SecurityWizardry.com - Recently Added Listings - Forensic Tools https://www.securitywizardry.com/ Fri, 29 Mar 2024 00:27:31 +0100 FeedCreator 1.7.3 Oxygen Forensic Detective https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-detective

Oxygen Forensic Detective is an all-in-one forensic software platform built to extract, decode, and analyze data from multiple digital sources: mobile and IoT devices, device backups, UICC and media cards, drones, and cloud services. Oxygen Forensic® Detective can also find and extract a vast range of artifacts, system files as well as credentials from Windows, macOS, and Linux machines.

The technologies deployed in Oxygen Forensic Detective include bypassing screen locks, locating passwords to encrypted backups, extracting and parsing data from secure applications and uncovering deleted data.

Multiple extractions can be investigated in a single interface to gain a complete picture of the data. By using the integrated industry-leading analytical tools to find social connections, build timelines, and categorize images, law enforcement, corporate investigators and other authorized personnel can help make this world a safer place.

Oxygen Forensic Detective is distributed in a USB dongle and is valid for a single user.

]]>
michelemjordan Thu, 26 Mar 2015 14:18:03 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-detective
MailXaminer https://www.securitywizardry.com/forensic-solutions/forensic-tools/mailxaminer

MailXaminer is a comprehensive email examination tool to carry out a thorough analysis of a bunch of emails and its header. With the help of this tool; forensicators can preview more than 20 email file types and perform advanced search operation within the email messages along with the associated attachments. MailXaminer also facilitates to bookmark, tag, mark as privilege and export the evidence being detected as important during the analysis.

Besides previewing and searching within the emails, you can also send the suspected emails to any other reviewer for further investigation through the smart review feature of MailXaminer. The cloud based review and team collaboration options makes MailXaminer a complete suite for the investigators to work on one case simultaneously; irrespective of their physical location.

]]>
michelemjordan Wed, 07 Jan 2015 13:10:20 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/mailxaminer
Process Monitor https://www.securitywizardry.com/forensic-solutions/forensic-tools/process-monitor Process monitor is a monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. it combines the features of two legacy Sysinternals utilites, Filemon, Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, event properties such session IDs and user names, process information, full thread stacks with integrated symbol support for each operation, simultatioeous logging to a file, and more.

]]>
michelemjordan Wed, 19 Nov 2014 14:38:30 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/process-monitor
Browser History Examiner https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-examiner

Browser History Examiner is a professional software tool for extracting, viewing and analysing internet history from the main desktop web browsers.

BHE can assist in various digital investigations such as civil & criminal digital forensics cases, security incidents, human resources investigations and general employee activity reporting.

Features:

  • Advanced Filtering - Find relevant data faster using a variety of filters such as keywords and date/time range.
  • Remote Data Capture - Automatically capture history from a remote Windows computer over a network.
  • Recover Deleted History - Recover deleted web browser history from Volume Shadow Copies.
  • Cached Image Gallery - Browse the images a user has viewed online using the built-in image gallery.
  • Cached Web Page Viewer - View web pages in the state they were originally seen by a user.
  • Search History - View search history from search engine, social media and ecommerce sites.
  • Email Addresses - View email addresses that are automatically extracted from the browser history.
  • URL Category Filter - Quickly determine if a user has visited Adult websites or known Malicious websites.
  • JSON Viewer - Examine JSON data stored within the browser cache or within external JSON files.
  • Report Builder and Data Export - Build PDF reports to highlight relevant data or export records to XLSX, CSV, HTML and more.
  • Time Zone and DST Configuration - Automatically convert all timestamps to your chosen time zone and DST rules.
]]>
michelemjordan Wed, 19 Nov 2014 14:32:06 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-examiner
Browser History Viewer https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-viewer

Browser History viewer is a free tool for extracting, viewing and analysing internet history from Firefox, Chrome and Internet Explorer web browsers.

Website visits are displayed alongside an interactive graph, showing how many sites have been visited over a particular time period. The website history can be filtered using keywords, date ranges or even the type of browser used.

]]>
michelemjordan Wed, 19 Nov 2014 14:29:29 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-viewer
Browser History Capturer https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-capturer

Browser History Capturer is a free tool that allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle to capture history from Firefox, Chrome and Internet Explorer web browsers.

The history files are copied to the chosen destination in their original format, allowing them to be analysed later using your tool of choice.

Supported web browsers:

  • Chrome
  • Edge 
  • Firefox
  • IE 10/11

 

]]>
michelemjordan Wed, 19 Nov 2014 14:27:27 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/browser-history-capturer
HashMyFiles https://www.securitywizardry.com/forensic-solutions/forensic-tools/hashmyfiles

HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashs of one or more files on your system. You can easily copy the MD5/SHA1 hashes list into the clopboard, or save them into text/html/xml file.

You are also able to launch HashMyFiles from the content menu of Windows Explorer, and display the file hashs.

]]>
michelemjordan Wed, 19 Nov 2014 14:20:18 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/hashmyfiles
HexBrowser https://www.securitywizardry.com/forensic-solutions/forensic-tools/hexbrowser

HexBrowser is a tool that identifies file types. It ignores file extensions, and focuses on the signatures that the file contains, so it is able to determine the exact type of file. It now recognises more than 1000 different file formats.

HexBrowser shows detailed information about each file type, or a hex/ text dump of the beginning of the file. For the sake of speed, only the first 12mb of the file is shown.

]]>
michelemjordan Wed, 19 Nov 2014 14:18:11 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/hexbrowser
FileLocator Pro https://www.securitywizardry.com/forensic-solutions/forensic-tools/filelocator-pro

Whether its a line of source code, an entry into a log file, a legal brief, or even a letter, FileLocator Pro helps you find things fast. It's features make it possible to dig out information in even the most obscure file formats.

Review highlighed keywords and surrounding text so you don't need to waste time opening each file looking for the right information.

]]>
michelemjordan Wed, 19 Nov 2014 14:10:13 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/filelocator-pro
Agent Ransack https://www.securitywizardry.com/forensic-solutions/forensic-tools/agent-ransack

Agent Ransack is a free file search tool for finding files on your PC or network drives. It has a Lite mode, which is FREE for both personal and commercial use but also a Professional mode that includes optional pay-for features.

First released in April 2000 the Agent Ransack desktop search app has been helping people find files for over 20 years.

Available Features:

  • Immediate results - found text is shown with highlighted keywords so you don’t need to waste time opening each file looking for the right information.

  • Boolean expressions - combine search terms using the familiar Boolean operators AND, OR, NOT.

  • Office formats - support for popular Office formats including Office 2010 and OpenOffice.

  • Perl regex - support for Perl compatible regular expressions.

  • 64-bit Version - natively compiled 64-bit version for improved compatibility.

  • Fast searching - highly efficient search algorithms mean that you spend less time waiting for results.

  • Printing and Exporting - results can be shared with others through reports, printing and exporting.

  • Corporate Version - for corporate environments we have a more ‘gentle’ branding of Agent Ransack called FileLocator Lite. It’s still free but just has a different name. See the FileLocator Lite page for more information.

  • Restricted Version - a ‘locked down’ version of Agent Ransack is available for environments where the end-user is not allowed to search their local PC. Please contact Sales for more information.

]]>
michelemjordan Wed, 19 Nov 2014 14:08:04 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/agent-ransack
Nuix Evidence Mover https://www.securitywizardry.com/forensic-solutions/forensic-tools/nuix-evidence-mover

Nuix Evidence Mover is designed to copy evidence files images from one storage location, to antoher. It creates a hash of the files before and after moving to ensure the data has been copied accurately, and to maintain the chain of custody.

]]>
michelemjordan Wed, 19 Nov 2014 14:02:57 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/nuix-evidence-mover
Mail Viewer https://www.securitywizardry.com/forensic-solutions/forensic-tools/mail-viewer

Viewer for standalone files containing Microsoft Outlook Express 4,5 and 6 message database (*.idx/*.mbx/*.dbx), Windows Vista Mail/Windows Live Mail and Mozilla Thunderbird message databases as well as standalone EML files.

This application is based on MiTeC Outlook Express Reader. It displays list of contained messages with all needed properties as ordinary e-mail client. Message can be viewed in detailed view including attachments (save ability) and HTML preview.

It has searching and filtering capability and also allows to extract all email address from all emails in opened folder to list by one click. Selected messages can be saved to *.eml files with or without their attachments. Attachments can be extracted from selected messages by one command. Of course, opened messages can be printed including images.

]]>
michelemjordan Wed, 19 Nov 2014 14:00:16 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/mail-viewer
Kernel Exchange EDB Viewer https://www.securitywizardry.com/forensic-solutions/forensic-tools/kernel-exchange-edb-viewer

Kernel Exhcnage EDB Viewer is an Exchange Mailbox viewer tool, that assists system administrators in opening EDB files even in the absence of MS Exchange Servers.

Now recover your corrupt exchange database files for free and review their entire contents present in various mailboxes. Each mailbox will be recovered completely with all the associated folders.

Benefits:

  • Dual scan modes to handle corrupt EDB files
  • View metadata/properties of the EDB items
  • Access EDB files through the network
  • Search for specific items in user mailboxes and public folders
  • Filter the mailbox data based on various criteria
  • Open any number of EDB files absolutely free of cost
  • Supports all Exchange versions including 2019
]]>
michelemjordan Wed, 19 Nov 2014 13:58:39 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/kernel-exchange-edb-viewer
Belkasoft Evidence Center Portable https://www.securitywizardry.com/forensic-solutions/forensic-tools/belkasoft-evidence-center-portable

Belkasoft X (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile and cloud forensics. It can help you to acquire and analyze a wide range of mobile devices, run various analytical tasks, perform case-wide searches, bookmark artifacts, and create reports.

EASY-TO-USE

Belkasoft Evidence Center X works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X deployment.

COMPREHENSIVE INVESTIGATIONS

Belkasoft Evidence Center X acquires, examines, analyzes, and presents digital evidence from major sources—computers, mobile devices, RAM and cloud services—in a forensically sound manner. If you need to share the case details with your colleagues, use a free-of-charge portable Evidence Reader.

QUICK AND SMART

While performing search tasks for evidence, Belkasoft Evidence Center X uses approaches that enable it to find the most forensically significant artifacts quickly instead of wasting time on redundant operations.

Powerful analytical features such as a connection graph, a timeline and advanced picture and video analysis help you to uncover facts rapidly.

SAVE YOUR TIME AND EFFORTS

Belkasoft X automates search tasks, and thus the product can run unattended, you can multitask and complete an investigation at a quick pace.

TAILORED TO YOUR NEEDS

You can select a product edition that suits your workflow, whether you are an expert in a digital forensic laboratory of a federal law enforcement agency or in a digital forensic and incident response consulting company, an investigator in a local or state police department, or a private practitioner.
Thanks to the flexible price structure you will find the product edition which perfectly fits your needs and budget.

TIME-PROVEN

Belkasoft Evidence Center X is based on the successful Belkasoft Evidence Center and encompasses many years of experience, a large amount of user feedback, and expert suggestions from numerous investigators from both a law enforcement and corporate world.

]]>
michelemjordan Wed, 19 Nov 2014 13:54:11 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/belkasoft-evidence-center-portable
Belkasoft Live RAM Capturer https://www.securitywizardry.com/forensic-solutions/forensic-tools/belkasoft-live-ram-capturer

Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory—even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool’s footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with Live RAM Analysis in Belkasoft Evidence Center.

Belkasoft Live RAM Capturer is compatible with 32-bit and 64-bit editions of Windows including XP, Vista, Windows 7/8/10/11, 2003 and 2008 Server. The tool does not require installation, and can be launched in seconds from a USB thumb drive.

]]>
michelemjordan Wed, 19 Nov 2014 13:48:31 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/belkasoft-live-ram-capturer
Forensic Acquisition of Websites https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-acquisition-of-websites

The first forensic browser able to quickly and easly capture web pages that are to be brought to trial in criminal and civil proceedings.

Acquisition of all websites
FAW acquires websites of any type: HTML5, CMS, static, dynamic, with frames, blogs, e-commerce, portals, social network, etc

Intranet acquisition
FAW can also acquire all the resources available from Intranet networks, such as IP Camera, Router configuration, Firewall, Switch and NAS.

Social Network acquisition
FAW allow access to any Social Network and aquires all of its contents.

]]>
michelemjordan Wed, 19 Nov 2014 13:45:47 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-acquisition-of-websites
AXIOM Cyber https://www.securitywizardry.com/forensic-solutions/forensic-tools/axiom-cyber

AXIOM Cyber is a robust digital forensics and incident response solution for businesses that need to perform remote acquisitions and collect & analyze evidence from computers, the cloud, and mobile devices.

Off-Network Collection
AXIOM Cyber enables you to quickly and covertly perform remote collections of Mac, Windows and Linux endpoints even when they aren’t connected to your corporate network. Remotely collected data is written to an AFF4-L forensically sound container.

Advanced Cloud Support
Collect data from corporate cloud storage services like AWS and Azure in addition to communication apps like Slack and Teams. Use Admin credentials to easily acquire from Office 365, G Suite, and Box to speed up investigations.

Case Intelligence
Powerful Analytics features like Timeline, Connections and Magnet.AI create actionable intelligence. AXIOM Cyber’s artifacts-first approach immediately presents the data needed to work through your case with ease and efficiency.

Support eDiscovery
Corporate forensic examiners have a seemingly endless list of tasks and responsibilities. Often one of those extra-curricular tasks is to perform collections that support eDiscovery. Use AXIOM Cyber to generate a load file that can be ingested by eDiscovery review platforms.

]]>
michelemjordan Wed, 19 Nov 2014 13:43:09 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/axiom-cyber
Encrypted Disk Detector https://www.securitywizardry.com/forensic-solutions/forensic-tools/encrypted-disk-detector

Encrypted Disk Detector is a command-line tool that can quickly, and non-intrusively, check for encrypted volumes on a computer system during incident response.

The decision can then be made to investigate further and determine whether a live acquisition needs to be made in order to secure and preserve the evidence that would otherwise be lost if the plug was pulled.

It checks the local physical drives on a system for TrueCrypt, PGP or BitLocker encrypted volumes. If no disk encryption isgnatures are found in the MBR, EDD also displays the OEM ID and, where applicable, the Volume Label for partitions on that drive, checking for BitLocker volumes.

]]>
michelemjordan Mon, 10 Nov 2014 08:47:35 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/encrypted-disk-detector
Triage-IR https://www.securitywizardry.com/forensic-solutions/forensic-tools/triage-ir

Triage-IR is a script written by Michael Ahrendt, which will collect system information, network information, registry hives, disk information and will also dump memory. One of the capabilities of Triage-IR is collecting information from Volume Shadow Copy which can defeat many anti-forensic techniques.

]]>
michelemjordan Wed, 05 Nov 2014 16:52:40 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/triage-ir
Oxygen Forensic Extractor for Clouds https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-extractor-for-clouds

Oxygen Forensic Extractor for Clouds is a forensic program that allows to extract data from cloud services and save it on PC in a readable format. Authentication is required to get access to the cloud data. A forensic expert needs to enter account credentials (login and password) and accept access to the cloud data.

Oxygen Forensic Extractor for Clouds enables to extract data from the following services:

  • Google services: Google contacts, Google calendars, Google Drive
  • Apple services: iCloud contacts, iCloud calendars
  • Microsoft services: Live contacts, Live calendars, OneDrive
  • Other services: Dropbox, Box, BitCasa
]]>
michelemjordan Mon, 03 Nov 2014 19:27:28 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-extractor-for-clouds
Oxygen Forensic Extractor https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-extractor

Oxygen Forensic Extractor offers OEM system builders and hardware manufacturers a unique opportunity to integrate a time-proven forensic acquisition system to their hardware-based solution without spending years developing in-house software. Oxygen Forensic® Extractor enables wired (USB) and wireless (Bluetooth) data acquisition from several thousand mobile devices running on all popular platforms.

Oxygen Forensic Extractor allows to extract:

  •     Common device information
  •     Contacts with all the fields and contact photos
  •     Missed/Outgoing/Incoming calls and Facetime calls
  •     Organizer data (meetings, appointments, memos, anniversaries, tasks, notes, etc.)
  •     SMS, MMS, iMessages, E-mails with attachments
  •     Device dictionary words
  •     Photos, videos, audio files and voice records
  •     Geo coordinates stored in camera snapshots
  •     Wi-Fi connections
  •     Device logs
  •     Passwords to the device owner accounts and WiFi hot spots
  •     400+ applications user data: Apple Maps, Booking.com, Facebook, Google+, PayPal, Safari,  Skype, Viber,  WhatsApp, etc.
]]>
michelemjordan Mon, 03 Nov 2014 19:13:14 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-extractor
Forensic Disk Decryptor https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-disk-decryptor

Perform the complete forensic analysis of encrypted disks and volumes protected with desktop and portable versions of BitLocker, PGP and TrueCrypt. Elcomsoft Forensic Disk Decryptor allows decrypting data from encrypted containers or mounting encrypted volumes, providing full forensic access to protected information stored in the three most popular types of crypto containers. Access to encrypted information is provided in real-time.

]]>
michelemjordan Thu, 30 Oct 2014 17:37:23 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-disk-decryptor
Phone Password Breaker https://www.securitywizardry.com/forensic-solutions/forensic-tools/phone-password-breaker

Elcomsoft Phone Password Breaker enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the iPhone 6 and iOS 8.

]]>
michelemjordan Thu, 30 Oct 2014 17:24:33 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/phone-password-breaker
Forensic Explorer https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-explorer

Forensic Explorer analysis software.

Suitable for new or experienced investigators, Forensic Explorer combines a flexible and easy to use GUI with advanced sort, filter, keyword search, data recovery and script technology. Quickly process large volumes of data, automate complex investigation tasks, produce detailed reports and increase productivity. Manage all aspects of the investigation, including:

  • File System Analysis
  • Keyword & Index Search
  • Live Boot Virtualization
  • Email
  • Registry
  • Report
]]>
michelemjordan Thu, 30 May 2013 10:21:25 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/forensic-explorer
Cellebrite UFED https://www.securitywizardry.com/forensic-solutions/forensic-tools/cellebrite-ufed

Lawfully access locked devices with ease
Bypass pattern, password or PIN locks and overcome encryption challenges quickly on popular Android and iOS devices

Support for the broadest range of devices
Collect data from mobile phones, drones, SIM Cards, SD cards, GPS devices and more

Delve deep to lawfully extract more data
Get the most data out of the digital devices with multiple data collection method

Enhance your extraction flow
Use selective collection to retrieve cloud tokens and select app data

Access to 40+ apps on Android devices
Gain lawful access to the data from a large number and variety of applications

]]>
michelemjordan Wed, 13 Feb 2013 12:07:00 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/cellebrite-ufed
MOBILedit Forensic https://www.securitywizardry.com/forensic-solutions/forensic-tools/mobiledit-forensic

MOBILedit Forensic is a phone extractor, data analyzer and report generator all in one solution. A powerful 64-bit application using both the physical and logical data acquisition methods, MOBILedit Forensic is excellent for advanced application analyzer, deleted data recovery, live updates, a wide range of supported phones including most feature phones, fine-tuned reports, concurrent phone processing, and easy-to-use user interface. With the password and PIN breaker, you can gain access to locked ADB or iTunes backups with GPU acceleration and multi-threaded operations for maximum speed.

MOBILedit Forensic offers maximum functionality at a fraction of the price of other tools. It can be used as the only tool in a lab or as an enhancement to other tools through its data compatibility. When integrated with Camera Ballistics it scientifically analyzes camera photo origins.

Main Features

  • Phone extractor with an extremely wide range of supported phones

  • Password breaker with GPU acceleration and multi-threaded operation for maximum speed

  • iTunes backup analyzer

  • Android ADB backup analyzer

  • Applications data analyzer

  • Photo Recognizer

  • Deleted data recovery

  • Cellebrite UFED data analyzer

  • Cellebrite UFED data generator

  • Oxygen data analyzer

  • Report generator

  • Security Bypassing

]]>
michelemjordan Thu, 03 May 2012 16:18:26 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/mobiledit-forensic
Oxygen Forensic Suite https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-suite Besides the general data extracted by similar products, Oxygen Forensic Suite can extract a lot of unique information

Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions) , SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model

]]>
michelemjordan Tue, 14 Feb 2012 17:35:05 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/oxygen-forensic-suite
android-apktool https://www.securitywizardry.com/forensic-solutions/forensic-tools/android-apktool

It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.

It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like.

]]>
michelemjordan Tue, 15 Nov 2011 18:45:05 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/android-apktool
Androguard https://www.securitywizardry.com/forensic-solutions/forensic-tools/androguard

 

Androguard (Android Guard) is a tool written in python to play with :

  • .class (Java virtual machine)
  • .dex (Dalvik virtual machine)
  • APK (Android application)
  • JAR (Java application)
  • Android's binary xml

 

Androguard has the following features :

  • Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
  • Native support of DEX code in a c++ library,
  • Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
  • Check if an android application is present in a database (malwares, goodwares ?),
  • Open source database of android malwares (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
  • Diffing of android applications,
  • Measure the efficiency of obfuscators (proguard, ...),
  • Determine if your application has been pirated (plagiarism/rip-off indicator),
  • Risk indicator of malicious application,
  • Reverse engineering of applications (goodwares, malwares),
  • Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
  • Patch JVM classes, add native library dependencies,
  • Dump the jvm process to find classes into memory,
  • Add a watermark into your application (in progress),
  • Classify android apks (in progress),
  • Protect your application against thefts on android market (in progress),
]]>
michelemjordan Tue, 08 Nov 2011 14:25:38 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/androguard
APKinspector https://www.securitywizardry.com/forensic-solutions/forensic-tools/apkinspector

A powerful tool for analyzers to analyze the Android malware samples manually.

 

The important features of our tool are listed as follows:

(1) Graph-based UI displaying control flow of the code.

(2) Links from graph view to source view.

(3) Function/Object - > Method list and filter.

(4) Strings list and Filter.

(5) Flow in/out from a given point.

(6) Function and variable renaming.

Additional features are:

(8) Syntax highlighting.

(9) Find the UI Dialog before trigger the suspicious API.

]]>
michelemjordan Tue, 01 Nov 2011 16:39:31 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/apkinspector
DroidBox https://www.securitywizardry.com/forensic-solutions/forensic-tools/droidbox

DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:

  • Hashes for the analyzed package
  • Incoming/outgoing network data
  • File read and write operations
  • Started services and loaded classes through DexClassLoader
  • Information leaks via the network, file and SMS
  • Circumvented permissions
  • Cryptographic operations performed using Android API
  • Listing broadcast receivers
  • Sent SMS and phone calls

Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.

]]>
michelemjordan Tue, 01 Nov 2011 16:31:54 +0100 https://www.securitywizardry.com/forensic-solutions/forensic-tools/droidbox
ARE - Android Reverse Engineering https://www.securitywizardry.com/forensic-solutions/forensic-tools/are-android-reverse-engineering A.R.E, the Android Reverse Engineering Virtual Machine.

This VirtualBox-ready VM includes the latest Android malware analysis tools as follows:

* Androguard

* Android sdk/ndk

* APKInspector

* Apktool

* Axmlprinter

* Ded

* Dex2jar

* DroidBox

* Jad

* Smali/Baksmali