Android Forensics Tools

forensics

#android #forensics #tools

Android Forensics Tools

My personal compilation of tools for Android Forensics and Analysis. I will be extending this list.

ADB

Useful to interact with Android devices via the command line.

🔗 Download ADB

Commands:

adb devices                  # List connected devices
adb shell                   # Start shell on device
adb install .\app-debug.apk	# Install app
adb pull /sdcard/data.txt   # Copy file from device
adb push					# Ex (adb push .\frida-server-16.7.14-android-x86_64 /data/local/tmp/)
adb logcat                  # View device logs

LiME (Linux Memory Extractor)

Dumping volatile memory from Android devices.

🔗 LiME GitHub

Usage Example:

insmod lime.ko "path=/sdcard/mem.lime format=lime"

FTK Imager

To open and view a forensic image

🔗 FTK Imager Download

ALEAPP

Parses multiple artifact types (SMS, contacts, call logs, locations, apps, etc.) 🔗 ALEAPP GitHub

  1. Extract data from the Android device (e.g., using ADB or physical acquisition tools).
  2. Run ALEAPP on the extracted data folder:
python aleapp.py -i /path/to/extracted/data -o /path/to/output/report