Because it is still in pre-alpha, there are alot of bugs. Please let me know if you run into any issues and I'll try my best to knock them out.
At this time, Python 2.7 is the primary supported implementation. This is primarily because Autopsy is still using Python 2.
######################################################################
### The name and the methodology stems from a need to be able to ###
### conduct larger scale Android forensics. This does not replace ###
### industry tools such as Cellebrite, etc but rather augments ###
### the analysis and data already collected. ###
######################################################################
######################################################################
### SYNOPSIS: Collection Starts Either Automated (In Autopsy) ###
### or manually (via CLI). Each script has it's own ###
### -h switch depending on what you want to do. ###
######################################################################
The core functionality of the tool requires the associated binaries to be in the ./ directory. Plan accordingly prior to running.
- Test software and script prior to using in a live enviorment
Each script is intended on being ran individually if required (i.e. APK Ripper can be ran as a stand alone script). However, the current intent is to run one of the following:
# YAAAAT_0_AUT.py // Autopsy Plugin (Currently in Active Development and Testing)
# YAAAAT_0_CLI.py // Command Line Version (Currently in Active Development and Testing)
# YAAAAT_0_WEB.py // Local webpage (Currently Being Developed)
# YAAAAT_0_GUI.py // Graphical User Interface (Planned)
Note: Store Binaries (And Their Associated DLLs/Files) In The Following Folder Structure:
# ./YAAAAT*.py
# ./win/
# ./win/strings.exe
# ./win/ssdeep.exe
# ./win/openssl.exe (and associated dlls)
# ./win/lib/(jadx classes)
# ./win/bin/jadx.bat
# ./win/bin/jadx.exe
# ./win/bin/yarac64.exe
# ./win/bin/yara64.exe
- Autopsy Plugin
- Core Functionality
[ ] Additional Indicing of Ripped Data
☒ Switches and Parametization
☒ Testing - GUI
- Core Functionality
- Python Ripper
- Decompile and Analysis Functionaliy
- ☒ APK decompilation and analysis
- ☒ JAR decompilation and analysis
- ☒ DEX decompilation and analysis
- ☒ CLASS decompilation and analysis
- ☒ XAPK decompilation and analysis
- ☒ SO decompilation and analysis
- OAT decompilation and analysis
- ELF decompilation and analysis
- vDEX/cDEX decompilation and analysis
- Testing
- ☒ APK decompilation and analysis
- GUI
- Decompile and Analysis Functionaliy
- Linux/Unix Python Script
- Decompile and Analysis Functionaliy
- APK decompilation and analysis
- OAT decompilation and analysis
- JAR decompilation and analysis
- DEX decompilation and analysis
- ELF decompilation and analysis
- CLASS decompilation and analysis
- XAPK decompilation and analysis
- vDEX/oDEX decompilation and analysis
- SO decompilation and analysis
- Testing
- APK decompilation and analysis
- GUI
- Decompile and Analysis Functionaliy
- ELK/Splunk Linkage Tool
- Core Functionality
- ELK Linkage
- SPLUNK Linkage
- Testing
- GUI
-
- - Completed
☒ - Partially Completed
- - Completed
-
- - Not Started
- Everything
When updating various binaries, ensure the name matches what is currently in the directory and copy over any associated files.
strings: https://docs.microsoft.com/en-us/sysinternals/downloads/strings
openssl: https://www.openssl.org/source/
jadx: https://github.com/skylot/jadx/releases
yara: https://github.com/VirusTotal/yara/releases
ssdeep: https://github.com/ssdeep-project/ssdeep