Prepare a screen captured video recording with a brief description. Clearly demonstrate a command line window in which the hostname has been modified to your number (K2022830).

Analysis of Android Apps

SCENARIO
You are a member of an incident response team, and you have been asked to investigate the activities of a company employee, who is suspected of modifying Android APK files to ethnographically share sensitive company information with competitors. Your investigative activities are to be completed in three parts:

PART 1: Python Script – Search for an APK file. (31 marks)
Task 1: The suspect employee’s computer needs to be searched for all “.apk” files, in a manner that is forensically sound (e.g., you cannot simply use the operating system search features as this might change crucial evidence).
The hard drive of the suspect’s pc has been forensically imaged and mounted. You do not have access to a forensics tool. Therefore, you will need to write a single python script that will successfully deliver the following functions:

Accept a file name as an input. (Maximum 5 marks)
Search folders and subfolders for a given file name. (Maximum 11 marks)
Copy matched files to a folder called “investigate”. (Maximum 5 marks)

Task 2: Prepare a screen captured video recording with a short description. Your video recording should comply with the following: (Maximum 10 marks)
The video demonstration should be no longer than 2 minutes.

The recorded video must clearly demonstrate:
A command line window in which the hostname has been modified to your number (K2022830)

Your Python script accepting a search term as an input.

Your Python script processing a search that finds matched files.

Evidence that your Python script has copied matched files to a folder called “investigate”.

Upload the video demo on box and provide the link in the comments section of the submission page.

PART 2: Reverse Engineering – Modify an APK file (48 marks)
Your App is Screen Recorder – Record with Facecam and Audio:
https://m.apkpure.com/screen-recorder-record-with-facecam-and-audio/com.rec.screen/download?from=details

Task 1: Simulate the activities of the suspect employee, by reverse engineering your selected App and modifying the APK file as follow:
Change the logo (Maximum 7 marks)
Add an asset to the app that was not there before (Maximum 7 marks)
Wow factor: Make an additional change of your own choice (Maximum 12 marks)

Task 2: Recompile your selected App as an APK file, using a file name of your own choice. Deploy the App to a mobile device, emulator, or virtual machine and check that the App runs as expected. (Maximum 12 marks)

Task 3: Prepare a screen captured video recording with a brief description. Your video recording should comply with the following: (Maximum 10 marks)
The demonstration should be recorded in the form of a video, which must not be longer than 5 minutes.

The recorded video must demonstrate running versions of the original App and the changes made in the modified App. (Note: Use a voiceover to aid the viewer of your video).

Upload the video demo on box and provide the link in the comments section of the submission page.

Part 3: Static Analysis Investigation Report – MobSF (21 marks)
For the third part of this assessment, you must use the MobSF tool to analyse your original and modified APK files. You will create a Static Analysis Investigation Report that includes the following:

An appropriate title page that includes the coursework title, your name, number and module code. (Maximum 4 marks)

A MobSF generated static analysis report for each APK file. (Maximum 8 marks)

A table that summarises your interpretation of the MobSF reports for each APK file. The table should include entries for observed differences in each report that relate to the changes that were made in the modified APK file. (Maximum 7 marks)
Note maximum of 2 marks will be allocated for good presentation and clearly laid out content.

 

Prepare a screen captured video recording with a brief description. Clearly demonstrate a command line window in which the hostname has been modified to your number (K2022830).
Scroll to top