Avilla Forensics is located in first place in the award international Forensics 4:Cast 🥇🏆, in the tool category no commercial. Announcement made at the event from the SANS Institute.

Thanks for the votes, without you this would not be possible.

• ACADEMIA DE FORENSE DIGITAL - AFD:
• https://academiadeforensedigital.com.br/
• https://academiadeforensedigital.com.br/treinamentos/treinamento-de-avilla-forensics/ (Gravado)

• Avilla Forensics is a free mobile forensic tool, launched in February 2021, designed to assist investigators in obtaining information and evidence from mobile devices.
• Developed by São Paulo State Police Officer Daniel Avilla, this tool enables logical data extraction and the conversion of backups to formats compatible with detailed forensic analyses, such as IPED software or Cellebrite Physical Analyser.
• In version 3.7 of Avilla Forensics, numerous improvements and new functionalities for mobile data extraction and analysis were implemented. This update introduced an integrity system that generates AES-256 encrypted logs (.avilla), containing hashes of the collected files. In addition to encryption, the .avilla file features an HMAC signature, creating a second layer of protection for file integrity.
• Version 3.7 significantly enhances the capabilities for data extraction and analysis, offering new integrity functionalities and advanced tools for handling backups and extracting app data. These improvements make the tool even more robust and effective for forensic investigations.
• With features that allow interaction with mobile devices through the Android Debug Bridge (ADB) interface, Avilla Forensics offers a versatile tool that facilitates communication with the device.
• Developed in C#, the tool is compatible and operates stably in Windows 10/11 environments, including their latest updates.
• The main feature of the tool is the APK Downgrade module, which enables data collection from over 15 applications, making it an indispensable tool for forensic investigations.
• The Avilla Forensics suite does not replace existing tools, but complements them, offering new additional possibilities.

• (NEW) Avilla Forensics: Webinar: Avilla Forensics 3.7 - What's new? With Prof. Daniel Avilla - Scheduled for September 3rd. 2024 - AFD (https://www.youtube.com/watch?v=HHPptOdZLaA)

• Avilla Forensics: Security in the palm of your hand: A meeting with Daniel Avilla to talk about Digital Forensics on Mobile Devices - Broadcast live on July 4 2024 - Vincit College (https://www.youtube.com/watch?v=g8gJC1nUngM&t=702s)

• Avilla Forensics: What's New in the New Version - Broadcast live on April 23. 2024 - AFD (https://www.youtube.com/watch?v=H-rtMs3DgmM)

• How to Simulate Applications using Avilla App Simulator (Step by Step Tutorial) - It premiered on April 23. 2024 - By Wesley Rodrigo - AFD (https://youtu.be/3WNStFaztfc?si=7QUu5SFZ-eONvGRt)

• Avilla Universal Whatsapp Extraction - It premiered on January 5th. 2024 (https://youtu.be/jqF89Xyv-YA?si=OknE6Oo6MLaZCVUj)

• Avilla App Simulator - Broadcast live on April 6th. 2023 - AFD (https://www.youtube.com/live/6G4Y3_pk18A?si=Rww8JkobPh9bqKkI)

• AVILLA FORENSICS 3.5 - Broadcast live on March 17th. 2023 UCAPEM GROUP - (https://www.youtube.com/live/5ndIo1Kx8fk?si=RIKdix6wDkKVVLuj)

• Signal Forensics: Data Extraction and Decryption on Signal - Broadcast live on Nov 24th. 2022 - AFD (https://www.youtube.com/live/NezodJcGyQ4?si=0piGWLhHz1Xbf9hT)

• MOBILE FORENSIC EXTRACTION - USING AVILLA FORENSICS SOFTWARE - LOGIC EXTRACTION AND APK DOWNGRADE - Aug 5 2022 - By Emerson Borges (https://youtu.be/KuSmct1Qa30?si=-D2LbqtkfORdcgfQ)

• Automatic WhatsApp audio transcription with Avilla Forensics - Broadcast live on Jul 6. 2022 - AFD (https://www.youtube.com/live/EyYayEqmpkE?si=Cdd8QfP1IcXehNti)

• Broadcast live on March 15th. 2022 - AFD (https://www.youtube.com/live/zQigjIIkBjQ?si=uanfwVUt33IqlWXt)

• I have a passion for mobile digital forensics and the art of data extractions.

• "The pursuit of truth and justice through science."

• Daniel Avilla is a distinguished Professor of Mobile Device Forensics at the Digital Forensics Academy (AFD), also serving as a Civil Police Officer in the State of São Paulo and Vice Director of Technology at the National Association of Forensic Computing Experts (APECOF). He holds a degree in Systems Analysis and a postgraduate degree in Forensic Computing, and is currently pursuing a postgraduate degree in Cyber Security. Daniel has advanced technical training in Mobile Devices and Advanced Extraction (Chip Off, EDL, and ISP) from AFD. With a research career in technology since 1998, he developed "Avilla Forensics," a free and globally recognized tool that facilitates forensic acquisition in mobile devices.

• "A busca da verdade e justiça pela ciência."

• Daniel Avilla é um destacado Professor de Forense em Dispositivos Móveis na Academia de Forense Digital (AFD), atuando também como Agente de Polícia Civil no Estado de São Paulo e Vice-Diretor de Tecnologia na Associação Nacional dos Peritos em Computação Forense (APECOF). Ele possui graduação em Análise de Sistemas e pós-graduação em Perícia Forense Computacional, estando atualmente cursando uma pós-graduação em Cyber Security. Daniel tem formação técnica avançada em Dispositivos Móveis e Extração Avançada (Chip Off, EDL e ISP) pela AFD. Com uma trajetória de pesquisa na área de tecnologia desde 1998, ele desenvolveu o "Avilla Forensics", uma ferramenta gratuita e mundialmente reconhecida que facilita a aquisição forense em dispositivos móveis

• "La búsqueda de la verdad y la justicia a través de la ciencia."

• Daniel Avilla es un destacado Profesor de Forense en Dispositivos Móviles en la Academia de Forense Digital (AFD), también desempeñándose como Agente de Policía Civil en el Estado de São Paulo y Vice Director de Tecnología en la Asociación Nacional de Peritos en Computación Forense (APECOF). Tiene una licenciatura en Análisis de Sistemas y una especialización en Pericia Forense Computacional, y actualmente está cursando una especialización en Ciberseguridad. Daniel tiene formación técnica avanzada en Dispositivos Móviles y Extracción Avanzada (Chip Off, EDL y ISP) por la AFD. Con una trayectoria de investigación en el área de tecnología desde 1998, desarrolló "Avilla Forensics", una herramienta gratuita y reconocida mundialmente que facilita la adquisición forense en dispositivos móviles.

• 
• https://www.linkedin.com/in/daniel-a-avilla-0987/
• https://www.instagram.com/perito_daniel_avilla
• [email protected]

Download AFD-Setup-Forensics-3-7.exe:

• SIZE: 3,25 GB

• Hash Sha-256: 6530ba50325af012775047ab03f991969d47502680235e142e296d0b9a45b922

• Hash Sha-512: 4170211efdf0c97b6eb1c3bd939a39954ad82c50415a570ba983263d337d45eacc8b65b2e094d4f0c503dfffd1f34cb08066ad60c825f40eae708196e46374b7

• Sign up to download the tool, which is free!

• Link 01: https://drive.google.com/file/d/11A2DLT8IgAKN3WWz2-jCqkrtCL5moClg/view?usp=sharing

• Link 02: https://drive.google.com/file/d/1II_ZXZIb7_PEBCkln3pQJpDIMNhTEb-j/view?usp=sharing

• Link 03: https://drive.google.com/file/d/1IBIfMoI__kP6yopQmswyJWjdAETGHhdf/view?usp=sharing

• Link 04: https://drive.google.com/file/d/158p-lfLDGjlVS7UAKpECu0ZVE8CLd3VF/view?usp=sharing

• Installer password: avilla_afd

Avilla Forensics - Copyright (C) 2024 – Daniel Hubscher Avilla

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

• I have a passion for mobile digital forensics and the art of data extractions.
• Free Mobile Forensics Tool that allows you to:
• It is important that you take the training to ensure greater security and success in acquisitions without data loss (Brief training in the English language).
• É importante que você faça o treinamento para garantir maior segurança e sucesso nas aquisições sem perda de dados, veja no final da página.

1. Backup ADB.
2. APK Downgrade in 15 Apps: WhatsApp (com.whatsapp), Telegram (org.telegram.messenger), Messenger (com.facebook.orca), ICQ (com.icq.mobile.client), Twitter (com.twitter.android), Instagram (com.instagram.android), Signal (org.thoughtcrime.securems), Linkdin (com.linkedin.android), Tiktok (com.zhiliaoapp.musically), Snapchat (com.snapchat.android), Tinder (com.tinder), Badoo (com.badoo.mobile), Mozilla Firefox (org.mozilla.firefox), Dropbox (com.drobox.android), Alibaba (com.alibaba.intl.android.apps.poseidon)).
3. Parser Chats WhatsApp.
4. (NEW) Whatsapp .opus audio transcription and transcription plot in CHATS HTML PARSER:
5. Miscellaneous ADB collections: (System Properties (Full), Dumpsys (Full), Disktats (Disk Information), Android Geolocation Dump (Location Manager State), IMEI (01 ,02), S/N (Serial Number), Processes, TCP (Active Internet connections), Accounts (UserInfo), DUMP Wifi, DUMP Detailed Wifi, CPU Information, Memory Information, Display Information (WINDOW MANAGER DISPLAY CONTENTS), Resources, Resolution (Physical size), Screen Dump (.XML file), Dump Backup (Backup Manager is enabled), List Installed Third-Party Applications, List Native System Applications, Contacts, SMS, System Events, Active Users, Android Version, DB Info (Applications Database Info), On/Off History, LogCat, Space In Use Information, Carrier, Bluetooth (Bluetooth Status), Image File Location, Audio File Location, Video File Location, Face Recognition DUMP, Global Settings, Security Settings a, System Settings, Remove/Add PIN (Requires current PIN), DUMP ADB (ADB Connections), Reboot, Reboot Recovery Mode, Reboot Bootloader Mode, Reboot Fastboot Mode.
6. Tracking, Downloading and Decryption of Whatsapp .ENC files.
7. Contact List Search.
8. Deleted WhatsApp Photos Avatars and Contacts.
9. (NEW) Decrypting WhatsApp Databases Crypt 14/15
10. Screenshots.
11. Screen DUMP.
12. Chat Capture.
13. Automatic integration with IPED.
14. (NEW) Access Through the Tool to IPED Tools.
15. Automatic integration with AFLogical.
16. Automatic integration with Alias Connector.
17. Conversion from .AB to .TAR.
18. Fast Scan and Real-time Transfer .
19. Image Finder (Hash, Metadata, Geolocation, Plotting the location on Google Maps and Google Earch).
20. Plotting (IN BATCHES) of the Geolocation of images on Google Earch (geo.kml) with patch and thumbnails of the images.
21. Installing and Uninstalling APKs via ADB.
22. HASH Calculator.
23. Android Folder Browser (PULL and PUSH).
24. Device Mirroring.
25. Instagram Data Scraping.
26. General single copy
27. Automatic integration with MVT-1.5.3.
28. Access Through the Tool to JADX.
29. Access Through the Tool to WhatsApp Viewer.
30. Access Through the Tool to jExiftool GUI.
31. Conversion of .csv/.txt files with GEOLIZATION information provided by court decisions into .KML for police investigations.
32. Merge WhatsApp DATABASES
33. IOS Data Extraction Module

• Android default backup.

• WhatsApp (com.whatsapp)

• Telegram (org.telegram.messenger)

• Messenger (com.facebook.orca)

• ICQ (com.icq.mobile.client)

• Twitter (com.twitter.android)

• Instagram (com.instagram.android)

• Signal (org.thoughtcrime.securems)

• Linkdin (com.linkedin.android)

• Tiktok (com.zhiliaoapp.musically)

• Snapchat (com.snapchat.android)

• Tinder (com.tinder)

• Badoo (com.badoo.mobile)

• Mozilla Firefox (org.mozilla.firefox)

• Dropbox (com.drobox.android)

• Alibaba (com.alibaba.intl.android.apps.poseidon)

• Examples:

• The tool does a test in a generic application (com.aplicacaoteste.apk) before starting the DOWNGRADE process in the target APP.
• Tips: XIAOMI phones may come with USB protections, remove these protections without taking the device out of airplane mode by following the steps below:

1. Select the Chats destination folder (Copy the "Media" folder in this same location).
2. Select the folder: \com.whatsapp\f\Avatars
3. Select the .DB file: \com.whatsapp\db\msgstore.db

• (NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.

• (NEW) You can also transcribe the audios along with Whatsapp parser process.

• New Schema (Table: message):

• Fields:

• _id, chat_row_id, from_me, key_id, sender_jid_row_id, status,broadcast, recipient_count, participant_hash, origination_flags, origin, timestamp received_timestamp, receipt_server_timestamp, message_type, text_data (Mensagens), starred, lookup_tables, message_add_on_flags, sort_id

1. Select the Chats destination folder (Copy the "Media" folder in this same location).
2. Select the folder: \com.whatsapp\f\Avatars
3. Select the .DB file: \com.whatsapp\db\msgstore.db

• (NEW) In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.

• (NEW) You can also transcribe the audios along with Whatsapp parser process.

• Old Schema (Table: messages)

• Fields:

• _id, key_remote_jid, key_from_me, key_id, status, needs_push, data (Mensagens), timestamp, media_url, media_mime_type, media_wa_type, media_size, media_name, media_caption, media_hash, media_durationorigin, latitude, longitude, thumb_image, remote_resource, received_timestamp, send_timestamp, receipt_server_timestamp, receipt_device_timestamp, read_device_timestamp, played_device_timestamp, raw_data, recipient_count, participant_hash, starred, quoted_row_id, mentioned_jids, multicast_id, edit_version, media_enc_hash, payment_transaction_id, forwarded, preview_type, send_count, lookup_tables, future_message_type, message_add_on_flags.

• In the "OPUS audio transcription" module you can transcribe one or thousands of audios at the same time.
• In the "Generate Whatsapp Chats" modules it is possible to plot the transcripts in HTML.
• You can also transcribe the audios along with Whatsapp parser process.
• Generate HTML report with transcribed texts, hash, contact linked to audio and chat linked to audio.

• System Properties (Full).
• Dumpsys (Complete).
• Disktats (Disk information).
• Android Geolocation Dump (Location Manager State).
• IMEI (01 .02).
• Y/N (Serial Number).
• Law Suit.
• TCP (Active Internet connections).
• Accounts (UserInfo).
• DUMP Wifi.
• Detailed Wifi DUMP.
• CPU information.
• Memory Information.
• Display Information (WINDOW MANAGER DISPLAY CONTENTS).
• Resources.
• Resolution (Physical size).
• Screen Dump (.XML file).
• Dump Backup (Backup Manager is enabled).
• List Installed Third-Party Applications.
• List Native System Applications.
• Contacts.
• SMS.
• System Events.
• Active Users.
• Android version.
• DB Info (Applications Database Info).
• On/Off History.
• LogCat.
• Space in Use Information.
• Operator.
• Bluetooth (Bluetooth Status).
• Location of Image Files.
• Location of Audio Files.
• Location of Video Files.
• Face Recognition DUMP
• Global Settings.
• Security Settings.
• System Settings.
• Remove/Add PIN (Requires current PIN).
• DUMP ADB (Connections ADB).
• Reboot.
• Reboot Recovery Mode.
• Reboot Bootloader Mode.
• Reboot Fastboot Mode.

• Examples:
• Dump ADB: ADB.txt, in this example we can check the last computer connected via ADB with the device:

• Dumpsys: dumpsys.txt, in addition to bringing thousands of device information, in this example we can check the uninstall date of an application:

• Note: The information can be in Unix Timestamp time format, use the link below to convert:
• 1649374898421 (Unix Timestamp) = Thu Apr 07 2022 23:41:38 GMT+0000 (GMT)
• https://www.unixtimestamp.com/

• Generate the Script and run the generated .bat file.

"C:\Forensics\bin\whatsapp-media-decrypt\decrypt.py"

1. Select the folder: \com.whatsapp\f\Avatars
2. Select .DB file: \com.whatsapp\db\wa.db

• Crypt14.
• Crypt15.

• "C:\Forensics\bin\IPEDTools\IPEDTools.exe"

• Performs the acquisition automatically without user intervention.
• "C:\Forensics\bin\AFLogicalOSE152OSE.apk"

• Performs the acquisition automatically without user intervention.
• "C:\Forensics\bin\com.alias.connector.apk"

• Passworded ADB backups may take longer to convert.
• Try not to put passwords in the backups requested in "ADB Backup" or "Downgrade", so you speed up the conversion process.
• If this module doesn't work, try to add the "C:\Forensics" patch to the system variables

• Images: .jpg, .jpeg, .png, .psd, .nef, .tiff, .bmp, .tec, .tif, .webp
• Videos: .aaf, .3gp, .asf, .avi, .m1v, .m2v, .m4v, .mp4, .mov, .mpeg, .mpg, .mpe, .mp4, .rm, .wmv, .mpv , .flv, .swf
• Audios: .opus, .aiff, .aif, .flac, .wav, .m4a, .ape, .wma, .mp2, .mp1, .mp3, .aac, .mp4, .m4p, .m1a, .m2a , .m4r, .mpa, .m3u, .mid, .midi, .ogg
• Archives: .zip, .rar, .7zip, .7z, .arj, .tar, .gzip, .bzip, .bzip2, .cab, .jar, .cpio, .ar, .gz, .tgz, .bz2
• Databases: .db, .db3, .sqlite, .sqlite3, .backup (SIGNAL)
• Documents: .htm, .html, .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, .pdf, .txt, .rtf
• Executables: .exe, .msi, .cmd, .com, .bat, .reg, .scr, .dll, .ini, .apk

• Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_01" to run the image search.

• Note: To plot the thumbnails along with the yellow points, download Google Earch Pro, if you plot on Google Earch Online, only the blue points will be plotted without the images.
• Click on GENERATE KML to batch generate the geo.kml file

• .APK files

• Note: For this module DO NOT save your acquisitions on the Desktop, save for example in "C:\folder_name\collection_02" to calculate the Hashs of the files.
• Calculates the Hash of all files in an acquisition.
• SHA-256.
• SHA-1.
• SHA-384.
• SHA-512.
• SHA-MD5.

• A Simple folder browser to PULL and PUSH files or folders.

• "C:\Forensics\bin\scrcpy"

• If you have problems with "adb pull" or "adb backup", copy all files from the device in separate processes, copying one at a time.

• "C:\Forensics\bin\mvt-1.5.3\mvt.bat"

• "C:\Forensics\bin\jadx-1.2.0\jadx-gui-1.2.0-no-jre-win.exe"

• "C:\Forensics\bin\WhatsAppViewer.exe"

• Plotting thousands of points on the map in seconds
• In this example below, more than 36 thousand points were plotted on the map
• Example data from .csv file: 2022-04-15T02:59:45.368Z,2022-04-15T02:59:45.368, (Latitude/Column 2) -23.7416538, (Longitude/Column 3) -46.5744873,15,WIFI,1663554331,ANDROID

• "C:\Forensics\bin\merge\merge_databases_exe\merge_databases.exe -lv"

• TECHNICAL knowledge of Forensics in Mobile Devices.
• Minimal computer knowledge
• Device with DEBUG mode activated.
• Windows 10/11 with its proper updates.

• JAVA (https://www.java.com/pt-BR/).
• PHYTON (https://www.python.org/).

• Extract the tool from "C:\Forensics-3-6".
• Do not put spaces in the tool folder name.

• Jadx-1.2.0: "C:\Forensics\bin\jadx-1.2.0" (Just install JAVA). (APACHE LICENSE)
• Backup Extractor: "C:\Forensics\backup_extractor" (Just install JAVA). (APACHE LICENSE)
• The Backup Extractor module (.AB to .TAR) may require you to add the "C:\Forensics" patch to the system variables.

• WhatsApp-Crypt14-Crypt15-Decrypt: To install run the file "C:\Forensics\bin\WhatsApp-Crypt14-Crypt15-Decrypter-main\install-Decrypter.bat" or:

pip install -r requirements.txt

• Whatsapp-media-decrypt: To install run the file "C:\Forensics-3-5\bin\install_wmd.bat"

pip install pycryptodome

• CHAVE PIX: 3901d8ea-22ca-4ba8-a0fb-2615e5485b2c

• C#.
• Python.
• Java.

• APACHE LICENSE

• ADB: https://developer.android.com/tools/adb (APACHE LICENSE).

• Jadx-1.2.0: https://github.com/skylot/jadx (Requer Java). (APACHE LICENSE).

• Android Backup Extractor: https://github.com/nelenkov/android-backup-extractor (Requires Java). (APACHE LICENSE).

• Instaloader: https://github.com/instaloader/instaloader (Requires Python). (APACHE LICENSE).

• Screen Copy: https://github.com/Genymobile/scrcpy (APACHE LICENSE).

• GNU GENERAL PUBLIC LICENSE

• Libimobiledevice: https://github.com/libimobiledevice/libimobiledevice (GNU GENERAL PUBLIC LICENSE). (FormIOS.cs)

• IPED: https://github.com/sepinf-inc/IPED (GNU GENERAL PUBLIC LICENSE)

• IPED PARSERS: https://github.com/sepinf-inc/IPED/tree/master/iped-parsers/iped-parsers-impl/src/main/resources/iped/parsers/whatsapp https://github.com/tc-wleite (GNU GENERAL PUBLIC LICENSE). (WhatsParser.cs and WhatsParserAntigocs.cs)

• IPEDTools: https://github.com/thiagofuer/IPEDTools_Releases/releases (GNU GENERAL PUBLIC LICENSE)

• AFLogical OSE 1.5.2: https://github.com/nowsecure/android-forensics (GNU GENERAL PUBLIC LICENSE).

• WhatsApp-Crypt14-Crypt15-Decrypter: https://github.com/ElDavoo/WhatsApp-Crypt14-Crypt15-Decrypter (Requires Python). (GNU GENERAL PUBLIC LICENSE). (FormDecript.cs)

• SQLiteStudio: https://github.com/pawelsalawa/sqlitestudio (GNU GENERAL PUBLIC LICENSE).

• jExifToolGUI: https://github.com/hvdwolf/jExifToolGUI (GNU GENERAL PUBLIC LICENSE).

• GpsPrune: https://activityworkshop.net/software/gpsprune/ https://github.com/activityworkshop/GpsPrune (GNU GENERAL PUBLIC LICENSE).

• Bytecode Viewer: https://github.com/Konloch/bytecode-viewer (GNU GENERAL PUBLIC LICENSE).

• MIT LICENSE

• ALEAPP: https://github.com/abrignoni/ALEAPP (MIT LICENSE).

• iLEAPP: https://github.com/abrignoni/iLEAPP (MIT LICENSE).

• Hashcat: https://hashcat.net/hashcat/ (MIT LICENSE).

• Whatsapp-Viewer https://github.com/andreas-mausch/whatsapp-viewer (MIT LICENSE).

• iTunes-Backup-Explorer: https://github.com/MaxiHuHe04/iTunes-Backup-Explorer (MIT LICENSE).

• BSD LICENSE

• Audio transcription: https://github.com/Uberi/speech_recognition (BSD LICENSE).

• Freeware LICENSE

• Alias Connector: http://www.newseg.seg.br/newseg/ (Freeware LICENSE).

• Audio transcription: http://www.newseg.seg.br/newseg/ (Freeware LICENSE)

• PUBLIC DOMAIN

• Itunes_backup2hashcat: https://github.com/philsmd/itunes_backup2hashcat/ (PUBLIC DOMAIN).

• UNDEFINED

• Whatsapp-media-decrypt: https://github.com/sh4dowb/whatsapp-media-decrypt (Requires Python). (UNDEFINED).

• Grep: https://git-scm.com/docs/git-grep. (UNDEFINED).