This project is designed to allow users to parse data from an Android Acquisition in an easy to examine manner
If you are looking to create an Android Acquisition from a physical or virtual device see https://github.com/chapinb/foroboto for an automated script.
Travis-CI Status:
Chapin Bryce @chapinb Preston Miller @pmiller91
- Python 2.7
- Pandas 0.15.2
- Sleuthkit (http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.3/ )
- Pytsk3
- LibEWF
On Windows, Anaconda-2.1.0 was used to install the Pandas Library **You may need to update the SQLite DLL as seen in #5 **
From the command line execute:
python anparser.py /path/to/evidence/ /output/directory/
Checkout the Wiki for additional information
Currently supported artifacts as of 2015-02-12:
- Android Browser bookmarks
- Android Browser accounts
- Android Browser preferences
- Android Browser user defaults
- Android Calendar
- Android Chrome cookies
- Android Chrome downloads
- Android Chrome history
- Android Contacts
- Android Downloads
- Android Emergencymode
- Android Gallery3d files
- Android Gallery3d picasa
- Android Logsprovider SMS logs
- Android Gmail accounts
- Android Media file listing
- Android SMS data
- Android Message threads
- Android Play Store account data
- Android Play Store library
- Android Play Store local apps
- Android Play Store suggestions
- Facebook Messenger contacts
- Facebook Messenger messages
- Facebook Messenger threads
- Google Docs accounts
- Google Docs collection
- Google Talk Accounts (Hangouts)
- Infraware Polaris contacts
- Infraware Polaris files & shared files
- Infraware Polaris messages
- Kik contacts
- Kik chat
- Samsung GalaxyFinder contents
- Samsung GalaxyFinder geotags
- Skype users
- Skype documents
- Skype conversations & calls
- Snapchat friends
- Snapchat chat
- Snapchat files
- TeslacoilSW all apps
- TeslacoilSW favorites
- Valve debug
- Valve friends
- Valve messages
- Venmo comments
- Venmo friends
- Venmo stories (transactions)
- Vlingo contacts
Currently supported output formats:
- CSV using
|as delimiter for stability - XLSX
Please add requests in the issues pane of Github. As of 2015-01-12 the features to be built include:
- XLSX
- HTML
- XML
- Android Browser
- Android Calendar
- Android Chrome
- Android Contacts
- Android Downloads
- Android EmergencyMode
- Android Gallery3d
- Android Gmail
- Android Locations
- Android Logsprovider
- Android Media
- Android MMS
- Android Telephony
- Android Vending
- Facebook Katana
- Facebook Orca
- Google Docs
- Google Plus
- Infraware Office (Polaris)
- Kik
- Samsung Galaxyfinder
- Skype
- Snapchat
- TeslacoilSW
- Valve Steam
- Venmo
- Vlingo
- Documentation for adding custom plugins
- Compiled executable for Windows
- Error Handling
- For reading input
- For writing output
- Unit tests