Skip to content
Autopsy plugin to extract information from the 'Your Phone' Windows 10 App
Python HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bs4 Removed .class files Feb 7, 2019
db
mdgMod
.gitignore Git ignore Mar 7, 2019
LICENSE
README.md Updated README contacts Sep 24, 2019
YPAFI.py Compatibility with Autopsy's Communications Manager Sep 7, 2019
YPAReport.py
template_address_book.html
template_chats.html
template_photos.html
undark-LICENSE Rename undark-LICENSE.txt to undark-LICENSE Mar 18, 2019
undark.exe

README.md

YourPhoneAnalyzer

Autopsy plugin made to extract information from the 'Your Phone' Windows 10 App

Windows installation

  1. Download as ZIP directly from here
  2. Go to your Python Modules folder:
    1. Open Autopsy
    2. Tools > Python Plugins
  3. Unzip the downloaded ZIP inside the folder opened by Autopsy
  4. Restart or start Autopsy to compile all the libraries and files
  5. Open your case and run the YPA file ingest module
  6. Run the YPA Report Module with the desired options
  7. Open the report (HTML)

Cite

If you need to cite this work, please use the following reference:

Domingues, Patricio, Miguel Frade, Luis Miguel Andrade, and João Victor Silva. "Digital forensic artifacts of the Your Phone application in Windows 10." Digital Investigation (2019). https://www.sciencedirect.com/science/article/pii/S1742287619301239

Authors

YPA was developed by Luís Miguel Andrade, João Victor Silva, Patrício Domingues, and Miguel Frade.

If you have any suggestion or find any bug, please contact us or create an issue in this repository.

Contacts:

Luís Andrade - luis.m.andrade@outlook.com

João Silva - jvictor.reiss@gmail.com

Patrício Domingues - patricio.domingues@ipleiria.pt

Miguel Frade - miguel.frade@ipleiria.pt

Test data

If you wish to test the module before a real case, you have some dummy databases here: https://www.dropbox.com/s/t2p4q3pxe8jyaot/YourPhone_test_DB_datasource.zip?dl=0

Licenses

This module is licensed under GPL 3.0

This module uses a modified version of mdegrazia's SQLite-Deleted-Records-Parser (https://github.com/mdegrazia/SQLite-Deleted-Records-Parser) which is licensed under GPL 3.0

This module uses the binary form of Undark (https://github.com/inflex/undark). Undark's license can be located at the file undark-LICENSE

You can’t perform that action at this time.