Android extraction and analysis framework with built-in module Autopsy. Easily dump user data from a device and generate robust reports for autopsy or external applications.
Specifications
-
Export user application data from an Android device with ADB (root and ADB required).
- Discard user data from an Android image or a mounted path.
-
Easily create sections for a specific Android application.
- Create clear and legible JSON reports.
-
Full built-in auto analysis compatibility (data source processor module, absorption module, reference unit, geographical location, communication and schedule support).
- Export HTML report based on the current case.
Prerequisites
Use
Scropt can be used directly in the terminal or as a module in Autopsy.
At the terminal
usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app Forensics Artefacts Analyzer positional arguments: app Application or package to be analyzedor
At Autopsy
- Download repository contents (zip).
- Autopsy -> Tools -> Python Plugins
-
Unzip the previously downloaded zip in the folder
python_modules
. -
Restart Autopsy, create a case, and select a module.
-
Click 'Generate Report' to generate an HTML report.
Tested on
- Windows (primary)
- Linux
- Mac OS
Application snapshots
You can download the program from here.