Android Connections Forensics
Python
Switch branches/tags
Nothing to show
Clone or download
Latest commit 2754e02 Dec 15, 2015
Permalink
Failed to load latest commit information.
metadata optimizations Dec 15, 2015
modules few fixes. Dec 15, 2015
utilities few fixes. Dec 15, 2015
LICENSE Initial commit Dec 9, 2015
README.md usage fixes Dec 15, 2015
acf.py process owner choices Dec 15, 2015
requirements.txt Initial commit Dec 9, 2015

README.md

# Android Connections Forensics

This software enables a forensic investigator to map each connection to its originating process.

It doesn't require root privliges on the system, but do require adb & USB debugging.

Supported OS

ACF works currently only on Linux (Ubuntu 14.04)

Installation

git clone https://github.com/CyberHatcoil/ACF.git
cd ACF
pip install -r requirments.txt

Usage

Make sure you device is connected, usb debugging is enabled and authorized.

adb devices

To run Acf:

python acf.py -d [Device serial number]

Filter by process name match:

python acf.py -d [Device serial number] -f facebook

Filter by process owner:

python acf.py -d [Device serial number] -u user
python acf.py -d [Device serial number] -u system
python acf.py -d [Device serial number] -u root

Output

ACF create 3 different output types:

  1. console output - live connections

  2. acm-log file - live connections

  3. metadata file - external IP's metadata results

acm-log example:

#Metadata Plugins Acf extract metadata to every external IP address.

Current Plugins:

  1. IP Info - geolocation, provider etc..

  2. IP Rep - alienvault ip blacklist database.

  3. VirusTotal - virustotal ip lookup.

  4. Whois

Contact Us

Itayk [ [ AT ] ]CyberHat.co.il