Monday, March 16, 2015

Best / Open Automated and Manual Source Code Analysis Tool - Android

Lint :

        Android lint tool is a static code analysis tool that checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization.





     Android Studio, the configured lint and other IDE inspections run automatically whenever you compile your program. You can also manually run inspections in Android Studio by selecting Analyze > Inspect Code from the application or right-click menu. The Specify Inspections Scope dialog appears so you can specify the desired inspection profile and scope.

    lint tool processes the application source files.


You can configure lint checking at different levels:
  • Globally, for the entire project
  • Per project module
  • Per production module
  • Per test module
  • Per open files
  • Per class hierarchy
  • Per Version Control System (VCS) scopes

Configuring lint in Android Studio

Android Studio allows you to enable or disable individual inspections and configure project-global, directory-specific, and file-specific settings for lint.
You can manage inspection profiles and configure inspection severity within Android Studio using the File > Settings > Project Settings menu to open the Inspections page with a list of the supported profiles and inspections.





Download Link : http://developer.android.com/sdk/index.html#win-bundle

 Agnitio :

           A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.




Features


  • Security code reviews
  • Security code review metrics and reporting
  • Application security code review tool
  • Static analysis security guidance and reporting
Download Link : http://sourceforge.net/projects/agnitiotool/files/latest/download

DroidBench :

                       is an open test suite for evaluating the effectiveness of taint-analysis tools specifically for Android apps. The suite can be used to assess both static and dynamic taint analyses, but in particular it contains test cases for interesting static-analysis problems (field sensitivity, object sensitivity, tradeoffs in access-path lengths etc.) as well as for Android-specific challenges like correctly modeling an application’s lifecycle, adequately handling asynchronous callbacks and interacting with the UI.




Version 1.1 comprises the following categories
  • Arrays and Lists
  • Callbacks
  • Field and Object Sensitivity
  • Inter-App Communication
  • Lifecycle
  • General Java
  • Miscellaneous Android-Specific
  • Implicit Flows
  • Reflection

 Download Link : https://github.com/secure-software-engineering/DroidBench

SuSi:

        is a tool for the fully automated classification and categorization of Android framework sources and sinks

       There exist different kinds of sensitive sources and sinks in the area of Android security. For instance, the user’s location information or address book can be treated as a source, while the network connection or the SMS message sending facilities can be seen as sinks. In general, sources and sinks are accessed through specific API methods (e.g, getLastKnownLocation() for the user’s current location).




     SuSi is a tool that automatically generates a list of Android sources and sinks by analyzing the complete Android source code. Our approach is version-independent and can simply be run again when a new Android version is released. This relieves security analysts from having to regularly create new lists of sources and sinks by hand.


Download Link : https://github.com/secure-software-engineering/SuSi

     



DidFail:

            DidFail (Droid Intent Data Flow Analysis for Information Leakage) uses static analysis to detect potential leaks of sensitive information within a set of Android apps. DidFail combines and augments FlowDroid (which identifies intra-component information flows) and Epicc (which identifies properties of intents such as its action string) to track both inter-component and intra-component data flow in a set of Android applications. DidFail's two-phase analysis allows for fast user-response time by using precomputed phase-1 analysis results.

Note:

  • This tool is a research prototype. It is not intended for industrial use. 
Download Link : https://www.cs.cmu.edu/~wklieber/didfail/didfail.zip

Androwarn :

                   is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.







The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali.

Download Link : https://github.com/maaaaz/androwarn


FlowDroid – Taint Analysis :

                          FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android we aim for an analysis with very high recall and precision. To achieve this goal we had to accomplish two main challenges: To increase precision we needed to build an analysis that is context-, flow-, field- and object-sensitive; to increase recall we had to create a complete model of Android’s app lifecycle.

   
                        Our analysis is based on Soot and Heros. FlowDroid uses a very precise callgraph which helps us to ensure flow- and context-sensitivity. Its IFDS-based flow functions guarantee field- and object-sensitivity. Because an accurate and efficient alias search is crucial for context-sensitivity in conjuction with field-sensitivity, we want to highlight this part of our analysis, which is inspired by Andromeda. 
 
Note: soot-infoflow-android is part of FlowDroid, a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
 
Download Link : https://github.com/secure-software-engineering/soot-infoflow-android
 
 








Wednesday, March 11, 2015

Best / Open Risk Assessment / Analysis Tool

CORAS:

               is a method for conducting security risk analysis. Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.





               CORAS provides a customised language for threat and risk modelling, and comes with detailed guidelines explaining how the language should be used to capture and model relevant information during the various stages of the security analysis. In this respect CORAS is model-based. The Unified Modelling Language (UML) is typically used to model the target of the analysis. For documenting intermediate results, and for presenting the overall conclusions we use special CORAS diagrams which are inspired by UML. The CORAS method provides a computerised tool designed to support documenting, maintaining and reporting analysis results through risk modelling.

Download Link :

http://coras.sourceforge.net/downloads.html

or

http://sourceforge.net/projects/coras/files/latest/download?source=navbar 

Microsoft Security Assessment Tool 4.0:


                                                           is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.




There are two assessments that define the Microsoft Security Assessment Tool:


  • Business Risk Profile Assessment
  • Defense in Depth Assessment (UPDATED)
Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273

PTA (Practical Threat Analysis):

                                     is a risk assessment methodology and a suite of software tools that enable users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment. 






Download link : http://www.software.co.il/ptadownload/pta1215.exe


ISO 17799 RAT ( Risk Analysis Toolkit ) :

                           to perform risk analysis based on the ISO 17799 on public or private companies.

This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.



Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:

    Safeguards (or countermeasures)
    Safety Standards
    Safety procedures
    Elements backup (back up)
    Disaster Recovery Plans

The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.

 Download Link : http://ratiso17799.sourceforge.net/descargas.html

Security Officers Management and Analysis Project (SOMAP):

                              is all about defining security management work methods and supplying Security Officers with tools to do their job more efficient and following standards easily.





Features

  • Information Security Risk Management Methodologies and Tools
  • Open Risk Model Repository
  • Risk Assessment
  • Risk Management
Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar






Friday, February 13, 2015

Open Source DoS/DDoS Analyzer / Mitigation Tool

FastNetMon:
           - high performance DoS/DDoS analyzer with sflow/mirror support and load analyzer builded on top of PF_RING.





FastNetMon - high performance DoS/DDoS and netflowk load analyzer builded on top of multiple packet capture engines (PF_RING, sFLOW, Netflow, PCAP).

What we do? We can detect hosts in our own network with big amount of packets per second/bytes per second or flow per second incoming or outgoing from certain host. And we can call external script which can send notify, switch off server or blackhole this client.
 

Features:
+ Can process incoming and outgoing traffic
+ Can trigger block script if certain IP load network with big amount of packets per second
+ Can trigger block script if certain IP load network with big amount of bytes per second
+ Can trigger block script if certain IP load network with big amount of flows per second
+ VLAN untagging
+ MPLS traffic processing
+ L2TP decapsulation of nested packets
+ PF_RING ZC/DNA support (wire speed processing on tens of MPPS but need license)
+ Can process sFLOW v5
+ Can work on mirror/SPAN ports
+ Can work on server/soft-router
+ Can detect DoS/DDoS in 1-2 seconds
+ Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599

Download Link : https://github.com/FastVPSEestiOu/fastnetmon


DDOSMON:
                  is a network analysis platform which is designed to find anomalous network patterns such as DDoS attacks and act on them automatically. It can do this either by directly sniffing or acting on netflow data export streams.

It is used by a few hosting providers and datacenters.




Program that uses low level linux packet sniffing in incoming network traffic for monitoring possible network attacks and reacting to them by alerting and triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch recent events. Logs are saved to log folder, any ddos attack detection send an email to the user.
It can classify following attacks:
  • SYN Flood
  • UDP Flood
  • ICMP Flood
Any other attack with massive amount of traffic or packet would still be detected.





Download Link : https://github.com/edubart/ddosmon

or

https://bitbucket.org/tortoiselabs/ddosmon/overview



Sunday, August 24, 2014

Android App Security / Vulnerability Scanner

Bluebox Security Scanner:

                                        will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws.




Further details of the Android "Fake ID" and "Master Key" security flaws are available


Download Link : https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

 eEye Android Scanner:
                                  eEye Digital Security, the security industry's most trusted name in vulnerability assessment has brought their expertise to your Android phone.
Did you know that more than 80% of employees now use personal smartphones for work-related purposes? Every day these devices access email, games, and work related material
and are unchecked by your businesses' standard vulnerability management processes.
Until now, one of the biggest challenges for consumers and information technology security teams was they inability to determine potential vulnerabilities on their mobile assets as they do their servers and desktops. Watch the video below to see how Retina CS is solving that problem and how users can download the tool for free to check their own devices.
Benefits of Mobile Security in Retina CS to extend the benefits of this free agent:
Retina CS is the first and only product to integrate mobile device assessment and vulnerability management for complete visibility and context on all vulnerabilities ­ so that your team can discover, prioritize, and fix weaknesses quickly.



* Reduce overall IT security risk by extending vulnerability management to your BlackBerry, Android and ActiveSync-managed mobile devices
* Reduce resource demands by automating vulnerability assessment for mobile devices with in-depth scanning.
* Simplify and improve IT security by managing mobile devices and all other assets through a single, Web-based console.
* Gain greater visibility through vulnerability profiles of mobile devices accessing your network.
* Streamline remediation through advanced threat prioritization according to severity of mobile vulnerabilities.Use built-in and custom audits to scan for weaknesses in mobile device hardware, applications, and configurations.
* Report on mobile device vulnerabilities and demonstrate compliance.



Download Link : https://play.google.com/store/apps/details?id=com.eeye.mobile.android


Belarc Security Advisor:
                                     does this by automatically checking your Android tablet or phone for over 400 security vulnerabilities in both the operating system and installed apps, and gives you the result in seconds as to which ones are vulnerable and need to be updated. The Security Advisor also works with all other security apps such as anti-virus and anti-malware apps.
 
 
Download Link : https://play.google.com/store/apps/details?id=com.belarc.securityadvisor
 
Drozer :
          helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. 

Drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
  • Discover and interact with the attack surface exposed by Android apps.
  • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.
 
Download Link : https://www.mwrinfosecurity.com/products/drozer/community-edition/
 
TrustGo Mobile Security :
                                protects you from today's most dangerous malware and viruses PLUS apps that can steal your personal privacy, identity and data. In addition, TrustGo offers "Find My Phone" features including remote location, lock, alarm and "Candid Camera" thief ID (via email), system tools and web browsing security...all in one totally Free package.
 
TrustGo detects and removes all the latest malicious apps and viruses, and is the only security app that protects your privacy and data from High Risk apps that others miss.

 
TrustGo has achieved West Coast Labs’ Checkmark Certification! It is one of the best products in malware detection test by AV-Comparatives
 
Key Features:
Security Scanner - On-demand or scheduled scans of your mobile phone or tablet and SD card to find and remove viruses, malware, spyware and trojans PLUS risky apps that can steal your data.
Secure App Search - Our Secure App Finder Engine (SAFE) lets you search and download apps that you know are safe. TrustGo alerts you before downloading bad and risky apps. 
 
Download link :
https://play.google.com/store/apps/details?id=com.trustgo.mobile.security

 PenTest Tools List:
 
             is a list of android apps for penetration testing.IT IS JUST A LIST, DON'T EXPECT ANYTHING MORE THAN THAT (sorry for all caps, but some people expect matrix meets mission impossible... and give a bad rating when their expectations are not met :) )
Please read the description...
Penetration test is used to test security of something. (if that something passes penetration test, there is a higher chance that hacker cant hack into it)


Apps are sorted with Tags.
Features:
Links to Apps on the Play Store.
Links to Apps that are NOT on the Play Store
Links to Source Code of Open Source Apps
Links to App websites.
Links to Google the name of the App or App Package.

 Download Link : https://play.google.com/store/apps/details?id=com.itslap.pentesttools


 

Saturday, August 23, 2014

Remote & Local file Inclusion Testing Tools

Fimap:

              A little tool for local and remote file inclusion auditing and exploitation.

              Fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

              The goal of fimap is to improve the quality and security of your website.


What works currently?

  • Check a Single URL, List of URLs, or Google results fully automaticly.
  • Can identify and exploit file inclusion bugs.
    • Relative\Absolute Path Handling.
    • Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
    • Remotefile Injection.
    • Logfile Injection. (FimapLogInjection)
  • Test and exploit multiple bugs:
    • include()
    • include_once()
    • require()
    • require_once()
  • You always define absolute pathnames in the configs. No monkey like redundant pathes like:
    • ../etc/passwd
    • ../../etc/passwd
    • ../../../etc/passwd
  • Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
  • Has an interactive exploit mode which...
    • ...can spawn a shell on vulnerable systems.
    • ...can spawn a reverse shell on vulnerable systems.
    • ...can do everything you have added in your payload-dict inside the config.py
  • Add your own payloads and pathes to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Goto FimapHelpPage for all features.
  • Works also on windows.
  • Can handle directories in RFI mode like:
    • <? include ($_GET["inc"] . "/content/index.html"); ?>
    • <? include ($_GET["inc"] . "_lang/index.html"); ?>
    • where Null-Byte is not possible.
  • Can use proxys.
  • Scans and exploits GET, POST and Cookies.
  • Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)
  • Can attack also windows servers! (WindowsAttack)
  • Has a tiny plugin interface for writing exploitmode plugins (PluginDevelopment)
  • Non Interactive Exploiting (FimapNonInteractiveExec
 Download Link : https://code.google.com/p/fimap/downloads/list

Uniscan:
             is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.

This tool identify six vulnerability :-

* Blind SQL-Injection

* Remote File Include (RFI)

* Local File Include (LFI)

* Remote Command Execution (RCE)

* Cross-Site Scripting (XSS)

* SQL-Injection (SQL-i)



Download Link : http://sourceforge.net/projects/uniscan/

 Darkjumper.py:
                       This tool will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server.

Features

  • scan sql injection, rfi, lfi, blind sql, rce injection
  • autosql injector
  • proxy support
  • verbocity added
  • autoftp bruteforcer
  • IP or Proxy checker and GeoIP

 Download Link : http://sourceforge.net/projects/darkjumper/


 Simple Local File Inclusion:

     
Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage
./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Download Link : http://www.xenuser.org/my-tools/


                                   

Thursday, August 7, 2014

Network Packet Capture / Protocol Analyzer Tools

Wireshark:
               is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.Wireshark can capture traffic from many different network media types - and despite its name - including wireless LAN as well. Which media types are supported, depends on many things like the operating system you are using




Download Link : https://www.wireshark.org/download.html

Capsa:
          is the name for a family of packet analyzer developed by Colasoft for network administrators to monitor, troubleshoot and analyze wired & wireless networks. Currently, there are three editions available: Capsa Enterprise Edition, Capsa Professional Edition, and Capsa Free .

Freeware Network Analyzer (Packet Sniffer) for students, teachers, computer geeks and other non-commercial purposes.




Download Link : http://www.colasoft.com/download/products/capsa_free.php

NetworkMiner:
                        is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic.





Download Link : http://sourceforge.net/projects/networkminer/files/latest/download

SharpPcap:
                is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.



Download Link : http://sourceforge.net/projects/sharppcap/files/latest/download


 PacketSquare (CapEdit):
                                     is a free and open-source pcap-based network protocol testing tool.[1] It is used for testing network devices (IDS/IPS, firewall, routers switches etc.,), network troubleshooting, analysis, software and communications protocol development, and education.



A GUI PCAP Based Network Protocol Testing Tool.

Download link : https://code.google.com/p/packetsquare-capedit/downloads/list

Wednesday, April 23, 2014

Mobile Device / Smartphone Forensic Analysis Investigation Tools

Mobile device forensics :
                            is directly connected to digital forensics and can be defined as being the recovery of digital information or data which is often used for criminal evidence. Mobile Device Forensics by definition applies only to mobile devices, e.g. tablets, cell phones etc, but it the term also includes any portable digital device that has both internal memory and communication abilities such as PDA devices and also GPS devices.






iPhone Analyzer:
                        allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyses and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the original data.

Features

  • Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
  • Multi-platform (Java based) product, supported on Linux, Windows and Mac
  • Fast, powerful search across device including regular expressions
  • Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous "locationd" data)
  • Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
  • Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
  • Integrated visualisation of plist and sqlite files
  • Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
  • Support for KML export and direct export to Google Earth
  • Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".
  • Analyse jail broken device directly over SSH without need for backup (experimental)
Download Link : http://sourceforge.net/projects/iphoneanalyzer/


BitPim:
           is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones.


Download Link : http://sourceforge.net/projects/bitpim/files/

Mobile Internal Acquisition Tool (MIAT)

                                                                this tool which discusses a crucial aspect of Mobile Device Forensics, i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if this tool is publically available and if anyone reading this can help us locate where to find it we’d been very grateful!.

In examining the MIAT dump of the phone's filesystem, I found the following interesting items of evidence (note that these are not intended to be comprehensive):
  • \Windows\Profiles\guest\ - Contained the Pocket IE cache, including Cookies, index.dat (which was not extracted due to the previously specified issue), and Temporary Internet Files
  • \Windows\Messaging - Contained various .mbp files which proved to hold the text of downloaded email messages. There is also an Attachments folder under this path that may hold downloaded attachments.
  • \Windows\ActiveSync - Contained various configuration and log files from Activesync
  • \Windows\Favorites - Contained Favorite links used by Pocket IE
  • \Application Data\GoogleMaps - Contained configuration and cache files used by the installed Google Maps application. These files are all binary, but one of them, prefsext.dat, contains a variety of strings which match searches that have been performed and results (street addresses) which have been returned. Somebody could probably reverse engineer the format and write a parser for this that would be really useful.
  • \*.vol these files contain Embedded databases, which include all of the phone-related information such as call logs, phone book, appointment list, etc. I haven't yet found a free application to parse them, but there's got to be something out there.
  • I also found a number of other empty Attachments folders, as well as additional empty Profiles and Temporary Internet Folders folders. This probably means that these various locations are implementation dependant.
 Download Link : http://www.dfrws.org/2008/proceedings/p121-distefano_pres.pdf


TULP2G:
           is a .NET based forensic software framework for extracting and decoding data stored in electronic devices.

“TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”

Download Link : http://sourceforge.net/projects/tulp2g/

Santoku Community Edition:
                                runs in the lightweight Lubuntu Linux distro. It can be run in VirtualBox (recommended) or VMWare Player, both available free and run on Linux, Mac or Windows. The Lubuntu download is large because it is a full .iso. We recommend you download on a fast connection. 


Tools to acquire and analyze data
  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics
Download Link : https://santoku-linux.com/download


UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
 UFED Physical Analyzer :
                                         is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.
UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf

UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
 
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool


Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Advanced capabilities for:

iOS ::

    Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
    Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
    Advanced decoding of applications.

BlackBerry ::

    Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
    Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.

Android ::

    Advanced decoding of all physical extractions performed on devices running any Android versions.
    Advanced decoding of applications and application files.

GPS ::

    Portable GPS devices extraction and decoding.
    Exclusive – Physical extraction of Tom Tom trip-log files.

 Download Link : http://go.cellebrite.com/30DayPhysicalAnalyzerTrial

Oxygen Forensic® Suite:

                           Oxygen Forensics Suite (Standard Edition) is a tool that will help you achieve this. Features include the ability to gather Device Information (Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts, Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call Logs, and Calendar and Task information. It also comes with a file browser which allows you to access and analyse user photos, videos, documents and device databases.


Download Link : http://www.oxygen-forensic.com/en/download/freeware


Advanced capabilities for:

iOS :: 
  • Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
  • Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
  • Advanced decoding of applications.
BlackBerry :: 
  • Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
  • Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
  • Advanced decoding of all physical extractions performed on devices running any Android versions.
  • Advanced decoding of applications and application files.
GPS :: 
  • Portable GPS devices extraction and decoding.
  • Exclusive – Physical extraction of Tom Tom trip-log files.
- See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf