The Android Forensics project is a Windows-based application that will copy all of the data on your Android mobile device, to your system. Then the application will scan that information and return any data that it believes should be reviewed further. The scan provides information on call history, browser history, text messages, emails and much more. The motive behind creating this application is due to the rapid advancements in mobile device technology – particularly with how much data is now stored within them. The amount of information stored on a person’s phone is immense and manually parsing through all of that data is simply too inefficient for effective, thorough forensic analysis.
Software: Operating system: Windows
Installation :
Pre-installation:
– Java JDK must be installed.
Link: http://www.oracle.com/technetwork/articles/javase/index-jsp-138363.html
– Allow for the execution of power-shell scripts.
Run power-shell as administrator and run: Set-ExecutionPolicy Unrestricted
Then hit “Y” for yes.
Android device must be rooted.
Use:
1. Plug in Android device via USB.
2. Set device to USB debug mode.
3. Run Device_File_Puller.bat
This will grab all the files off of the device and save them to: phoneData\”Directory Provided”\
4. Run Get_Main_Files.ps1
This will move all the target files (in targets.csv) to the database directory.
5. Run Analyse_Data.bat
This will export all of the database information to text files. Along with searching for keywords in the files.
Location: output\”Directory Provided”\
Keywords:
Keywords can be added to the keywords.txt file in order to find additional words.The total number of words in the file needs to be provided at the top of the file.
Targets:
Targets can be added to the targets.csv file in order to add additional databases to the analyse program.
Interesting Files:
~\output\YOURDEVICENAME\browser\searches.txt ~\output\YOURDEVICENAME\contacts2\contacts.txt ~\output\YOURDEVICENAME\EmailProvider\HostAuth.txt ~\output\YOURDEVICENAME\EmailProvider\Message.txt ~\output\YOURDEVICENAME\EmailProviderBody\Body.txt ~\output\YOURDEVICENAME\CachedGeoposition\CachedGeoposition.txt ~\output\YOURDEVICENAME\fb\mailbox_messages.txt ~\output\YOURDEVICENAME\fb\friends_data.txt ~\output\YOURDEVICENAME\fb\mailbox_messages.txt ~\output\YOURDEVICENAME\item_cache\event.txt ~\output\YOURDEVICENAME\mmssms\sms.txt ~\output\YOURDEVICENAME\mmssms\threads.txt
Download : master.zip | git clone
AndroidForensicScanner is copyrighted by Jordan Rauscher and Tyler Filkins (2014).
