Android Connections Forensics
Switch branches/tags
Nothing to show
Clone or download
Latest commit 2754e02 Dec 15, 2015
Failed to load latest commit information.
metadata optimizations Dec 15, 2015
modules few fixes. Dec 15, 2015
utilities few fixes. Dec 15, 2015
LICENSE Initial commit Dec 9, 2015 usage fixes Dec 15, 2015 process owner choices Dec 15, 2015
requirements.txt Initial commit Dec 9, 2015

# Android Connections Forensics

This software enables a forensic investigator to map each connection to its originating process.

It doesn't require root privliges on the system, but do require adb & USB debugging.

Supported OS

ACF works currently only on Linux (Ubuntu 14.04)


git clone
cd ACF
pip install -r requirments.txt


Make sure you device is connected, usb debugging is enabled and authorized.

adb devices

To run Acf:

python -d [Device serial number]

Filter by process name match:

python -d [Device serial number] -f facebook

Filter by process owner:

python -d [Device serial number] -u user
python -d [Device serial number] -u system
python -d [Device serial number] -u root


ACF create 3 different output types:

  1. console output - live connections

  2. acm-log file - live connections

  3. metadata file - external IP's metadata results

acm-log example:

#Metadata Plugins Acf extract metadata to every external IP address.

Current Plugins:

  1. IP Info - geolocation, provider etc..

  2. IP Rep - alienvault ip blacklist database.

  3. VirusTotal - virustotal ip lookup.

  4. Whois

Contact Us

Itayk [ [ AT ] ]