Avilla Forensics is a free mobile forensics tool designed for data extraction and analysis. Here’s a detailed report on the features and functionalities of the Avilla Forensics 3.7 release:

Overview:

License: Avilla Forensics is released under the GNU General Public License (GPL) version 3. Recognition: The tool has achieved international recognition by winning the first place in the Forensics 4:Cast awards in the non-commercial tool category, as announced at the SANS Institute event.

Features and Functionalities:

Mobile Forensics Capabilities:

Backup ADB:

Allows for Android default backup.

APK Downgrade:

Downgrades 15 popular apps, including WhatsApp, Telegram, Messenger, and others.

Parser Chats WhatsApp:

Parses WhatsApp chats, including support for both old and new database schema. Transcription of WhatsApp .opus audio files with an HTML parser.

Miscellaneous ADB Collections:

Gathers various ADB collections, including system properties, dumpsys, geolocation, IMEI, and more.

Tracking, Downloading, and Decrypting WhatsApp .ENC Files:

Provides the ability to track, download, and decrypt WhatsApp .ENC files.

Contact List Search:

Searches and retrieves contact lists, avatar photos, and deleted WhatsApp contacts.

Decrypting WhatsApp Databases Crypt 14/15:

Decrypts WhatsApp databases with Crypt 14 and Crypt 15 encryption.

Screenshots, Screen DUMP, and Chat Capture:

Captures screenshots, screen dumps, and chat conversations.

Automatic Integration with Other Tools:

Integrates with IPED, AFLogical, Alias Connector, MVT, JADX, and WhatsApp Viewer

Conversion and Processing: Converts .AB to .TAR. Fast scan and real-time transfer of files. Image Finder with hash, metadata, and geolocation capabilities. Device Manipulation: Installs and uninstalls APKs via ADB. Device mirroring functionality. Instagram Data Scraping: Scrapes data from Instagram. Hash Calculator: Calculates various file hashes (SHA-256, SHA-1, SHA-384, SHA-512, SHA-MD5). Android Folder Browser (PULL and PUSH): Allows browsing and transferring of files and folders. Merge WhatsApp Databases: Merges multiple WhatsApp databases.

IOS Data Extraction Module:

Provides functionalities for iOS data extraction.

Tool Prerequisites:

Requires technical knowledge of forensics in mobile devices. Minimal computer knowledge. Device with DEBUG mode activated. Windows 10/11 with proper updates.

Third-Party Tools:

Utilizes various third-party tools under different licenses, including Apache, GNU General Public License, MIT License, BSD License, and Freeware License.

Installation and Training:

Installation involves extracting the tool and installing required third-party tools like JAVA, Python, and others.

Training resources are available, including a course by the Academy of Digital Forensics and a manual with step-by-step instructions.

Download and Donation:

Avilla Forensics 3.6 is available for download from multiple sources with a file size of 2.53 GB. Donations can be made via PIX

Technologies Used:

Avilla Forensics is developed using C#, Python, and Java.

Contacts:

Avilla Forensics 3.6

Improvement of the IOS extraction module. Implementation of IOS real-time mirroring. Looping Screenshots for IOS. Improvement of the Whatsapp .enc media download and decryption module. Display only hidden chats in Whatsapp Parser. Search only for a specific phone number in whatsapp Parser.

Download Setup-Forensics-3-6.exe:

SIZE: 2.53 GB

Conclusion:

Avilla Forensics is a comprehensive and feature-rich tool for mobile forensics, offering a wide range of functionalities for both Android and iOS devices. The tool’s integration with various third-party tools enhances its capabilities, making it a valuable resource for digital forensics professionals. The availability of training resources and a dedicated community supports users in maximizing the tool’s potential for investigations.