AFFT v-0.0.1 released is a toolkit to automatically acquire and extract data from Android image dumps.

AFFT is a toolkit to automatically acquire and extract data from Android image dumps.

CURRENTLY SUPPORTED APPS :
+ Facebook (including Messenger)
+ Skype
+ Whatsapp
+ Gmail
+ SMS/MMS (regardless of app used)
+ AOSP Contacts
+ AOSP Dialler (Call log)

REQUIREMENTS
Host PC:
+ Linux OS (tested on Ubuntu 14.04)
+ SQLite3
+ ‘pv’ command
+ ADB, as distributed via the Google Android SDK. This must also be in your $PATH

Client Android device:
+ Must be rooted
+ Must have BusyBox installed
+ Must have USB Debug enabled

HOW TO INSTALL
Either install from the Debian package
or
Install dependencies and copy the contents of ‘afft-src’ to /opt/afft/

HOW TO USE :
1. Run /opt/afft/main.sh
2. Give the case a name. Case folders will appear in your home directory under ‘afft-cases’
3. Hook up your desired device, make sure it is in developer mode
4. Select Option 1 to image the device. Give the the name of the device’s drive/partition you want to image (usually mmcblk0)
5. Select Option 2 to try and mount the image partitions as read-only. If this fails or the partition mounts are incomplete, use option 4 then Option 5 and retry this step.
6. Select Option 3 to extract any data it can from the mounted images.

BUG-REPORTS
All contributions must be under the GPLv2 license (or compatible) to be considered for merging into mainline. Of particular importance are the following:
+ Phone compatibility reports patches – This is only tested on the Google Nexus 5 phone and Google Nexus 7 (2012 model) tablet. As many manufacturers diverge from stock Android, compatibility issues are of paramount concern.
+ Extractor scripts for particular apps, and any compatibility issues surrounding them (I have provide a template with instructions for writing your own scripts)

TO-DO
– Support for the full AOSP app stack
– Full Google Applications stack support (currently only Gmail is supported)
– Adapt the extraction scripts for use on removable media on the device itself (sans PC)
– Tinder Support
– Twitter Support
– Report generating via LaTeX

FAQ:

Any Windows or OSX support?
Only partial. The data extraction scripts will not work on either, the former due to a lack of loopback interfaces and the latter due to lack of EXT 2/3/4 support. Imaging should work fine so long as you have netcat-traditional and pv installed on the PC. All extracted data is presented in universal formats, so the data can be extracted using a Live-CD and then read on any OS.

Any chance of support for X app?
File a report and we will consider it. If the app is fairly popular and holds data potentially useful to an investigation (eg: Google Maps = yes, Sonic Dash = no) I will try to incorporate it into the program

This doesn’t work on phone/tablet X!
Leavea ticket on the Sourceforge page detailing the phone model, Android version and custom ROM name (if one is being used), and I will try my best to get it working.

Download :
afft-src.tar.gz (16. 7MB) https://github.com/AFFT-520/Android-Free-Forensic-Toolkit/blob/v0.01/afft-src.tar.gz?raw=true
afft.deb (16.1 MB) https://github.com/AFFT-520/Android-Free-Forensic-Toolkit/blob/v0.01/afft.deb?raw=true
Source : https://github.com/AFFT-520