Open Source Tools

This list highlights some of my favorite community supported tools and resources that I use daily to support validation, verification, analysis, and reporting.

DB Browser for SQLite

User-friendly GUI for viewing and editing SQLite databases used by mobile apps.

Visit Website

FQLite

Free tool to find deleted records in SQLite databases.

Visit Website

iLEAPP

iOS Logs, Events, And Plists Parser.

Visit Website

aLEAPP

Android Logs Events And Protobuf Parser.

Visit Website

vLEAPP

Vehicle Logs Events And Protobuf Parser – developed for parsing vehicle data extractions.

Visit Website

rLEAPP

Returns Logs Events And Protobuf Parser – complements VLEAPP for other log types.

Visit Website

ArtEx

Analyze iOS artifacts and map location artifacts with Artifact Examiner, a must in any mobile examiner toolset.

Visit Website

Mushy

Simple serialized data viewer for BPlist, XML, ABX and SEGB (versions 1 and 2).

Visit Website

GCK File Signature Table

A table of file signatures (also known as "magic numbers").

Visit Website

HxD

Hex viewer.

Visit Website

UFADE

Universal Forensic Apple Device Extractor - an open-source imaging tool for Apple devices.

Visit Website

Autopsy

Free, open source platform for analysis.

Visit Website

Evanole

Live log monitoring and analysis tool for iOS devices by Hexordia.

Visit Website

UNFURL

Parse and visualize complex URLs to reveal parameters and embedded metadata.

Visit Website

Hindsight Browser Forensics

Free tool for analyzing web artifacts.

Visit Website

Lumyx

Location-based analysis and visual mapping platform built for investigators.

Visit Website

iCatch

The iOS Cache Analysis for Tracking Coordinates History (iCatch) – useful for geolocation analysis.

Visit Website

CyberChef

Perform encoding, decoding, and conversion tasks all in your browser.

Visit Website

Intents Parser

Parser for files located at /private/var/mobile/Library/Biome/streams/public/AppIntent/local/ in an iOS Full Filesystem extraction.

Visit Website

DCode

Online Timestamp Decoder that supports multiple formats and platforms.

Visit Website

7Zip

Free, open source file archiver used to compress and decompress files.

Visit Website

ASCII Table

Reference to ASCII Table of Windows-1252.

Visit Website

The Forensic Scooter

Scott Koenig's research blog on iOS media.

Visit Website