# Android Connections Forensics
This software enables a forensic investigator to map each connection to its originating process.
It doesn't require root privliges on the system, but do require adb & USB debugging.
ACF works currently only on Linux (Ubuntu 14.04)
git clone https://github.com/CyberHatcoil/ACF.git
cd ACF
pip install -r requirments.txt
Make sure you device is connected, usb debugging is enabled and authorized.
adb devices
To run Acf:
python acf.py -d [Device serial number]
ACF create 3 different output types:
-
console output - live connections
-
acm-log file - live connections
-
metadata file - external IP's metadata results
acm-log example:
Itayk [ [ AT ] ]CyberHat.co.il