dear all,
I am testing aLEAPP.
First I had an acquisition of an android smartphone. I used ADB backup. The file is names backup.ab
Second I create a new project on autopsy choosing logical file and selecting the backup.
In the ingest I choosed aLEAPP but nothing appens I only in the tree logicalfileset1(1)
What I have to do?
Thanks all
In order to use aLeapp in Autopsy you will need either a Image file source (E01, vhd, vmdk or raw image) or add the zip, tar or gz or the actual file system to a logical image source. Once you do that aLeapp should work fine.
Mark thanks for answering me. I zipped the *.ab file, then added to autopsy with the same result
It will not read a ADB backup, zipped or unzipped. You will have to convert the ADB backup to something that aLeapp can actually read.
ok thank you very much
I am not sure if this is what was meant, but I took an android backup (logical, through ADB), created a VHD, copied the ADB backup files to the VHD. I then imported the VHD into Autopsy and ran aLEAPP…no go. I must be doing something wrong.
I haven’t looked too deeply, but I have so far failed to find much documentation on this modules use. Though it would come in handy.
If you go to the following directory what does the aLeapp output look like? <case directory/ModuleOutput/aLeapp//ALEAPP_Reports_<date/time>/index.html?
Thanks. In summary, the output looks like this:
No files found for adb_hosts → **/data/misc/adb/adb_keys
No files found for etc_hosts → **/system/etc/hosts
No files found for BashHistory → **/.bash_history
…
etc.
I started checking this out and comparing paths. It appears that at least on one occasion, the paths do not match up with my adb acquisition (i.e. WhatsApp).
More digging to do…