Skip to content

CyberSecurityUP/AvillaForensics

BranchesTags
Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

66 Commits
README.md
README.md
Β 
Β 

Repository files navigation

logo avilla 800

Avilla Forensics 3.0 (Soon translated version into English)

⭐️ Project description:

  • Free Mobile Forensics Tool that allows you to:
  1. Backup ADB.
  2. APK Downgrade in 15 Apps: WhatsApp (com.whatsapp), Telegram (org.telegram.messenger), Messenger (com.facebook.orca), ICQ (com.icq.mobile.client), Twitter (com.twitter.android), Instagram (com.instagram.android), Signal (org.thoughtcrime.securems), Linkdin (com.linkedin.android), Tiktok (com.zhiliaoapp.musically), Snapchat (com.snapchat.android), Tinder (com.tinder), Badoo (com.badoo.mobile), Mozilla Firefox (org.mozilla.firefox), Dropbox (com.drobox.android), Alibaba (com.alibaba.intl.android.apps.poseidon)).
  3. Parser Chats WhatsApp.
  4. Miscellaneous ADB collections: (System Properties (Full), Dumpsys (Full), Disktats (Disk Information), Android Geolocation Dump (Location Manager State), IMEI (01 ,02), S/N (Serial Number), Processes, TCP (Active Internet connections), Accounts (UserInfo), DUMP Wifi, DUMP Detailed Wifi, CPU Information, Memory Information, Display Information (WINDOW MANAGER DISPLAY CONTENTS), Resources, Resolution (Physical size), Screen Dump (.XML file), Dump Backup (Backup Manager is enabled), List Installed Third-Party Applications, List Native System Applications, Contacts, SMS, System Events, Active Users, Android Version, DB Info (Applications Database Info), On/Off History, LogCat, Space In Use Information, Carrier, Bluetooth (Bluetooth Status), Image File Location, Audio File Location, Video File Location, Face Recognition DUMP, Global Settings, Security Settings a, System Settings, Remove/Add PIN (Requires current PIN), DUMP ADB (ADB Connections), Reboot, Reboot Recovery Mode, Reboot Bootloader Mode, Reboot Fastboot Mode.
  5. Tracking, Downloading and Decryption of Whatsapp .ENC files.
  6. Contact List Search.
  7. Deleted WhatsApp Photos Avatars and Contacts.
  8. Decrypting WhatsApp Databases.
  9. Screenshots.
  10. Screen DUMP.
  11. Chat Capture.
  12. Automatic integration with IPED.
  13. Automatic integration with AFLogical.
  14. Automatic integration with Alias ​​Connector.
  15. Conversion from .AB to .TAR.
  16. Fast Scan and Real-time Transfer .
  17. Image Finder (Hash, Metadata, Geolocation, Plotting the location on Google Maps and Google Earch).
  18. Plotting (IN BATCHES) of the Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of the images.
  19. Installing and Uninstalling APKs via ADB.
  20. HASH Calculator.
  21. Android Folder Browser (PULL and PUSH).
  22. Device Mirroring.
  23. Instagram Data Scraping.
  24. Automatic integration with MVT-1.5.3.
  25. Access Through the Tool to JADX.
  26. Access Through the Tool to WhatsApp Viewer.
  27. Access Through the Tool to the BCV.
  28. Access Through the Tool to SQLStudio.
  29. PRUNE GPS Tool Access.

2022-04-16

πŸ•΅οΈ Functionalities:

πŸ€– Backup ADB:

  • Android default backup.

πŸ“± APK Downgrade in 15 Applications (Access to root files without the need for ROOT):

APKS

  • WhatsApp (com.whatsapp)

  • Telegram (org.telegram.messenger)

  • Messenger (com.facebook.orca)

  • ICQ (com.icq.mobile.client)

  • Twitter (com.twitter.android)

  • Instagram (com.instagram.android)

  • Signal (org.thoughtcrime.securems)

  • Linkdin (com.linkedin.android)

  • Tiktok (com.zhiliaoapp.musically)

  • Snapchat (com.snapchat.android)

  • Tinder (com.tinder)

  • Badoo (com.badoo.mobile)

  • Mozilla Firefox (org.mozilla.firefox)

  • Dropbox (com.drobox.android)

  • Alibaba (com.alibaba.intl.android.apps.poseidon)

  • Examples:

2022-04-02

Screenshot_20210621-140950

whats

files-whats

πŸ“± Caution:

atencao

  • The Backup Downgrade procedure in ANDROID 12 can damage the database

πŸ›  DOWNGRADE APK Test:

  • The tool does a test in a generic application (com.aplicacaoteste.apk) before starting the DOWNGRADE process in the target APP.
  • Tips: XIAOMI phones may come with USB protections, remove these protections without taking the device out of airplane mode by following the steps below:
  1. Enable developer options.
  2. Settings -> Additional Settings -> Disable MIUI optimizations
  3. Reset phone
  4. Settings -> Additional Settings -> Developer Options -> Allow USB Debugging
  5. Security (system app) -> Manage apps -> Permissions -> Gear icon (top right) -> Install via USB (true)
  6. Reset phone
  7. Settings -> Additional Settings -> Developer Options -> Enable USB Installation

πŸ’¬ (NEW) Parser Chats WhatsApp from NEW Database SCHEME:

  1. Select the Chats destination folder (Copy the "Media" folder in this same location).
  2. Select the folder: \com.whatsapp\f\Avatars
  3. Select the .DB file: \com.whatsapp\db\msgstore.db
  • New Schema (Table: message):
  • Fields:
  • _id, chat_row_id, from_me, key_id, sender_jid_row_id, status,broadcast, recipient_count, participant_hash, origination_flags, origin, timestamp received_timestamp, receipt_server_timestamp, message_type, text_data (Mensagens), starred, lookup_tables, message_add_on_flags, sort_id

2022-04-17 (5)

2022-04-17 (8)

chats

πŸ’¬ (NEW) Parser Chats WhatsApp from previous database schema:

  1. Select the Chats destination folder (Copy the "Media" folder in this same location).
  2. Select the folder: \com.whatsapp\f\Avatars
  3. Select the .DB file: \com.whatsapp\db\msgstore.db
  • Old Schema (Table: messages)
  • Fields:
  • _id, key_remote_jid, key_from_me, key_id, status, needs_push, data (Mensagens), timestamp, media_url, media_mime_type, media_wa_type, media_size, media_name, media_caption, media_hash, media_durationorigin, latitude, longitude, thumb_image, remote_resource, received_timestamp, send_timestamp, receipt_server_timestamp, receipt_device_timestamp, read_device_timestamp, played_device_timestamp, raw_data, recipient_count, participant_hash, starred, quoted_row_id, mentioned_jids, multicast_id, edit_version, media_enc_hash, payment_transaction_id, forwarded, preview_type, send_count, lookup_tables, future_message_type, message_add_on_flags.

2022-04-17

2022-04-17 (4)

πŸ“± Miscellaneous ADB collections in .TXT format:

  • System Properties (Full).
  • Dumpsys (Complete).
  • Disktats (Disk information).
  • Android Geolocation Dump (Location Manager State).
  • IMEI (01 .02).
  • Y/N (Serial Number).
  • Law Suit.
  • TCP (Active Internet connections).
  • Accounts (UserInfo).
  • DUMP Wifi.
  • Detailed Wifi DUMP.
  • CPU information.
  • Memory Information.
  • Display Information (WINDOW MANAGER DISPLAY CONTENTS).
  • Resources.
  • Resolution (Physical size).
  • Screen Dump (.XML file).
  • Dump Backup (Backup Manager is enabled).
  • List Installed Third-Party Applications.
  • List Native System Applications.
  • Contacts.
  • SMS.
  • System Events.
  • Active Users.
  • Android version.
  • DB Info (Applications Database Info).
  • On/Off History.
  • LogCat.
  • Space in Use Information.
  • Operator.
  • Bluetooth (Bluetooth Status).
  • Location of Image Files.
  • Location of Audio Files.
  • Location of Video Files.
  • Face Recognition DUMP
  • Global Settings.
  • Security Settings.
  • System Settings.
  • Remove/Add PIN (Requires current PIN).
  • DUMP ADB (Connections ADB).
  • Reboot.
  • Reboot Recovery Mode.
  • Reboot Bootloader Mode.
  • Reboot Fastboot Mode.

2022-04-03 (4)

  • Examples:
  • Dump ADB: ADB.txt, in this example we can check the last computer connected via ADB with the device:

ADBc

  • Dumpsys: dumpsys.txt, in addition to bringing thousands of device information, in this example we can check the uninstall date of an application:

delete

  • Note: The information can be in Unix Timestamp time format, use the link below to convert:
  • 1649374898421 (Unix Timestamp) = Thu Apr 07 2022 23:41:38 GMT+0000 (GMT)
  • https://www.unixtimestamp.com/

⚑️ (NEW) Tracking, Downloading and Decrypting Whatsapp .ENC Files:

2022-04-10

  • Generate the Script and run the generated .bat file.

"C:\Forensics\bin\whatsapp-media-decrypt\decrypt.py"

⚑️ (NEW) Contact List Search, Avatar Photos and Deleted WhatsApp Contacts:

  1. Select the folder: \com.whatsapp\f\Avatars
  2. Select .DB file: \com.whatsapp\db\wa.db

contatos

πŸ“ WhatsApp Database Decryption:

  • Crypt12.
  • Crypt14.

πŸ“Έ Screenshots, Screen DUMP and Chat Capture:

2022-04-03 (1)

2022-04-03 (2)

πŸš€ Automatic integration with IPED:

  • Indexing of folders, .zip, .tar, .dd, .ufdr.

2022-04-03 (3)

2022-04-03 (11)

πŸš€ Automatic integration with AFLogical OSE 1.5.2:

  • Performs the acquisition automatically without user intervention.
  • "C:\Forensics\bin\AFLogicalOSE152OSE.apk"

af

πŸš€ Automatic integration with Alias Connector:

  • Performs the acquisition automatically without user intervention.
  • "C:\Forensics\bin\com.alias.connector.apk"

alias

πŸ“ Conversion from .AB to .TAR:

  • Passworded ADB backups may take longer to convert.
  • Try not to put passwords in the backups requested in "ADB Backup" or "Downgrade", so you speed up the conversion process.
  • If this module doesn't work, try to add the "C:\Forensics" patch to the system variables

variaveis

β™» Fast Scan and Real-time Transfer:

  • Images: .jpg, .jpeg, .png, .psd, .nef, .tiff, .bmp, .tec, .tif, .webp
  • Videos: .aaf, .3gp, .asf, .avi, .m1v, .m2v, .m4v, .mp4, .mov, .mpeg, .mpg, .mpe, .mp4, .rm, .wmv, .mpv , .flv, .swf
  • Audios: .opus, .aiff, .aif, .flac, .wav, .m4a, .ape, .wma, .mp2, .mp1, .mp3, .aac, .mp4, .m4p, .m1a, .m2a , .m4r, .mpa, .m3u, .mid, .midi, .ogg
  • Archives: .zip, .rar, .7zip, .7z, .arj, .tar, .gzip, .bzip, .bzip2, .cab, .jar, .cpio, .ar, .gz, .tgz, .bz2
  • Databases: .db, .db3, .sqlite, .sqlite3, .backup (SIGNAL)
  • Documents: .htm, .html, .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, .pdf, .txt, .rtf
  • Executables: .exe, .msi, .cmd, .com, .bat, .reg, .scr, .dll, .ini, .apk

2022-04-03 (5)

πŸ”  Image Finder (Hash, Metadata, Geolocation, Plot location on Google Maps and Google Earch):

  • Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_01" to run the image search.

2022-03-31 (2)

2022-03-31 (3)

Video_1648769895.00_00_00-00_01_39.00_00_00-00_01_35.00_00_07-.mp4

πŸ“œ (NEW) Plot (BATCH) of Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of images:

  • Note: To plot the thumbnails along with the yellow points, download Google Earch Pro, if you plot on Google Earch Online, only the blue points will be plotted without the images.
  • Click on GENERATE KML to batch generate the geo.kml file

geo

2022-04-06

2022-04-10 (6)

2022-04-10 (8)

2022-04-10 (9)

πŸ›  Installing and Uninstalling APKs via ADB:

  • .APK files

⏳ HASH Calculator:

  • Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_02" to calculate the Hashs of the files.
  • Calculates the Hash of all files in an acquisition.
  • SHA-256.
  • SHA-1.
  • SHA-384.
  • SHA-512.
  • SHA-MD5.

2022-03-28 (9)

πŸ“± (NEW) Android Folder Browser (PULL and PUSH):

  • A Simple folder browser to PULL and PUSH files or folders.

2022-04-10 (1)

πŸŽ₯ Device Mirroring:

  • "C:\Forensics\bin\scrcpy"

espeçhamento

πŸš€ Instagram data scraping:

2022-04-03 (7)

πŸš€ Automatic integration with MVT-1.5.3:

  • "C:\Forensics\bin\mvt-1.5.3\mvt.bat"

mvt

πŸš€ Access Through the Tool to JADX (Dex to Java Decompiler):

  • "C:\Forensics\bin\jadx-1.2.0\jadx-gui-1.2.0-no-jre-win.exe"

πŸš€ Access Via Tool to WhatsApp Viewer:

  • "C:\Forensics\bin\WhatsAppViewer.exe"

πŸš€ Access Through the Tool to BCV (Byte Code Viewer):

  • "C:\Forensics\bin\bycodeviewer\GUI-ByteCode.bat"

πŸš€ Access Through the Tool to SQLStudio:

  • "C:\Forensics\bin\SQLiteStudio\SQLiteStudio.exe"

πŸš€ PRUNE GPS Tool Access:

  • "C:\Forensics\bin\gpsprune\GUI-GPSPrune.bat"

βš™οΈ Tool Prerequisites:

  • TECHNICAL knowledge of Forensics in Mobile Devices.
  • Minimal computer knowledge
  • Device with DEBUG mode activated.
  • Windows 10/11 with its proper updates.

βš™οΈ Prerequisites Third-Party Tools:

πŸ“‹ Trainings

Banner sympla Extração Lógica Avançada com Avilla Forensics

πŸ’» Installation Avilla Forensics 3.0

  • Self-executing tool, no installation required.
  • Run the "Avilla_Forensics.exe" file as administrator.
  • Run the tool from "C:".
  • Example: C:\Forensics".
  • Do not put spaces in the tool folder name.

πŸ’» Installing Third-Party Tools

Requires JAVA (https://www.java.com/pt-BR/):

  • IPED-3.18.12 "C:\Forensics\IPED-3.18.12_and_plugins" (Just install JAVA).
  • Bycode Viewer: "C:\Forensics\bin\bycodeviewer" (Just install JAVA).
  • Jadx-1.2.0: "C:\Forensics\bin\jadx-1.2.0" (Just install JAVA).
  • Backup Extractor: "C:\Forensics\backup_extractor" (Just install JAVA).
  • The Backup Extractor module (.AB to .TAR) may require you to add the "C:\Forensics" patch to the system variables.
  • GPS PRUNE "C:\Forensics\bin\gpsprune" (Just install JAVA).

Requires python (https://www.python.org/):

  • Instaloader: To install run the file "C:\Forensics\bin\instaloader-master\install_instaloader.bat" or:

pip install instaloader

  • MVT-1.5.3: To install run the file "C:\Forensics\bin\mvt-1.5.3\install_mvt.bat" or:

pip install mvt

  • Whacipher: To install run the file "C:\Forensics\bin\install_whacipher.bat" or:

pip install --upgrade -r requirements.txt

  • Whatsapp Media Decrypt: To install run the file "C:\Forensics\bin\install_wmd.bat" or:

pip install pycryptodome

🌐 Download

(NEW) v1_0_0_177 - 02/05/2022 (980 MB)

  • https://www.avillaforensics.com.br/forensics.zip
  • MD5: A24D7F943FB6D2EFD67C0C517383B915
  • SHA1: 913FDD2D5392BB9FF2487521843C4A2CF13CC59B
  • SHA256: AC02FE209C19F1D1C01BEB8E457A148E7C7820D3D5C1AB882FDB30F7DBA54E8F
  • SHA384: E8249466558B17CA365F8860CE839B3BF76F5F0FB67AE15CCB7DC3AF5B04C53FF5A070A7A6372475CBDD788F0237CD68
  • SHA512: B8CB81A365FBE3A962F71AE2986C683B4CA12AA8CAC5313E419DC11CCB9DB06B141022E1D06E13AC00690FC72D3C390110146F6A8BA

BRIEF IN ENGLISH

βš™οΈ Technologies used

  • C#.
  • Python.
  • Java.

πŸš€ License

  • Free Software.

πŸ€– Contacts

πŸ“± Ferramentas de terceiros inclusas no pacote

😎 Thanks

LogoGrandecopy

About

Avilla Forensics 3.0

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published