Forensics

Andriller CE (Community Edition) – A Comprehensive Guide To Mobile Forensics

Andriller – is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications.

Extraction and decoders produce reports in HTML and Excel formats.

Features

  • Automated data extraction and decoding
  • Data extraction of non-rooted without devices by Android Backup (Android versions 4.x, varied/limited support)
  • Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
  • Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (backup.ab files)
  • Selection of individual database decoders for Android apps
  • Decryption of encrypted WhatsApp archived databases (.crypt to .crypt12, must have the right key file)
  • Lockscreen cracking for Pattern, PIN, Password (not gatekeeper)
  • Unpacking the Android backup files
  • Screen capture of a device’s display screen

Python Requirements

  • 3.6-3.10 (64-bit version recommended)

It is highly advised to setup a virtual environment to install Andriller and its dependencies in it. However, it is not essential, and the global environment can also be used. Depending on how Python was setup, it may be needed to substitute python and pip to python3 and pip3 retrospectively for the instructions below.

Windows only: when installing Python from, make sure Add Python to PATH is ticked.

System Dependencies

  • adb
  • python3-tk

[Ubuntu/Debian] Install from Terminal:

sudo apt-get install android-tools-adb python3-tk

[Mac] Install from Homebrew:

brew install android-platform-tools

[Windows] : Included.

Installation (Recommended Way)

Create a virtual environment using Python 3:

python3 -m venv env

Activate the virtual environment (Linux/Mac):

source env/bin/activate

Activate the virtual environment (Windows):

.\env\Scripts\activate

Install Andriller with its Python dependencies (same command to upgrade it):

pip install andriller -U

Quick Start (Run GUI)

python -m andriller

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
6 months ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago