"What we have done for ourselves alone dies with us; what we have done for others and the world remains and is immortal." (Albert Pike)
- Finally, version 3.8 BETA of Avilla Forensics is available!
- With just over three years of existence, the tool has evolved remarkably, becoming indispensable for experts and users around the world.
- The big highlight of this version is its ability to deal with cases involving mobile devices that use newer operating systems, such as Android 14 and 15. Starting with this update, it is now possible to perform the APK Downgrade on Android 14. In addition, a advanced module that allows access to more storage regions, surpassing traditional collections.
- Another innovative feature is the possibility of performing data acquisition simultaneously on multiple devices, meeting complex demands that require this type of approach.
- Finally, version 3.8 brings the powerful Avilla App Full Extraction as a complement. With this tool, you can collect data from any application on the DATA partition, without the need for root access or APK Downgrade. The feature is even more robust by allowing the extraction of data from secondary profiles registered on the device.
- Downgrade support for over 400 apps.
Avilla Forensics is located in first place in the award international Forensics 4:Cast π₯π, in the tool category no commercial. Announcement made at the event from the SANS Institute.
Thanks for the votes, without you this would not be possible.
- ACADEMIA DE FORENSE DIGITAL - AFD:
- https://academiadeforensedigital.com.br/
- https://academiadeforensedigital.com.br/treinamentos/treinamento-de-avilla-forensics/ (Gravado)
-
Avilla Forensics is a free mobile forensic tool, launched in February 2021, designed to assist investigators in obtaining information and evidence from mobile devices.
-
Developed by SΓ£o Paulo State Police Officer Daniel Avilla, this tool enables logical data extraction and the conversion of backups to formats compatible with detailed forensic analyses, such as IPED software or Cellebrite Physical Analyser.
-
In version 3.7 of Avilla Forensics, numerous improvements and new functionalities for mobile data extraction and analysis were implemented. This update introduced an integrity system that generates AES-256 encrypted logs (.avilla), containing hashes of the collected files. In addition to encryption, the .avilla file features an HMAC signature, creating a second layer of protection for file integrity.
-
Version 3.7 significantly enhances the capabilities for data extraction and analysis, offering new integrity functionalities and advanced tools for handling backups and extracting app data. These improvements make the tool even more robust and effective for forensic investigations.
-
With features that allow interaction with mobile devices through the Android Debug Bridge (ADB) interface, Avilla Forensics offers a versatile tool that facilitates communication with the device.
-
Developed in C#, the tool is compatible and operates stably in Windows 10/11 environments, including their latest updates.
-
The main feature of the tool is the APK Downgrade module, which enables data collection from over 15 applications, making it an indispensable tool for forensic investigations.
-
The Avilla Forensics suite does not replace existing tools, but complements them, offering new additional possibilities.
-
From version 3.8 onwards, it is possible to perform APK Downgrade on Android 14.
-
Module that exploits vulnerabilities in Android 12 and 13, to collect data from applications located in the DATA region without the need for Root or Downgrade.
-
From version 3.8 onwards it is possible to collect data on multiple devices at the same time.
-
Avilla Forensics Webinar:Acquisition, Decryption and Parsing of SIGNAL (Version 7.23) with AVILLA SIGNAL EXTRACTION. With Prof. Daniel Avilla - Nov 2 2024 (https://www.youtube.com/watch?v=vKn0yCghE5E&t)
-
Avilla Forensics Webinar: Downgrade from Android 14 with Avilla Forensics 3.7.5. With Prof. Daniel Avilla - October 15th. 2024 - AFD (https://www.youtube.com/watch?v=08djLn5i440)
-
Avilla App Full Extraction: FORENSICS MOBILE - NEW EXTRACTION METHODS USING AVILLA FORENSICS AND AVILLA FULL APP + IPED - Oct 4 2024 - Emerson Borges (https://www.youtube.com/watch?v=MUmCNDRlroU)
-
Avilla App Full Extraction: Security Space collection of Xiaomi models - September 19th. 2024 - Daniel Avilla (https://www.youtube.com/watch?v=HrpAam6zRu0)
-
Avilla Forensics: WI-FI debugging and pairing with Avilla Forensics: - September 12th. 2024 - Daniel Avilla (https://www.youtube.com/watch?v=VoNf0baZa_g&t)
-
Avilla Forensics: WhatsApp Downgrade APK, for data collection, on a Moto G14 with Android 14: - September 11th. 2024 - Daniel Avilla (https://www.youtube.com/watch?v=zA_Fw8EsmQo)
-
Avilla Forensics: APK Downgrade of WhatsApp on Android 14 with the aim of collecting forensic data: - September 6th. 2024 - Daniel Avilla (https://www.youtube.com/watch?v=gELHf74AIhQ&t)
-
Avilla Forensics: Webinar: Avilla Forensics 3.7 - What's new? With Prof. Daniel Avilla - September 3rd. 2024 - AFD (https://www.youtube.com/watch?v=HHPptOdZLaA)
-
Avilla Forensics: Security in the palm of your hand: A meeting with Daniel Avilla to talk about Digital Forensics on Mobile Devices - July 4 2024 - Vincit College (https://www.youtube.com/watch?v=g8gJC1nUngM&t)
-
Avilla Forensics: What's New in the New Version - Broadcast live on April 23. 2024 - AFD (https://www.youtube.com/watch?v=H-rtMs3DgmM)
-
How to Simulate Applications using Avilla App Simulator (Step by Step Tutorial) - April 23. 2024 - By Wesley Rodrigo - AFD (https://youtu.be/3WNStFaztfc?si=7QUu5SFZ-eONvGRt)
-
Avilla Universal Whatsapp Extraction - January 5th. 2024 (https://youtu.be/jqF89Xyv-YA?si=OknE6Oo6MLaZCVUj)
-
Avilla App Simulator - April 6th. 2023 - AFD (https://www.youtube.com/live/6G4Y3_pk18A?si=Rww8JkobPh9bqKkI)
-
AVILLA FORENSICS 3.5 - March 17th. 2023 UCAPEM GROUP - (https://www.youtube.com/live/5ndIo1Kx8fk?si=RIKdix6wDkKVVLuj)
-
Signal Forensics: Data Extraction and Decryption on Signal - Nov 24th. 2022 - AFD (https://www.youtube.com/live/NezodJcGyQ4?si=0piGWLhHz1Xbf9hT)
-
MOBILE FORENSIC EXTRACTION - USING AVILLA FORENSICS SOFTWARE - LOGIC EXTRACTION AND APK DOWNGRADE - Aug 5 2022 - By Emerson Borges (https://youtu.be/KuSmct1Qa30?si=-D2LbqtkfORdcgfQ)
-
Automatic WhatsApp audio transcription with Avilla Forensics - Jul 6. 2022 - AFD (https://www.youtube.com/live/EyYayEqmpkE?si=Cdd8QfP1IcXehNti)
-
Android Forensics with Avilla Forensics - March 15th. 2022 - AFD (https://www.youtube.com/live/zQigjIIkBjQ?si=uanfwVUt33IqlWXt)
-
I have a passion for mobile digital forensics and the art of data extractions.
-
"The pursuit of truth and justice through science."
-
Daniel Avilla is a professor of Mobile Device Forensics at several renowned institutions, including the Digital Forensics Academy (AFD), UCAPEM GROUP in Ecuador, the Postgraduate Program in Digital Investigation at WB Educacional, Vincit College, and MM Forense. In addition to his academic role, Daniel serves as a Civil Police Officer in the State of SΓ£o Paulo and as Vice-Director of Technology at the National Association of Forensic Computing Experts (APECOF). He holds a degree in Systems Analysis and a postgraduate specialization in Computer Forensics. Daniel has advanced technical expertise in Mobile Devices and Advanced Extraction methods (such as Chip Off, EDL, and ISP), certified by the AFD. With a research career in technology dating back to 1998, he is the creator of Avilla Forensics β a free tool, widely recognized and internationally awarded, that enhances forensic acquisition on mobile devices.
-
"A busca da verdade e justiΓ§a pela ciΓͺncia."
-
Daniel Avilla Γ© professor de Forense em Dispositivos MΓ³veis em diversas instituiçáes renomadas, incluindo a Academia de Forense Digital (AFD), a UCAPEM GROUP no Equador, o curso de PΓ³s-Graduação em Investigação Digital da WB Educacional, a Faculdade Vincit e a MM Forense. AlΓ©m de seu papel acadΓͺmico, Daniel Γ© Agente de PolΓcia Civil no Estado de SΓ£o Paulo e atua como Vice-Diretor de Tecnologia na Associação Nacional dos Peritos em Computação Forense (APECOF). Formado em AnΓ‘lise de Sistemas e com especialização em PerΓcia Forense Computacional, Daniel possui expertise tΓ©cnica avanΓ§ada em Dispositivos MΓ³veis e mΓ©todos de Extração AvanΓ§ada (como Chip Off, EDL e ISP), certificada pela AFD. Com uma trajetΓ³ria de pesquisa em tecnologia iniciada em 1998, ele Γ© o criador da "Avilla Forensics" β uma ferramenta gratuita, amplamente reconhecida e premiada internacionalmente, que otimiza a aquisição forense em dispositivos mΓ³veis.
-
"La bΓΊsqueda de la verdad y la justicia a travΓ©s de la ciencia."
-
Daniel Avilla es profesor de Forense en Dispositivos MΓ³viles en varias instituciones reconocidas, incluidas la Academia de Forense Digital (AFD), UCAPEM GROUP en Ecuador, el Programa de Posgrado en InvestigaciΓ³n Digital de WB Educacional, la Facultad Vincit y MM Forense. AdemΓ‘s de su rol acadΓ©mico, Daniel se desempeΓ±a como Agente de PolicΓa Civil en el Estado de SΓ£o Paulo y como Vice-Director de TecnologΓa en la AsociaciΓ³n Nacional de Peritos en ComputaciΓ³n Forense (APECOF). Posee una licenciatura en AnΓ‘lisis de Sistemas y una especializaciΓ³n en Pericia Forense Computacional. Daniel cuenta con experiencia tΓ©cnica avanzada en Dispositivos MΓ³viles y mΓ©todos de ExtracciΓ³n Avanzada (como Chip Off, EDL e ISP), certificada por la AFD. Con una trayectoria de investigaciΓ³n en tecnologΓa que comenzΓ³ en 1998, es el creador de Avilla Forensics, una herramienta gratuita, ampliamente reconocida y premiada internacionalmente, que optimiza la adquisiciΓ³n forense en dispositivos mΓ³viles.
- https://www.linkedin.com/in/daniel-a-avilla-0987/
- https://www.instagram.com/perito_daniel_avilla
- daniel.avilla@policiacivil.sp.gov.br
-
SIZE: 5,18 GB
-
Hash Sha-256: 7efde76e307dd0853eb89032b4093be52b882715e2a6fd6c09fed6b9a6462dd6
-
Hash Sha-512: e0946d71a3b241bdece6ca8cbb370fee29fd43c0ecbcd96e7c95090342d7005952c2254629c4d0232d355df1893980d0f77b4ad3e72542a2be5f6cbf7db8e69c
-
Link 01: https://drive.google.com/file/d/1JD_aWeVIP_DkNbRJUZas8Em6wUpy-C2M/view?usp=sharing
-
Link 02: https://drive.google.com/file/d/1PTg2qKq27twdTKVWaz4C7v0JVSwVxqZW/view?usp=sharing
-
Atenção, descompacte a ferramenta em "C:\Forensics-3-8"
-
AtenciΓ³n, descomprime la herramienta "C:\Forensics-3-8"
-
Attention, unzip the tool in "C:\Forensics-3-8"
-
Para descompactar utilize o Winrar ou o 7-Zip.
-
Para descomprimir, use Winrar o 7-Zip.
-
To unzip, use Winrar or 7-Zip.
-
SIZE: 4,91 GB
-
Hash Sha-256: 622c51d3c5ea40266e9e8cb977a46949227a09602199567e9ef2ecf7d3653281
-
Hash Sha-512: d48cd0a38546d80cad2ae2303260921eb286763e19c93e4ea844d666703d068b1e55a67ff93ad7973c31304cd991e5e15b18b7f6939eb86cd24b507f01670ed9
-
Link 01: https://drive.google.com/file/d/1PZYhnVFpM391f9BSUxAV0pBZIJEN5ydo/view?usp=sharing
-
Atenção, descompacte em "C:\Forensics-3-8\down"
-
AtenciΓ³n, descomprime "C:\Forensics-3-8\down"
-
Attention, unzip in "C:\Forensics-3-8\down"
-
Para descompactar utilize o Winrar ou o 7-Zip.
-
Para descomprimir, use Winrar o 7-Zip.
-
To unzip, use Winrar or 7-Zip.
-
Source of apks: https://djangofaiola.blogspot.com/2024/10/happy-3rd-birthday-to-dfapkdngrader.html
Avilla Forensics - Copyright (C) 2024 β Daniel Hubscher Avilla
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.
- I have a passion for mobile digital forensics and the art of data extractions.
- Free Mobile Forensics Tool that allows you to:
- It is important that you take the training to ensure greater security and success in acquisitions without data loss (Brief training in the English language).
- Γ importante que vocΓͺ faΓ§a o treinamento para garantir maior seguranΓ§a e sucesso nas aquisiçáes sem perda de dados, veja no final da pΓ‘gina.
- Backup ADB.
- APK Downgrade in 15 Apps: WhatsApp (com.whatsapp), Telegram (org.telegram.messenger), Messenger (com.facebook.orca), ICQ (com.icq.mobile.client), Twitter (com.twitter.android), Instagram (com.instagram.android), Signal (org.thoughtcrime.securems), Linkdin (com.linkedin.android), Tiktok (com.zhiliaoapp.musically), Snapchat (com.snapchat.android), Tinder (com.tinder), Badoo (com.badoo.mobile), Mozilla Firefox (org.mozilla.firefox), Dropbox (com.drobox.android), Alibaba (com.alibaba.intl.android.apps.poseidon)).
- Parser Chats WhatsApp.
- (NEW) Whatsapp .opus audio transcription and transcription plot in CHATS HTML PARSER:
- Miscellaneous ADB collections: (System Properties (Full), Dumpsys (Full), Disktats (Disk Information), Android Geolocation Dump (Location Manager State), IMEI (01 ,02), S/N (Serial Number), Processes, TCP (Active Internet connections), Accounts (UserInfo), DUMP Wifi, DUMP Detailed Wifi, CPU Information, Memory Information, Display Information (WINDOW MANAGER DISPLAY CONTENTS), Resources, Resolution (Physical size), Screen Dump (.XML file), Dump Backup (Backup Manager is enabled), List Installed Third-Party Applications, List Native System Applications, Contacts, SMS, System Events, Active Users, Android Version, DB Info (Applications Database Info), On/Off History, LogCat, Space In Use Information, Carrier, Bluetooth (Bluetooth Status), Image File Location, Audio File Location, Video File Location, Face Recognition DUMP, Global Settings, Security Settings a, System Settings, Remove/Add PIN (Requires current PIN), DUMP ADB (ADB Connections), Reboot, Reboot Recovery Mode, Reboot Bootloader Mode, Reboot Fastboot Mode.
- Tracking, Downloading and Decryption of Whatsapp .ENC files.
- Contact List Search.
- Deleted WhatsApp Photos Avatars and Contacts.
- (NEW) Decrypting WhatsApp Databases Crypt 14/15
- Screenshots.
- Screen DUMP.
- Chat Capture.
- Automatic integration with IPED.
- (NEW) Access Through the Tool to IPED Tools.
- Automatic integration with AFLogical.
- Automatic integration with Alias Connector.
- Conversion from .AB to .TAR.
- Fast Scan and Real-time Transfer .
- Image Finder (Hash, Metadata, Geolocation, Plotting the location on Google Maps and Google Earch).
- Plotting (IN BATCHES) of the Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of the images.
- Installing and Uninstalling APKs via ADB.
- HASH Calculator.
- Android Folder Browser (PULL and PUSH).
- Device Mirroring.
- Instagram Data Scraping.
- General single copy
- Automatic integration with MVT-1.5.3.
- Access Through the Tool to JADX.
- Access Through the Tool to WhatsApp Viewer.
- Access Through the Tool to jExiftool GUI.
- Conversion of .csv/.txt files with GEOLIZATION information provided by court decisions into .KML for police investigations.
- Merge WhatsApp DATABASES
- IOS Data Extraction Module
- Android default backup.
-
WhatsApp (com.whatsapp)
-
Telegram (org.telegram.messenger)
-
Messenger (com.facebook.orca)
-
ICQ (com.icq.mobile.client)
-
Twitter (com.twitter.android)
-
Instagram (com.instagram.android)
-
Signal (org.thoughtcrime.securems)
-
Linkdin (com.linkedin.android)
-
Tiktok (com.zhiliaoapp.musically)
-
Snapchat (com.snapchat.android)
-
Tinder (com.tinder)
-
Badoo (com.badoo.mobile)
-
Mozilla Firefox (org.mozilla.firefox)
-
Dropbox (com.drobox.android)
-
Alibaba (com.alibaba.intl.android.apps.poseidon)
-
Examples:
- The tool does a test in a generic application (com.aplicacaoteste.apk) before starting the DOWNGRADE process in the target APP.
- Tips: XIAOMI phones may come with USB protections, remove these protections without taking the device out of airplane mode by following the steps below:
- Select the Chats destination folder (Copy the "Media" folder in this same location).
- Select the folder: \com.whatsapp\f\Avatars
- Select the .DB file: \com.whatsapp\db\msgstore.db
-
(NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.
-
(NEW) You can also transcribe the audios along with Whatsapp parser process.
-
New Schema (Table: message):
-
Fields:
-
_id, chat_row_id, from_me, key_id, sender_jid_row_id, status,broadcast, recipient_count, participant_hash, origination_flags, origin, timestamp received_timestamp, receipt_server_timestamp, message_type, text_data (Mensagens), starred, lookup_tables, message_add_on_flags, sort_id
- Select the Chats destination folder (Copy the "Media" folder in this same location).
- Select the folder: \com.whatsapp\f\Avatars
- Select the .DB file: \com.whatsapp\db\msgstore.db
-
(NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.
-
(NEW) You can also transcribe the audios along with Whatsapp parser process.
-
Old Schema (Table: messages)
-
Fields:
-
_id, key_remote_jid, key_from_me, key_id, status, needs_push, data (Mensagens), timestamp, media_url, media_mime_type, media_wa_type, media_size, media_name, media_caption, media_hash, media_durationorigin, latitude, longitude, thumb_image, remote_resource, received_timestamp, send_timestamp, receipt_server_timestamp, receipt_device_timestamp, read_device_timestamp, played_device_timestamp, raw_data, recipient_count, participant_hash, starred, quoted_row_id, mentioned_jids, multicast_id, edit_version, media_enc_hash, payment_transaction_id, forwarded, preview_type, send_count, lookup_tables, future_message_type, message_add_on_flags.
- In the "OPUS audio transcription" module you can transcribe one or thousands of audios at the same time.
- In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.
- You can also transcribe the audios along with Whatsapp parser process.
- Generate HTML report with transcribed texts, hash, contact linked to audio and chat linked to audio.
- System Properties (Full).
- Dumpsys (Complete).
- Disktats (Disk information).
- Android Geolocation Dump (Location Manager State).
- IMEI (01 .02).
- Y/N (Serial Number).
- Law Suit.
- TCP (Active Internet connections).
- Accounts (UserInfo).
- DUMP Wifi.
- Detailed Wifi DUMP.
- CPU information.
- Memory Information.
- Display Information (WINDOW MANAGER DISPLAY CONTENTS).
- Resources.
- Resolution (Physical size).
- Screen Dump (.XML file).
- Dump Backup (Backup Manager is enabled).
- List Installed Third-Party Applications.
- List Native System Applications.
- Contacts.
- SMS.
- System Events.
- Active Users.
- Android version.
- DB Info (Applications Database Info).
- On/Off History.
- LogCat.
- Space in Use Information.
- Operator.
- Bluetooth (Bluetooth Status).
- Location of Image Files.
- Location of Audio Files.
- Location of Video Files.
- Face Recognition DUMP
- Global Settings.
- Security Settings.
- System Settings.
- Remove/Add PIN (Requires current PIN).
- DUMP ADB (Connections ADB).
- Reboot.
- Reboot Recovery Mode.
- Reboot Bootloader Mode.
- Reboot Fastboot Mode.
- Examples:
- Dump ADB: ADB.txt, in this example we can check the last computer connected via ADB with the device:
- Dumpsys: dumpsys.txt, in addition to bringing thousands of device information, in this example we can check the uninstall date of an application:
- Note: The information can be in Unix Timestamp time format, use the link below to convert:
- 1649374898421 (Unix Timestamp) = Thu Apr 07 2022 23:41:38 GMT+0000 (GMT)
- https://www.unixtimestamp.com/
- Generate the Script and run the generated .bat file.
"C:\Forensics\bin\whatsapp-media-decrypt\decrypt.py"
- Select the folder: \com.whatsapp\f\Avatars
- Select .DB file: \com.whatsapp\db\wa.db
- Crypt14.
- Crypt15.
- "C:\Forensics\bin\IPEDTools\IPEDTools.exe"
- Performs the acquisition automatically without user intervention.
- "C:\Forensics\bin\AFLogicalOSE152OSE.apk"
- Performs the acquisition automatically without user intervention.
- "C:\Forensics\bin\com.alias.connector.apk"
- Passworded ADB backups may take longer to convert.
- Try not to put passwords in the backups requested in "ADB Backup" or "Downgrade", so you speed up the conversion process.
- If this module doesn't work, try to add the "C:\Forensics" patch to the system variables
- Images: .jpg, .jpeg, .png, .psd, .nef, .tiff, .bmp, .tec, .tif, .webp
- Videos: .aaf, .3gp, .asf, .avi, .m1v, .m2v, .m4v, .mp4, .mov, .mpeg, .mpg, .mpe, .mp4, .rm, .wmv, .mpv , .flv, .swf
- Audios: .opus, .aiff, .aif, .flac, .wav, .m4a, .ape, .wma, .mp2, .mp1, .mp3, .aac, .mp4, .m4p, .m1a, .m2a , .m4r, .mpa, .m3u, .mid, .midi, .ogg
- Archives: .zip, .rar, .7zip, .7z, .arj, .tar, .gzip, .bzip, .bzip2, .cab, .jar, .cpio, .ar, .gz, .tgz, .bz2
- Databases: .db, .db3, .sqlite, .sqlite3, .backup (SIGNAL)
- Documents: .htm, .html, .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, .pdf, .txt, .rtf
- Executables: .exe, .msi, .cmd, .com, .bat, .reg, .scr, .dll, .ini, .apk
- Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_01" to run the image search.
Video_1648769895.00_00_00-00_01_39.00_00_00-00_01_35.00_00_07-.mp4
π (NEW) Plot (BATCH) of Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of images:
- Note: To plot the thumbnails along with the yellow points, download Google Earch Pro, if you plot on Google Earch Online, only the blue points will be plotted without the images.
- Click on GENERATE KML to batch generate the geo.kml file
- .APK files
- Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_02" to calculate the Hashs of the files.
- Calculates the Hash of all files in an acquisition.
- SHA-256.
- SHA-1.
- SHA-384.
- SHA-512.
- SHA-MD5.
- A Simple folder browser to PULL and PUSH files or folders.
- "C:\Forensics\bin\scrcpy"
- If you have problems with "adb pull" or "adb backup", copy all files from the device in separate processes, copying one at a time.
- "C:\Forensics\bin\mvt-1.5.3\mvt.bat"
- "C:\Forensics\bin\jadx-1.2.0\jadx-gui-1.2.0-no-jre-win.exe"
- "C:\Forensics\bin\WhatsAppViewer.exe"
π± Conversion of .csv/.txt files with GEOLIZATION information provided by court decisions into .KML for police investigations.
- Plotting thousands of points on the map in seconds
- In this example below, more than 36 thousand points were plotted on the map
- Example data from .csv file: 2022-04-15T02:59:45.368Z,2022-04-15T02:59:45.368, (Latitude/Column 2) -23.7416538, (Longitude/Column 3) -46.5744873,15,WIFI,1663554331,ANDROID
- "C:\Forensics\bin\merge\merge_databases_exe\merge_databases.exe -lv"
- TECHNICAL knowledge of Forensics in Mobile Devices.
- Minimal computer knowledge
- Device with DEBUG mode activated.
- Windows 10/11 with its proper updates.
- JAVA (https://www.java.com/pt-BR/).
- PHYTON (https://www.python.org/).
- Extract the tool from "C:\Forensics-3-6".
- Do not put spaces in the tool folder name.
Requires JAVA (https://www.java.com/pt-BR/):
- Jadx-1.2.0: "C:\Forensics\bin\jadx-1.2.0" (Just install JAVA). (APACHE LICENSE)
- Backup Extractor: "C:\Forensics\backup_extractor" (Just install JAVA). (APACHE LICENSE)
- The Backup Extractor module (.AB to .TAR) may require you to add the "C:\Forensics" patch to the system variables.
Requires python (https://www.python.org/):
- WhatsApp-Crypt14-Crypt15-Decrypt: To install run the file "C:\Forensics\bin\WhatsApp-Crypt14-Crypt15-Decrypter-main\install-Decrypter.bat" or:
pip install -r requirements.txt
- Whatsapp-media-decrypt: To install run the file "C:\Forensics-3-5\bin\install_wmd.bat"
pip install pycryptodome
- CHAVE PIX: 3901d8ea-22ca-4ba8-a0fb-2615e5485b2c
- C#.
- Python.
- Java.
-
APACHE LICENSE
-
ADB: https://developer.android.com/tools/adb (APACHE LICENSE).
-
Jadx-1.2.0: https://github.com/skylot/jadx (Requer Java). (APACHE LICENSE).
-
Android Backup Extractor: https://github.com/nelenkov/android-backup-extractor (Requires Java). (APACHE LICENSE).
-
Instaloader: https://github.com/instaloader/instaloader (Requires Python). (APACHE LICENSE).
-
Screen Copy: https://github.com/Genymobile/scrcpy (APACHE LICENSE).
-
GNU GENERAL PUBLIC LICENSE
-
Libimobiledevice: https://github.com/libimobiledevice/libimobiledevice (GNU GENERAL PUBLIC LICENSE). (FormIOS.cs)
-
IPED: https://github.com/sepinf-inc/IPED (GNU GENERAL PUBLIC LICENSE)
-
IPED PARSERS: https://github.com/sepinf-inc/IPED/tree/master/iped-parsers/iped-parsers-impl/src/main/resources/iped/parsers/whatsapp https://github.com/tc-wleite (GNU GENERAL PUBLIC LICENSE). (WhatsParser.cs and WhatsParserAntigocs.cs)
-
IPEDTools: https://github.com/thiagofuer/IPEDTools_Releases/releases (GNU GENERAL PUBLIC LICENSE)
-
AFLogical OSE 1.5.2: https://github.com/nowsecure/android-forensics (GNU GENERAL PUBLIC LICENSE).
-
WhatsApp-Crypt14-Crypt15-Decrypter: https://github.com/ElDavoo/WhatsApp-Crypt14-Crypt15-Decrypter (Requires Python). (GNU GENERAL PUBLIC LICENSE). (FormDecript.cs)
-
SQLiteStudio: https://github.com/pawelsalawa/sqlitestudio (GNU GENERAL PUBLIC LICENSE).
-
jExifToolGUI: https://github.com/hvdwolf/jExifToolGUI (GNU GENERAL PUBLIC LICENSE).
-
GpsPrune: https://activityworkshop.net/software/gpsprune/ https://github.com/activityworkshop/GpsPrune (GNU GENERAL PUBLIC LICENSE).
-
Bytecode Viewer: https://github.com/Konloch/bytecode-viewer (GNU GENERAL PUBLIC LICENSE).
-
MIT LICENSE
-
ALEAPP: https://github.com/abrignoni/ALEAPP (MIT LICENSE).
-
iLEAPP: https://github.com/abrignoni/iLEAPP (MIT LICENSE).
-
Hashcat: https://hashcat.net/hashcat/ (MIT LICENSE).
-
Whatsapp-Viewer https://github.com/andreas-mausch/whatsapp-viewer (MIT LICENSE).
-
iTunes-Backup-Explorer: https://github.com/MaxiHuHe04/iTunes-Backup-Explorer (MIT LICENSE).
-
BSD LICENSE
-
Audio transcription: https://github.com/Uberi/speech_recognition (BSD LICENSE).
-
Freeware LICENSE
-
Alias Connector: http://www.newseg.seg.br/newseg/ (Freeware LICENSE).
-
Audio transcription: http://www.newseg.seg.br/newseg/ (Freeware LICENSE)
-
PUBLIC DOMAIN
-
Itunes_backup2hashcat: https://github.com/philsmd/itunes_backup2hashcat/ (PUBLIC DOMAIN).
-
UNDEFINED
-
Whatsapp-media-decrypt: https://github.com/sh4dowb/whatsapp-media-decrypt (Requires Python). (UNDEFINED).
-
Grep: https://git-scm.com/docs/git-grep. (UNDEFINED).