Drozer is a security and attack framework for Android. It allows you to perform penetration testing on the application installed on a phone by installing an agent on the device. You can download it from here.

Security is increasingly becoming a selling point for people, which means we are faced with more and more encrypted network connections, chats, and so on. As a result, we need to understand encryption implementations and identify possible ways to decrypt them. This book will not teach you to become a codebreaker, but it will introduce the basics of cryptography.

The usage of cloud storage are becoming a standard when examining computers, I have tried to list the locations of where you can find evidence of cloud storage on Windows.

Windows application compatibility database is used by Windows to identify possible application compatibility challenges when executing PE files. Execution files get shimmed as soon as they hit the disk. If the executable is moved, rename or modified, the executable gets re-shimmed by the system, adding new entries into shimcache database. Any executable that has existed on the system can be found in this key. It should be noted that it does not get instantly get written to the register. It only gets written to the database when the system reboots, until that it only lives within memory. AppCompatCache also stores the timestamp for when the file was last modified. When it comes to malware it can be used to track any executable that has hit the disk. Even if deleted, renamed, etc. the entry will still be there.

Key indicators for recognizing encryption algorithms:

The intelligence lifecycle is a high-level process that can be mapped to multiple sources, such as SIGINT, HUMINT, etc. It consists of six stages: