Skip to content

apkqf (APK Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.

License

Notifications You must be signed in to change notification settings

penserbjorne/apkqf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

apkqf

apkqf (APK Quick Forensics) is an Android application to simplify the acquisition of relevant forensic data from Android devices. It is inspired on androidqf.

apkqf is intended to provide a simple utility to quickly acquire data from Android devices. It is similar in functionality to androidqf and mvt-android. However, contrary to androidqf and MVT, apkqf is designed to be easily run by non-tech savvy users as well.

How to use

  • Install the application from ToDo.
  • Press the RUN EXTRACTION button.
  • Wait a few minutes until the application ends the acquisition. It will depends on the amount of information on your device and the characteristics of it.
  • A .zip file will be created, share it with your technician of trust or save it on a secure platform.

The following data can be extracted:

  • A list of all packages installed and related distribution files.
  • The output of the dumpsys shell command, providing diagnostic information about the device.
  • The output of the getprop shell command, providing build information and configuration parameters.
  • All system settings.
  • The output of the ps shell command, providing a list of all running processes.
  • A backup of SMS and MMS messages.

Build

To build apkqf you will need Android Studio Electric Eel.

You need to clone the repository:

git clone https://github.com/penserbjorne/apkqf.git

Open the apkqf folder inside the repository with Android Studio.

On Android Studio you need to configure an emulator or a physical device. For more information you can read the Android Developer Documentation.

License

The purpose of apkqf is to facilitate the consensual forensic analysis of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want apkqf to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of apkqf (and any other software licensed the same) for the purpose of adversarial forensics.

In order to achieve this apkqf is released under MVT License 1.1, an adaptation of Mozilla Public License v2.0. This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any "Larger Work" derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed ("Data Owner").

About

apkqf (APK Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages