fatcousin
// artifact family

android app artifacts

30 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
30
catalog slugs
30
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. android chrome browsing history forensic analyzerdrop an Android Chrome History SQLite database · parse all browsing history, visits, and keyword search terms · reconstruct browsing sessions · detect deleted history gaps · surface forensically significant domains and search queries · runs locally
  2. android chrome download artifact forensic extractordrop an Android Chrome History SQLite database · parse all download records · extract source URLs, local paths, file sizes, and completion timestamps · detect partial and dangerous downloads · surface forensically significant downloaded content · runs locally
  3. android whatsapp database forensic analyzerdrop an Android WhatsApp msgstore.db · parse all messages, chats, groups, and media metadata · reconstruct conversation timelines · surface message delivery status, forwarding metadata, location shares, and contact cards · detect deleted message gaps · runs locally
  4. android whatsapp key and crypt file forensic extractordrop WhatsApp key file and/or .crypt12/.crypt14/.crypt15 backup files · parse the key file structure · analyze backup encryption parameters · attempt decryption if key and crypt file are both provided · surface backup metadata and assess forensic accessibility · runs locally
  5. android whatsapp call log forensic analyzerdrop an Android WhatsApp msgstore.db · parse WhatsApp voice and video call records · extract caller, callee, duration, call type, and timestamps · detect missed and rejected calls · surface group call events · cross-reference with message timeline · runs locally
  6. android whatsapp status artifact forensic extractordrop an Android WhatsApp msgstore.db and/or status database files · parse WhatsApp Status (Stories) artifacts · extract status posts viewed, own status history, status media references, and view timestamps · surface contact status viewing patterns · runs locally
  7. android whatsapp deleted message recovery artifact detectordrop an Android WhatsApp msgstore.db (one or two versions) · detect deleted message artifacts via ROWID gaps, revoked message placeholders, and WAL recovery · surface media residue from deleted messages · detect bulk deletion patterns before acquisition · runs locally
  8. android signal database forensic extractordrop Android Signal database files (signal.db or backup files) · parse conversations, messages, and attachment metadata · extract disappearing message settings, contact identifiers, and draft messages · surface registered phone number from database · detect deleted message gaps · runs locally
  9. android telegram database forensic extractordrop Android Telegram database files · parse messages, chats, channels, and contacts · extract forwarding metadata, edit timestamps, and media references · surface disappearing message timer settings · detect deleted message ROWID gaps · reconstruct Telegram communication timeline · runs locally
  10. android telegram cache artifact forensic extractordrop Android Telegram cache database files and media cache listings · parse cached media metadata and file references · surface contact profile photo caches · extract recently accessed media CDN URLs · detect cache clearing events · reconstruct media interaction history · runs locally
  11. android snapchat artifact forensic extractordrop Android Snapchat database files from the app data directory · parse snap metadata, chat records, and friend lists · surface snap open timestamps and screenshot events · detect expired snap tombstones · reconstruct Snapchat activity timeline · runs locally
  12. android snapchat cache forensic extractordrop Android Snapchat cache directory listings or database files · parse cached snap media metadata · surface Snap map location cache · detect saved content from ephemeral snaps · identify cache clearing patterns · runs locally
  13. android instagram artifact forensic extractordrop Android Instagram database files from the app data directory · parse direct messages, search history, and account artifacts · surface ephemeral media tombstones and cached interaction data · reconstruct Instagram activity timeline · runs locally
  14. android tiktok artifact forensic extractordrop Android TikTok database files from the app data directory · parse direct messages, search history, video view records, and account identity · surface content interaction patterns and deleted message residue · reconstruct TikTok activity timeline · runs locally
  15. android discord artifact forensic extractordrop Android Discord database files from the app data directory · parse cached messages, server memberships, DM threads, and user identity · surface deleted message local cache content · decode Discord snowflake timestamps · reconstruct Discord communication timeline · runs locally
  16. android facebook artifact forensic extractordrop Android Facebook app database files · parse Messenger threads, feed cache, search history, and account artifacts · surface message content, unsent message envelopes, and media references · reconstruct Facebook activity timeline · runs locally
  17. android gmail artifact forensic extractordrop Android Gmail database files · parse email envelope metadata, snippets, label assignments, and account information · surface thread structures · detect deleted and trashed emails · reconstruct email activity timeline · runs locally
  18. android google drive artifact forensic extractordrop Android Google Drive database files · parse file metadata, sync records, activity logs, and shared item artifacts · surface file names, owners, share recipients, and access timestamps · detect file deletion and trash events · reconstruct Drive activity timeline · runs locally
  19. android google photos artifact forensic extractordrop Android Google Photos database files · parse photo and video metadata · extract GPS coordinates, capture timestamps, and album memberships · surface shared album participants · detect deleted photo tombstones · reconstruct photo activity timeline · runs locally
  20. android google maps artifact forensic extractordrop Android Google Maps database files · parse search history, saved places, navigation history, and offline map artifacts · surface destination searches and routing events · reconstruct location search and travel history · runs locally
  21. android google search artifact forensic extractordrop Android Google Search app database files · parse search query history, autocomplete suggestions, and Google feed activity · surface search patterns and topics of interest · detect deleted searches · reconstruct Google search timeline · runs locally
  22. android google assistant query artifact extractordrop Android Google Assistant database files or activity logs · parse Assistant query records · extract spoken commands, device control actions, and conversation context · surface Assistant interaction history and responses · detect sensitive query patterns · runs locally
  23. android samsung messages forensic analyzerdrop Android Samsung Messages database files · parse SMS, MMS, and RCS message records · extract sender, recipient, content, timestamps, and delivery status · surface deleted message gaps · reconstruct SMS/RCS conversation timeline · runs locally
  24. android samsung bixby artifact forensic extractordrop Android Samsung Bixby database files · parse Bixby Voice query history, Bixby Routines, and Bixby Vision artifacts · extract spoken commands, app launch actions, and automated routine triggers · surface Bixby interaction timeline · runs locally
  25. android samsung knox artifact forensic analyzerdrop Android Samsung Knox database files, log files, or getprop output · parse Knox workspace enrollment state · surface Knox warranty bit status · analyze Knox Vault and Keystore artifacts · detect Knox Secure Folder presence and content metadata · assess forensic implications of Knox security architecture · runs locally
  26. android vpn app artifact forensic extractordrop Android VPN app database files, configuration files, or logcat output · parse VPN connection session logs, server configurations, and account artifacts · surface kill switch, obfuscation, and split tunnel settings · detect VPN usage gaps and anti-forensic patterns · runs locally
  27. android burner app artifact forensic detectordrop Android packages.xml, logcat, usage stats database, or filesystem listing · detect installed and previously deleted burner phone number and anonymous communication apps · surface usage timestamps and residual artifacts from deleted apps · identify patterns of ephemeral identity use · runs locally
  28. android anonymous messaging app artifact detectordrop Android packages.xml, usage stats, logcat, or filesystem listings · detect anonymous and untraceable messaging applications · surface usage evidence and residual artifacts · identify apps requiring no phone number or identity verification · assess anonymous communication footprint · runs locally
  29. android encrypted vault app artifact detectordrop Android packages.xml, filesystem listing, or usage stats · detect installed or deleted encrypted vault and secret hiding apps · surface vault app usage evidence · identify content types stored in vaults (from metadata) · detect vault apps designed to disguise themselves as other apps · runs locally
  30. android app cloner artifact forensic detectordrop Android packages.xml, filesystem listing, or logcat · detect app cloner framework installations · identify cloned app instances · surface dual-space and multi-account artifacts · detect usage of cloned messaging apps that may contain additional communication accounts · runs locally
ready