Giter Club home page Giter Club logo

aft's Introduction

Android Forensic Toolkit

Android Forensic Toolkit allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone. It currently uses adb to pull the databases and photos from the phone and the rest of the processes are performed by python.

Prerequisites

Announcements

Nothing for now, but keep checking this space.

Forensic Artefacts

ArtefactStatusRemarks
AccountsImplementedPasswords are available as plaintext only till Android version 2.3, current versions have hashed passwords.
Browsing HistoryImplemented History only from the default browser, will add support for other browsers in later versions.
Browser bookmarksImplementedBookmarks only from the default browser, will add support for other browsers in later versions.
Search historyImplementedSearch history for searches done through Google.
Browser Saved PasswordsIn ProgressOnly supports the default browser for now
Call LogsIn Progress
SMS HistoryIn Progress
ContactsIn Progress
Social NetworksPlannedPlanned support for the default apps from Facebook, Twitter, Google+ and Foursquare
EmailPlanned Initial support only for the default email client.
The table will be updated with further details as and when I add a new functionality.

The databases extracted from the device will be present in the databases folder and can be viewed using SQLite Database Browser or SQLiteSpy (I personally prefer the SQLiteSpy as SQLite Database Browser hasn't been updated in a long time).

A detailed explanation on what each database contains will soon be available in the wiki.

Supported Devices

Tested only on Android virtual machines, has support upto Android version 2.3.6. Please message me with the devices you have been able to get this working on.

Bugs & Oddities

  • Python 2.7 comes with sqlite3 version 2.6.0 while Andriod 2.3.7 uses sqlite3 version 3.7.2, which causes it to return a "DatabaseError?: file is encrypted or is not a database" error. A workaround is to compile Python with the lastest version of SQLite Library. If anyone has suggestion, please feel free to log an issue with the solution.
  • Start the adb server separately (use adb start-server) before you use the script. Added code to check and start it automatically before rest of the code is executed but it doesn't seem to work.

Acknowledgements

The ADB implementation is from Ryan Brady's python-adb code.

aft's People

Contributors

agnivesh avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.