(NEW) Avilla Forensics 3.6

Avilla Forensics is located in first place in the award international Forensics 4:Cast 🥇🏆, in the tool category no commercial. Announcement made at the event from the SANS Institute.

Thanks for the votes, without you this would not be possible.

📋 Trainings (Portuguese) (Advanced Extraction with Avilla Forensics).

• ACADEMIA DE FORENSE DIGITAL - AFD:
• https://academiadeforensedigital.com.br/
• https://academiadeforensedigital.com.br/treinamentos/treinamento-de-avilla-forensics/ (26, 27, 28 e 29 de Fevereiro de 2024 das 19h às 23h)

📋 Webinars.

• Webinar:

• New Webinar: https://www.youtube.com/watch?v=H-rtMs3DgmM

• In this Webinar we will welcome our Professor and Civil Police Agent of SP, Daniel Avilla, who will share with us what is new about the new version of the Avilla Forensics tool.

• Prof. Daniel Avilla teaches the "Avilla Forensics – Official Training" and "Avilla Forensics Bootcamp" training courses at AFD, Civil Police Agent in the State of São Paulo, President of the Technology Development Committee for Mobile Forensics at APECOF, Graduate in Systems Analysis and Postgraduate in Computer Forensics and developer of the Avilla Forensics tool, a tool that allows the forensic acquisition of applications on any device, going beyond basic market tools.

• Prof. Avilla will share with us what's new about the new version of Avilla Forensics.

• In this episode, we'll talk about: ✅ What's new in Avilla Forensics? ✅ Who can have access to this tool? ✅ Live practical examples! ✅ And much more!

🤖 Contacts

• 
• https://www.linkedin.com/in/daniel-a-avilla-0987/
• https://www.instagram.com/perito_daniel_avilla
• [email protected]

🌐 Download

(NEW) Avilla Forensics 3.6

Download Setup-Forensics-3-6.exe:

• SIZE: 2,53 GB

• HASH SHA-256: 580653BB264CC3E3759FCA1FDED13CFD72D5DF7ADAB20C2DDCAC1D5817F1CD35

• Link 01: https://drive.google.com/u/0/uc?id=1t1FyltnAx2GpvsSMMyhV-nGSLYlBLlI4&export=download

• Link 02: https://drive.google.com/u/0/uc?id=1CpZ6I1H4nO5N_WjmkUqw3BpCMYaUkrU2&export=download

• Link 03: https://drive.google.com/u/0/uc?id=133SyqurFzFB-ClO0J84SXUzNC_tm_I1T&export=download

🚀 License

Avilla Forensics - Copyright (C) 2023 – Daniel Hubscher Avilla

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

⭐️ Project description:

• I have a passion for mobile digital forensics and the art of data extractions.
• Free Mobile Forensics Tool that allows you to:
• It is important that you take the training to ensure greater security and success in acquisitions without data loss (Brief training in the English language).
• É importante que você faça o treinamento para garantir maior segurança e sucesso nas aquisições sem perda de dados, veja no final da página.

1. Backup ADB.
2. APK Downgrade in 15 Apps: WhatsApp (com.whatsapp), Telegram (org.telegram.messenger), Messenger (com.facebook.orca), ICQ (com.icq.mobile.client), Twitter (com.twitter.android), Instagram (com.instagram.android), Signal (org.thoughtcrime.securems), Linkdin (com.linkedin.android), Tiktok (com.zhiliaoapp.musically), Snapchat (com.snapchat.android), Tinder (com.tinder), Badoo (com.badoo.mobile), Mozilla Firefox (org.mozilla.firefox), Dropbox (com.drobox.android), Alibaba (com.alibaba.intl.android.apps.poseidon)).
3. Parser Chats WhatsApp.
4. (NEW) Whatsapp .opus audio transcription and transcription plot in CHATS HTML PARSER:
5. Miscellaneous ADB collections: (System Properties (Full), Dumpsys (Full), Disktats (Disk Information), Android Geolocation Dump (Location Manager State), IMEI (01 ,02), S/N (Serial Number), Processes, TCP (Active Internet connections), Accounts (UserInfo), DUMP Wifi, DUMP Detailed Wifi, CPU Information, Memory Information, Display Information (WINDOW MANAGER DISPLAY CONTENTS), Resources, Resolution (Physical size), Screen Dump (.XML file), Dump Backup (Backup Manager is enabled), List Installed Third-Party Applications, List Native System Applications, Contacts, SMS, System Events, Active Users, Android Version, DB Info (Applications Database Info), On/Off History, LogCat, Space In Use Information, Carrier, Bluetooth (Bluetooth Status), Image File Location, Audio File Location, Video File Location, Face Recognition DUMP, Global Settings, Security Settings a, System Settings, Remove/Add PIN (Requires current PIN), DUMP ADB (ADB Connections), Reboot, Reboot Recovery Mode, Reboot Bootloader Mode, Reboot Fastboot Mode.
6. Tracking, Downloading and Decryption of Whatsapp .ENC files.
7. Contact List Search.
8. Deleted WhatsApp Photos Avatars and Contacts.
9. (NEW) Decrypting WhatsApp Databases Crypt 14/15
10. Screenshots.
11. Screen DUMP.
12. Chat Capture.
13. Automatic integration with IPED.
14. (NEW) Access Through the Tool to IPED Tools.
15. Automatic integration with AFLogical.
16. Automatic integration with Alias Connector.
17. Conversion from .AB to .TAR.
18. Fast Scan and Real-time Transfer .
19. Image Finder (Hash, Metadata, Geolocation, Plotting the location on Google Maps and Google Earch).
20. Plotting (IN BATCHES) of the Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of the images.
21. Installing and Uninstalling APKs via ADB.
22. HASH Calculator.
23. Android Folder Browser (PULL and PUSH).
24. Device Mirroring.
25. Instagram Data Scraping.
26. General single copy
27. Automatic integration with MVT-1.5.3.
28. Access Through the Tool to JADX.
29. Access Through the Tool to WhatsApp Viewer.
30. Access Through the Tool to jExiftool GUI.
31. Conversion of .csv/.txt files with GEOLIZATION information provided by court decisions into .KML for police investigations.
32. Merge WhatsApp DATABASES
33. IOS Data Extraction Module

🕵️ Functionalities:

🤖 Backup ADB:

• Android default backup.

📱 APK Downgrade in 15 Applications (Access to root files without the need for ROOT):

• WhatsApp (com.whatsapp)

• Telegram (org.telegram.messenger)

• Messenger (com.facebook.orca)

• ICQ (com.icq.mobile.client)

• Twitter (com.twitter.android)

• Instagram (com.instagram.android)

• Signal (org.thoughtcrime.securems)

• Linkdin (com.linkedin.android)

• Tiktok (com.zhiliaoapp.musically)

• Snapchat (com.snapchat.android)

• Tinder (com.tinder)

• Badoo (com.badoo.mobile)

• Mozilla Firefox (org.mozilla.firefox)

• Dropbox (com.drobox.android)

• Alibaba (com.alibaba.intl.android.apps.poseidon)

• Examples:

🛠 DOWNGRADE APK Test:

• The tool does a test in a generic application (com.aplicacaoteste.apk) before starting the DOWNGRADE process in the target APP.
• Tips: XIAOMI phones may come with USB protections, remove these protections without taking the device out of airplane mode by following the steps below:

💬 (NEW) Parser Chats WhatsApp from NEW Database SCHEME:

1. Select the Chats destination folder (Copy the "Media" folder in this same location).
2. Select the folder: \com.whatsapp\f\Avatars
3. Select the .DB file: \com.whatsapp\db\msgstore.db

• (NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.

• (NEW) You can also transcribe the audios along with Whatsapp parser process.

• New Schema (Table: message):

• Fields:

• _id, chat_row_id, from_me, key_id, sender_jid_row_id, status,broadcast, recipient_count, participant_hash, origination_flags, origin, timestamp received_timestamp, receipt_server_timestamp, message_type, text_data (Mensagens), starred, lookup_tables, message_add_on_flags, sort_id

💬 (NEW) Parser Chats WhatsApp from previous database schema:

1. Select the Chats destination folder (Copy the "Media" folder in this same location).
2. Select the folder: \com.whatsapp\f\Avatars
3. Select the .DB file: \com.whatsapp\db\msgstore.db

• (NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.

• (NEW) You can also transcribe the audios along with Whatsapp parser process.

• Old Schema (Table: messages)

• Fields:

• _id, key_remote_jid, key_from_me, key_id, status, needs_push, data (Mensagens), timestamp, media_url, media_mime_type, media_wa_type, media_size, media_name, media_caption, media_hash, media_durationorigin, latitude, longitude, thumb_image, remote_resource, received_timestamp, send_timestamp, receipt_server_timestamp, receipt_device_timestamp, read_device_timestamp, played_device_timestamp, raw_data, recipient_count, participant_hash, starred, quoted_row_id, mentioned_jids, multicast_id, edit_version, media_enc_hash, payment_transaction_id, forwarded, preview_type, send_count, lookup_tables, future_message_type, message_add_on_flags.

💬 (NEW) Whatsapp .opus audio transcription and transcription plot in CHATS HTML PARSER:

• In the "OPUS audio transcription" module you can transcribe one or thousands of audios at the same time.
• In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.
• You can also transcribe the audios along with Whatsapp parser process.
• Generate HTML report with transcribed texts, hash, contact linked to audio and chat linked to audio.

📱 Miscellaneous ADB collections in .TXT format:

• System Properties (Full).
• Dumpsys (Complete).
• Disktats (Disk information).
• Android Geolocation Dump (Location Manager State).
• IMEI (01 .02).
• Y/N (Serial Number).
• Law Suit.
• TCP (Active Internet connections).
• Accounts (UserInfo).
• DUMP Wifi.
• Detailed Wifi DUMP.
• CPU information.
• Memory Information.
• Display Information (WINDOW MANAGER DISPLAY CONTENTS).
• Resources.
• Resolution (Physical size).
• Screen Dump (.XML file).
• Dump Backup (Backup Manager is enabled).
• List Installed Third-Party Applications.
• List Native System Applications.
• Contacts.
• SMS.
• System Events.
• Active Users.
• Android version.
• DB Info (Applications Database Info).
• On/Off History.
• LogCat.
• Space in Use Information.
• Operator.
• Bluetooth (Bluetooth Status).
• Location of Image Files.
• Location of Audio Files.
• Location of Video Files.
• Face Recognition DUMP
• Global Settings.
• Security Settings.
• System Settings.
• Remove/Add PIN (Requires current PIN).
• DUMP ADB (Connections ADB).
• Reboot.
• Reboot Recovery Mode.
• Reboot Bootloader Mode.
• Reboot Fastboot Mode.

• Examples:
• Dump ADB: ADB.txt, in this example we can check the last computer connected via ADB with the device:

• Dumpsys: dumpsys.txt, in addition to bringing thousands of device information, in this example we can check the uninstall date of an application:

• Note: The information can be in Unix Timestamp time format, use the link below to convert:
• 1649374898421 (Unix Timestamp) = Thu Apr 07 2022 23:41:38 GMT+0000 (GMT)
• https://www.unixtimestamp.com/

⚡️ (NEW) Tracking, Downloading and Decrypting Whatsapp .ENC Files:

• Generate the Script and run the generated .bat file.

"C:\Forensics\bin\whatsapp-media-decrypt\decrypt.py"

⚡️ (NEW) Contact List Search, Avatar Photos and Deleted WhatsApp Contacts:

1. Select the folder: \com.whatsapp\f\Avatars
2. Select .DB file: \com.whatsapp\db\wa.db

(NEW) 📐 WhatsApp Database Decryption:

• Crypt14.
• Crypt15.

📸 Screenshots, Screen DUMP and Chat Capture:

🚀 (NEW) Access Through the Tool to IPED Tools.

• "C:\Forensics\bin\IPEDTools\IPEDTools.exe"

🚀 Automatic integration with AFLogical OSE 1.5.2:

• Performs the acquisition automatically without user intervention.
• "C:\Forensics\bin\AFLogicalOSE152OSE.apk"

🚀 Automatic integration with Alias Connector:

• Performs the acquisition automatically without user intervention.
• "C:\Forensics\bin\com.alias.connector.apk"

📐 Conversion from .AB to .TAR:

• Passworded ADB backups may take longer to convert.
• Try not to put passwords in the backups requested in "ADB Backup" or "Downgrade", so you speed up the conversion process.
• If this module doesn't work, try to add the "C:\Forensics" patch to the system variables

♻ Fast Scan and Real-time Transfer:

• Images: .jpg, .jpeg, .png, .psd, .nef, .tiff, .bmp, .tec, .tif, .webp
• Videos: .aaf, .3gp, .asf, .avi, .m1v, .m2v, .m4v, .mp4, .mov, .mpeg, .mpg, .mpe, .mp4, .rm, .wmv, .mpv , .flv, .swf
• Audios: .opus, .aiff, .aif, .flac, .wav, .m4a, .ape, .wma, .mp2, .mp1, .mp3, .aac, .mp4, .m4p, .m1a, .m2a , .m4r, .mpa, .m3u, .mid, .midi, .ogg
• Archives: .zip, .rar, .7zip, .7z, .arj, .tar, .gzip, .bzip, .bzip2, .cab, .jar, .cpio, .ar, .gz, .tgz, .bz2
• Databases: .db, .db3, .sqlite, .sqlite3, .backup (SIGNAL)
• Documents: .htm, .html, .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, .pdf, .txt, .rtf
• Executables: .exe, .msi, .cmd, .com, .bat, .reg, .scr, .dll, .ini, .apk

🔠 Image Finder (Hash, Metadata, Geolocation, Plot location on Google Maps and Google Earch):

• Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_01" to run the image search.

https://user-images.githubusercontent.com/102838167/161446333-ddcbe368-7b03-4090-b10c-5cd6f32ad023.mp4

📜 (NEW) Plot (BATCH) of Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of images:

• Note: To plot the thumbnails along with the yellow points, download Google Earch Pro, if you plot on Google Earch Online, only the blue points will be plotted without the images.
• Click on GENERATE KML to batch generate the geo.kml file

🛠 Installing and Uninstalling APKs via ADB:

• .APK files

⏳ HASH Calculator:

• Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_02" to calculate the Hashs of the files.
• Calculates the Hash of all files in an acquisition.
• SHA-256.
• SHA-1.
• SHA-384.
• SHA-512.
• SHA-MD5.

📱 (NEW) Android Folder Browser (PULL and PUSH):

• A Simple folder browser to PULL and PUSH files or folders.

🎥 Device Mirroring:

• "C:\Forensics\bin\scrcpy"

🚀 Instagram data scraping:

🚀 General single copy:

• If you have problems with "adb pull" or "adb backup", copy all files from the device in separate processes, copying one at a time.

🚀 Automatic integration with MVT-1.5.3:

• "C:\Forensics\bin\mvt-1.5.3\mvt.bat"

🚀 Access Through the Tool to JADX (Dex to Java Decompiler):

• "C:\Forensics\bin\jadx-1.2.0\jadx-gui-1.2.0-no-jre-win.exe"

🚀 Access Via Tool to WhatsApp Viewer:

• "C:\Forensics\bin\WhatsAppViewer.exe"

📱 Conversion of .csv/.txt files with GEOLIZATION information provided by court decisions into .KML for police investigations.

• Plotting thousands of points on the map in seconds
• In this example below, more than 36 thousand points were plotted on the map
• Example data from .csv file: 2022-04-15T02:59:45.368Z,2022-04-15T02:59:45.368, (Latitude/Column 2) -23.7416538, (Longitude/Column 3) -46.5744873,15,WIFI,1663554331,ANDROID

(NEW) 📱 Merge WhatsApp DATABASES:

• "C:\Forensics\bin\merge\merge_databases_exe\merge_databases.exe -lv"

⚙️ Tool Prerequisites:

• TECHNICAL knowledge of Forensics in Mobile Devices.
• Minimal computer knowledge
• Device with DEBUG mode activated.
• Windows 10/11 with its proper updates.

⚙️ Prerequisites Third-Party Tools:

• JAVA (https://www.java.com/pt-BR/).
• PHYTON (https://www.python.org/).

💻 Installation Avilla Forensics 3.6

• Extract the tool from "C:\Forensics-3-6".
• Do not put spaces in the tool folder name.

💻 Installing Third-Party Tools

Requires JAVA (https://www.java.com/pt-BR/):

• Jadx-1.2.0: "C:\Forensics\bin\jadx-1.2.0" (Just install JAVA). (APACHE LICENSE)
• Backup Extractor: "C:\Forensics\backup_extractor" (Just install JAVA). (APACHE LICENSE)
• The Backup Extractor module (.AB to .TAR) may require you to add the "C:\Forensics" patch to the system variables.

Requires python (https://www.python.org/):

• WhatsApp-Crypt14-Crypt15-Decrypt: To install run the file "C:\Forensics\bin\WhatsApp-Crypt14-Crypt15-Decrypter-main\install-Decrypter.bat" or:

pip install -r requirements.txt

• Whatsapp-media-decrypt: To install run the file "C:\Forensics-3-5\bin\install_wmd.bat"

pip install pycryptodome

🚀 Donate:

• CHAVE PIX: 3901d8ea-22ca-4ba8-a0fb-2615e5485b2c

⚙️ Technologies used

• C#.
• Python.
• Java.

📱 Third-party tools included in the package

• APACHE LICENSE

• ADB: https://developer.android.com/tools/adb (APACHE LICENSE).

• Jadx-1.2.0: https://github.com/skylot/jadx (Requer Java). (APACHE LICENSE).

• Android Backup Extractor: https://github.com/nelenkov/android-backup-extractor (Requires Java). (APACHE LICENSE).

• Instaloader: https://github.com/instaloader/instaloader (Requires Python). (APACHE LICENSE).

• Screen Copy: https://github.com/Genymobile/scrcpy (APACHE LICENSE).

• GNU GENERAL PUBLIC LICENSE

• Libimobiledevice: https://github.com/libimobiledevice/libimobiledevice (GNU GENERAL PUBLIC LICENSE). (FormIOS.cs)

• IPED: https://github.com/sepinf-inc/IPED (GNU GENERAL PUBLIC LICENSE)

• IPED PARSERS: https://github.com/sepinf-inc/IPED/tree/master/iped-parsers/iped-parsers-impl/src/main/resources/iped/parsers/whatsapp https://github.com/tc-wleite (GNU GENERAL PUBLIC LICENSE). (WhatsParser.cs and WhatsParserAntigocs.cs)

• IPEDTools: https://github.com/thiagofuer/IPEDTools_Releases/releases (GNU GENERAL PUBLIC LICENSE)

• AFLogical OSE 1.5.2: https://github.com/nowsecure/android-forensics (GNU GENERAL PUBLIC LICENSE).

• WhatsApp-Crypt14-Crypt15-Decrypter: https://github.com/ElDavoo/WhatsApp-Crypt14-Crypt15-Decrypter (Requires Python). (GNU GENERAL PUBLIC LICENSE). (FormDecript.cs)

• SQLiteStudio: https://github.com/pawelsalawa/sqlitestudio (GNU GENERAL PUBLIC LICENSE).

• jExifToolGUI: https://github.com/hvdwolf/jExifToolGUI (GNU GENERAL PUBLIC LICENSE).

• GpsPrune: https://activityworkshop.net/software/gpsprune/ https://github.com/activityworkshop/GpsPrune (GNU GENERAL PUBLIC LICENSE).

• Bytecode Viewer: https://github.com/Konloch/bytecode-viewer (GNU GENERAL PUBLIC LICENSE).

• MIT LICENSE

• ALEAPP: https://github.com/abrignoni/ALEAPP (MIT LICENSE).

• iLEAPP: https://github.com/abrignoni/iLEAPP (MIT LICENSE).

• Hashcat: https://hashcat.net/hashcat/ (MIT LICENSE).

• Whatsapp-Viewer https://github.com/andreas-mausch/whatsapp-viewer (MIT LICENSE).

• iTunes-Backup-Explorer: https://github.com/MaxiHuHe04/iTunes-Backup-Explorer (MIT LICENSE).

• BSD LICENSE

• Audio transcription: https://github.com/Uberi/speech_recognition (BSD LICENSE).

• Freeware LICENSE

• Alias Connector: http://www.newseg.seg.br/newseg/ (Freeware LICENSE).

• Audio transcription: http://www.newseg.seg.br/newseg/ (Freeware LICENSE)

• PUBLIC DOMAIN

• Itunes_backup2hashcat: https://github.com/philsmd/itunes_backup2hashcat/ (PUBLIC DOMAIN).

• UNDEFINED

• Whatsapp-media-decrypt: https://github.com/sh4dowb/whatsapp-media-decrypt (Requires Python). (UNDEFINED).

• Grep: https://git-scm.com/docs/git-grep. (UNDEFINED).

😎 Thanks