Πλαίσιο εξαγωγής και ανάλυσης Android με ενσωματωμένη ενότητα Autopsy. Απορρίψτε εύκολα δεδομένα χρήστη από μια device and generate strong reports for autopsies or external applications.
Specifications
-
Export user application data from an Android device with ADB (root and ADB required).
- Discard user data from an Android image or a mounted path.
-
Easily create sections for a specific Android application.
- Create clear and legible JSON reports.
-
Full built-in auto analysis compatibility (data source processor module, absorption module, reference unit, geographical location, communication and schedule support).
- Export HTML report based on the current case.
Prerequisites
Use
Scropt can be used directly in the terminal or as a module in Autopsy.
At the terminal
usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app Forensics Artefacts Analyzer positional arguments: app Application or package to be analyzedor optional arguments: -h, --help show this help message and exit -d DUMP [DUMP ...], --dump DUMP [DUMP ...] Analyze specific(s) dump(s) Report output path folder -a, --adb Dump app data directly from device with ADB -H, --html Generate HTML report
At Autopsy
- Download repository contents (zip).
- Autopsy -> Tools -> Python Plugins
-
Unzip the previously downloaded zip in the folder
python_modules
. -
Restart Autopsy, create a case, and select a module.
-
Set your module options in the Ingest Module window selector.
-
Make it click in the 'Generate Report' option to generate an HTML report.
Tested on
- Windows (primary)
- Linux
- Mac OS
Application snapshots
You can download the program from here.