Andriller is a software utility designed for Android digital forensics, providing a collection of tools for read-only, forensically sound, and non-destructive data acquisition from mobile devices. It is widely used for extracting and analyzing data from Android phones and, in some cases, iOS and Windows devices. Here is a detailed breakdown of Andriller: Core Features and Capabilities
Automated Data Extraction: It extracts data from non-rooted devices using Android Backup (primarily Android versions 4.x, with limited support for others) and supports devices with root access.
Lockscreen Cracking: Includes tools to crack PIN, Password, or Pattern lock screens.
Decoders for App Data: Contains custom decoders to parse and decode app databases (e.g., communications).
WhatsApp Decryption: Capable of decrypting encrypted WhatsApp archived databases (.crypt to .crypt12 files), provided the right key file is obtained.
Data Parsing: Parses and decodes folder structures, tarball files from Nandroid backups, and android backup (.ab) files. Reporting: Generates reports in HTML and Excel formats. Key Components
Andriller CE (Community Edition): A free version of the software accessible via GitHub.
Extraction (USB): A module to connect and pull data directly from devices.
Decoders: Specialized tools to parse specific database files. Usage Context
Forensically Sound: Designed to avoid altering data on the mobile device during acquisition.
Environment: Often used on Linux systems (e.g., Kali Linux) and requires Python 3. Installation Steps
Install Prerequisites: Install the adb package and python3-tk.
Clone Repository: Download the repository from GitHub: git clone https://github.com/den4uk/andriller.git.
Install Requirements: Navigate to the directory and install required libraries using pip. Run: Execute the tool using Python.
If you’d like to explore this tool further, I can help you find: Specific commands for setting it up on your OS. Guides on using the WhatsApp decryption feature.
Information on alternative open-source mobile forensic tools.