This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

Andriller -- Forensic Investigation of Android Phone on Kali Linux

Android holds its position as the leading mobile phone operating system in worldwide. Having an Android phone is very common nowadays. Forensic testing of an Android phone is very crucial for every digital forensics experts.

In today's digital forensics article we are going to learn about Andriller. Andriller is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

We learn how to install andriller on our Kali Linux system and use it against our own device.

Andriller Digital Forencics of Android on Kali Linux

First of all we need to clone the GitHub repository of andriller on our system by applying following command;

git clone https://github.com/den4uk/andriller.git

After the cloning process complete we can navigate to the directory by using cd command:

cd andriller

Here we got some files but to install and use andriller we need to focus on two files they are setup.py and andriller-gui.py.

Andriller clonned in Kali linux
We set the permissions of both files using following command.

sudo chmod +x setup.py andriller-gui.py

The following screeshot shows the output of applied command.

setting up permission of andriller
Now we can run the setup & install andriller. To do that we run following command on our terminal:

sudo python3 setup.py install

The above command will install all the dependencies to run this tool.

Here we recommended to run following command to install adb and python-tk for error-less works.

sudo apt-get install android-tools-adb python3-tk

After installing the dependencies we can run the tool by simply using following command:

python3 andriller-gui.py

Then the GUI (Graphical User Interface) window of andriller will open in front of us as we can see in the following screenshot:

Andriller GUI on Kali Linux

Here we need to set our "Output Location" we click there and set our output location. Here we choose our Desktop location.

Now we just need to connect an Android device with our Kali Linux system through USB, we need to use data cable here (USB debugging is must on Android device). After connecting data cable with the device we can use the "Check" option to check if our android device is connected or not.

After connecting our Android device we just need to click on "Extract" to get the report. After clicking on export we can see that our Android device is asking for backing up data here we just need to click on "back up my data", as we did in the following screenshot:

backup request from android

Then our process will be started. If we have chosen or tick ✅ the "Shared Storage", then Andriller will backup the whole storage which will be time consuming otherwise it will backup the system files only.

After completing the process the reports will be saved on our given location as a html file and browser opens the report automatically. As we can see in the following screenshot.

Andriller report of Android device
Hided some personal information

Here we can see the all details of the Android device. We can check the Google Accounts, Call logs, Browser history, WiFi passwords, SMS and much more.

Here is a screenshot of WiFi passwords.

Andriller extracted WiFi Passwords

Lots of information we can extract from an Android device using Andriller.

This is how we can perform digital forensics on an Android device. One more things, if we have a device with root permission then we can see the maximum results.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
author-img
Kali Linux

Comments

16 comments
Post a Comment
  • Unknown photo
    UnknownJanuary 5, 2021 at 10:30 PM

    brother your articles are very useful , I feel very happy as usual when i enters in your site. but brother there is a doubt regarding andriller forensic android tool . if we want to do some reports on android device than how can we enables adb debugging if the phone is locked by pattern or code. I know there are some tools which can unlock the pattern or code but is there any other way to enable usb or adb debugging in an android if it is locked or without unlocked.

    Delete Comment
    • Kali Linux photo
      Kali LinuxJanuary 7, 2021 at 11:42 AM

      First of all, I'm not brother. You can call me sister. By the way it's glad to have such a good and supportive audience like you. You guys always encourage to do the best work. Thanks a lot.

      Now comes to your question. You can enable the debugging without braking the password. Did know know about "ADB enabler automater"? Google it (Some of good articles on it removed from internet & youtube) hope you find something. Good luck.

      Delete Comment
      • AnonymousJanuary 7, 2023 at 6:02 AM

        I am interested in checking my mother's phone for Pegasus or some other surveillance software. Is there a tutorial on this ?

        Delete Comment
        • AnonymousJanuary 9, 2023 at 8:43 AM

          Hi there, Here is an tutorial for you Pegasus spyware checking. Thanks.

          Delete Comment
        • Unknown photo
          UnknownMay 28, 2021 at 12:15 AM

          some error shows ... Devices not detected

          Delete Comment
        • AnonymousMay 28, 2021 at 1:07 PM

          Is there any tool for hacking discord(educational purpose only)..Mr Kali Linux?

          Delete Comment
          • Kali Linux photo
            Kali LinuxMay 29, 2021 at 5:51 PM

            Hi there, Thanks for your valuable comment. We still didn't see this kind of tool. Let us check. If there is any kind of tool regarding this we will write an article for educational purpose.

            Delete Comment
          • AnonymousJuly 1, 2021 at 7:28 AM

            If your phone isn't rooted, it will be useless ?

            Delete Comment
            • AnonymousJuly 5, 2021 at 9:43 AM

              Bro can I recover my google account if i know my password and gmail i lost my phone recently and my no was inserted in it. There is a 2 step verification on my google account help me how can I recover it

              Delete Comment
              • Kali Linux photo
                Kali LinuxJuly 5, 2021 at 6:01 PM

                You can contact with Google Account recovery options. otherwise mail them with your problems.

                Delete Comment
              • Sanjeet KumarNovember 4, 2022 at 7:21 PM

                Hello Sister, is any tool available for iPhone ?
                Please Reply .

                Delete Comment
                • AnonymousNovember 5, 2022 at 8:23 PM

                  what is ur snapchat Sanjeet 😼

                  Delete Comment
                • AnonymousJanuary 2, 2023 at 12:04 AM

                  Nice

                  Delete Comment
                  • AnonymousJanuary 7, 2023 at 6:22 PM

                    hi Thorne, and thank you for the tutorial. im getting the device unauthorized error. usb debugging so im not sure what to do about it. please help. thank you.

                    Delete Comment
                    • AnonymousJanuary 7, 2023 at 6:23 PM

                      i meant hi im Thorne sry

                      Delete Comment
                    google-playkhamsatmostaqltradent