTitle":"Chief Technology Officer (CTO)","worksFor":"Digital Forensics Corporation","url":"https:\/\/www.digitalforensics.com\/blog\/author\/visor\/"}]}},"_links":{"self":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/users\/126"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/comments?post=611"}],"version-history":[{"count":1,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/611\/revisions"}],"predecessor-version":[{"id":7882,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/611\/revisions\/7882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/media\/255"}],"wp:attachment":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/media?parent=611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/categories?post=611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/tags?post=611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}