Saturday, February 27, 2016

Android File Monitoring

Lately I been doing some Android reversing so I have been trying to catch up on the latest Android tools. I immediately tried to find the SysInternal's tool equivalent on Android. Process monitor/File monitor/Registry monitor is a very powerfull anaytic tool that I use all the time on Windows.

Here is what I found for Android
  1. logcat
  2. strace
  3. application specific instrumentation/injection
  4. inotify/FileObserver - monitor specific file/directory for filesystem events
  5. systrace
  6. fsmon - monitor specific file/directory for filesystem events
Wanting to expand my search, I also looked at Linux
  1. auditd
  2. strace/ptrace/dtrace
  3. htop 
      • includes lsof
      • includes strace
      • includes perfmon
  4. top
  5. lsof
  6. inotify
  7. kprobes
  8. perf
  9. Monks- Procmon alternative for Linux - most promising for Linux

TLDR; so in conclusion I did not find anything that was a equivalent replacement for Android, the closest was Monks for Linux.

Please comment if I am missing something obvious.

If I see enough interest/page hits/comments, I will write one, I will probably write one any way ...

COMING SOON
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)