Andriller -- Forensic Investigation of Android Phone on Kali Linux

Android holds its position as the leading mobile phone operating system in worldwide. Having an Android phone is very common nowadays. Forensic testing of an Android phone is very crucial for every digital forensics experts.

In today's digital forensics article we are going to learn about Andriller. Andriller is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

We learn how to install andriller on our Kali Linux system and use it against our own device.

Andriller Digital Forencics of Android on Kali Linux

First of all we need to clone the GitHub repository of andriller on our system by applying following command;

git clone https://github.com/den4uk/andriller.git

After the cloning process complete we can navigate to the directory by using cd command:

cd andriller

Here we got some files but to install and use andriller we need to focus on two files they are setup.py and andriller-gui.py.

Andriller clonned in Kali linux
We set the permissions of both files using following command.

sudo chmod +x setup.py andriller-gui.py

The following screeshot shows the output of applied command.

setting up permission of andriller
Now we can run the setup & install andriller. To do that we run following command on our terminal:

sudo python3 setup.py install

The above command will install all the dependencies to run this tool.

Here we recommended to run following command to install adb and python-tk for error-less works.

sudo apt-get install android-tools-adb python3-tk

After installing the dependencies we can run the tool by simply using following command:

python3 andriller-gui.py

Then the GUI (Graphical User Interface) window of andriller will open in front of us as we can see in the following screenshot:

Andriller GUI on Kali Linux

Here we need to set our "Output Location" we click there and set our output location. Here we choose our Desktop location.

Now we just need to connect an Android device with our Kali Linux system through USB, we need to use data cable here (USB debugging is must on Android device). After connecting data cable with the device we can use the "Check" option to check if our android device is connected or not.

After connecting our Android device we just need to click on "Extract" to get the report. After clicking on export we can see that our Android device is asking for backing up data here we just need to click on "back up my data", as we did in the following screenshot:

backup request from android

Then our process will be started. If we have chosen or tick ✅ the "Shared Storage", then Andriller will backup the whole storage which will be time consuming otherwise it will backup the system files only.

After completing the process the reports will be saved on our given location as a html file and browser opens the report automatically. As we can see in the following screenshot.

Andriller report of Android device
Hided some personal information

Here we can see the all details of the Android device. We can check the Google Accounts, Call logs, Browser history, WiFi passwords, SMS and much more.

Here is a screenshot of WiFi passwords.

Andriller extracted WiFi Passwords

Lots of information we can extract from an Android device using Andriller.

This is how we can perform digital forensics on an Android device. One more things, if we have a device with root permission then we can see the maximum results.

Liked our tutorial then follow us on Twitter and GitHub we also publish article updates there. To get an e-mail notification please subscribe us.

For anything please do a comment on the below comment box, we always reply.

author-img
Kali Linux

Comments

9 comments
Post a Comment
  • Unknown photo
    UnknownJanuary 5, 2021 at 10:30 PM

    brother your articles are very useful , I feel very happy as usual when i enters in your site. but brother there is a doubt regarding andriller forensic android tool . if we want to do some reports on android device than how can we enables adb debugging if the phone is locked by pattern or code. I know there are some tools which can unlock the pattern or code but is there any other way to enable usb or adb debugging in an android if it is locked or without unlocked.

    Delete Comment
    • Kali Linux photo
      Kali LinuxJanuary 7, 2021 at 11:42 AM

      First of all, I'm not brother. You can call me sister. By the way it's glad to have such a good and supportive audience like you. You guys always encourage to do the best work. Thanks a lot.

      Now comes to your question. You can enable the debugging without braking the password. Did know know about "ADB enabler automater"? Google it (Some of good articles on it removed from internet & youtube) hope you find something. Good luck.

      Delete Comment
    • Unknown photo
      UnknownMay 28, 2021 at 12:15 AM

      some error shows ... Devices not detected

      Delete Comment
    • AnonymousMay 28, 2021 at 1:07 PM

      Is there any tool for hacking discord(educational purpose only)..Mr Kali Linux?

      Delete Comment
      • Kali Linux photo
        Kali LinuxMay 29, 2021 at 5:51 PM

        Hi there, Thanks for your valuable comment. We still didn't see this kind of tool. Let us check. If there is any kind of tool regarding this we will write an article for educational purpose.

        Delete Comment
      • AnonymousJuly 1, 2021 at 7:28 AM

        If your phone isn't rooted, it will be useless ?

        Delete Comment
        • AnonymousJuly 5, 2021 at 9:43 AM

          Bro can I recover my google account if i know my password and gmail i lost my phone recently and my no was inserted in it. There is a 2 step verification on my google account help me how can I recover it

          Delete Comment
          • Kali Linux photo
            Kali LinuxJuly 5, 2021 at 6:01 PM

            You can contact with Google Account recovery options. otherwise mail them with your problems.

            Delete Comment
          google-playkhamsatmostaqltradent