AFFT v-0.0.1 released is a toolkit to automatically acquire and extract data from Android image dumps.
AFFT is a toolkit to automatically acquire and extract data from Android image dumps.
CURRENTLY SUPPORTED APPS :
+ Facebook (including Messenger)
+ SMS/MMS (regardless of app used)
+ AOSP Contacts
+ AOSP Dialler (Call log)
+ Linux OS (tested on Ubuntu 14.04)
+ ‘pv’ command
+ ADB, as distributed via the Google Android SDK. This must also be in your $PATH
Client Android device:
+ Must be rooted
+ Must have BusyBox installed
+ Must have USB Debug enabled
HOW TO INSTALL
Either install from the Debian package
Install dependencies and copy the contents of ‘afft-src’ to /opt/afft/
HOW TO USE :
1. Run /opt/afft/main.sh
2. Give the case a name. Case folders will appear in your home directory under ‘afft-cases’
3. Hook up your desired device, make sure it is in developer mode
4. Select Option 1 to image the device. Give the the name of the device’s drive/partition you want to image (usually mmcblk0)
5. Select Option 2 to try and mount the image partitions as read-only. If this fails or the partition mounts are incomplete, use option 4 then Option 5 and retry this step.
6. Select Option 3 to extract any data it can from the mounted images.
All contributions must be under the GPLv2 license (or compatible) to be considered for merging into mainline. Of particular importance are the following:
+ Phone compatibility reports patches – This is only tested on the Google Nexus 5 phone and Google Nexus 7 (2012 model) tablet. As many manufacturers diverge from stock Android, compatibility issues are of paramount concern.
+ Extractor scripts for particular apps, and any compatibility issues surrounding them (I have provide a template with instructions for writing your own scripts)
– Support for the full AOSP app stack
– Full Google Applications stack support (currently only Gmail is supported)
– Adapt the extraction scripts for use on removable media on the device itself (sans PC)
– Tinder Support
– Twitter Support
– Report generating via LaTeX
Any Windows or OSX support?
Only partial. The data extraction scripts will not work on either, the former due to a lack of loopback interfaces and the latter due to lack of EXT 2/3/4 support. Imaging should work fine so long as you have netcat-traditional and pv installed on the PC. All extracted data is presented in universal formats, so the data can be extracted using a Live-CD and then read on any OS.
Any chance of support for X app?
File a report and we will consider it. If the app is fairly popular and holds data potentially useful to an investigation (eg: Google Maps = yes, Sonic Dash = no) I will try to incorporate it into the program
This doesn’t work on phone/tablet X!
Leavea ticket on the Sourceforge page detailing the phone model, Android version and custom ROM name (if one is being used), and I will try my best to get it working.
afft-src.tar.gz (16. 7MB) https://github.com/AFFT-520/Android-Free-Forensic-Toolkit/blob/v0.01/afft-src.tar.gz?raw=true
afft.deb (16.1 MB) https://github.com/AFFT-520/Android-Free-Forensic-Toolkit/blob/v0.01/afft.deb?raw=true
Source : https://github.com/AFFT-520