Setup for Analysis of Android Applications
- Setup Host:
- Add VboxManage to PATH
C:\Program Files\Oracle\VirtualBox
- Add adb and emulator to PATH
C:\Users\[username]\AppData\Local\Android\Sdk\platform-toolsC:\Users\[username]\AppData\Local\Android\Sdk\emulator
- Add the created AVD folder as a shared folder to your VM:
C:\Users\[username]\.android\avd\[name].avd
- Add a shared folder for your analysis results:
- Add subdirectory
decrypted- Contains decrypted system images:
*.raw
- Contains decrypted system images:
- Add subdirectory
files- Contains a folder for each snapshot with extracted files
- Add subdirectory
actions- Contains a folder for each action with analysis results
- Add subdirectory
- Add VboxManage to PATH
- Setup autoappanalysis:
- In order to setup the Automation GUI correctly, follow the instructions of autoappanalysis
- Programs:
- avdecrypt.py
- Removes full disk encryption from AVD snapshots
- idifference2.py
- Differential analysis of file systems
- evidence
- Differential analysis of idifference2.py output
- sqliteview
- Visualizes SQLite files
- sqlitediff
- Differential analysis of SQLite files
- lineident
- Searches files line by line for given words
- fileextract
- Extractes files from .raw files using sleuthkit
- avdecrypt.py
- Setup:
- In order to setup the VM correctly, follow the instructions of app-analysis-setup
MIT