fatcousin
// artifact family

mobile forensics

162 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
162
catalog slugs
162
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. apk analyzerdrop an android apk · permissions · activities · services · manifest · certificates · embedded urls · strings · no disassembly · runs locally
  2. ios ipa analyzerdrop an ios ipa · info.plist · entitlements · permissions · url schemes · embedded frameworks · certificate hints · runs locally
  3. android backup analyzerdrop an android backup ab file · browse app data · extract databases · files · shared preferences · runs locally
  4. ios backup analyzerdrop an ios backup manifest · browse file structure · extract app data · databases · runs locally
  5. android apk permissions auditordrop an .apk · parse AndroidManifest.xml · list all declared permissions · flag dangerous permissions · detect unusual API combinations · runs locally
  6. android sms database parserdrop Android mmssms.db · parse SMS and MMS threads · contacts · timestamps · export conversations as CSV · runs locally
  7. android call log parserdrop Android contacts2.db or calllog.db · parse incoming · outgoing · missed calls · contacts · duration · timestamps · export CSV · runs locally
  8. plist readerdrop an iOS or macOS .plist file · parse binary or XML format · tree view · export JSON · runs locally
  9. ios backup browserdrop an iTunes backup Manifest.db · list backed-up apps · files · domains · relative paths · export CSV · runs locally
  10. ios sms database parserdrop iOS backup SMS.db · threaded conversation view · timestamps · attachments · participants · export CSV · runs locally
  11. ios call history parserdrop ios callhistory storedata sqlite · parse all call records · reconstruct call timeline · identify frequent contacts unknown numbers and voip calls · surface deleted call gap analysis · runs locally
  12. android logcat analyzerdrop android logcat output · parse log levels · crash detection · anr · security exceptions · network activity · timeline · runs locally
  13. ios crash log analyzerdrop ios crash reports ips or crash files · exception type · stack trace · loaded images · thread states · runs locally
  14. mobile app sqlite forensicsdrop mobile app databases · sms idb whatsapp signal contacts · auto-detect schema · show messages contacts calls · runs locally
  15. macos launch agents & daemons parserdrop plist files from LaunchAgents or LaunchDaemons · parse program args · run-at-load · intervals · flag network callbacks · suspicious paths · export CSV · runs locally
  16. ios location historydrop ios location sqlite databases · zrtvisit zannotation learned poi · apple absolute time · timeline · movement ascii · export csv · runs locally
  17. dex inspectordrop .dex or .apk · string pool · classes methods imports · flag suspicious android APIs · csv · runs locally
  18. itunes backup decryptorManifest.plist + encrypted Manifest.db · KeyBag TLV · PBKDF2 AES-KW · Files table · domain filter · CSV · runs locally
  19. android sparse imagesparse .img 0xED26FF3A · RAW FILL DONT_CARE CRC32 · chunk map · ext4 f2fs detect · OTA warn · CSV · runs locally
  20. ios health database deep forensic analyzerdrop healthdb secure.sqlite · steps heart rate sleep falls workouts · movement timeline · alibi verification · runs locally
  21. ios photos database forensic analyzerdrop photos.sqlite · metadata including deleted · location · hidden photos · creation timeline · runs locally
  22. ios screen time forensic analyzerdrop screen time sqlite from ios backup · app usage · website visits · pickup frequency · digital activity · alibi assessment · runs locally
  23. ios notes complete forensic analyzerdrop notestore.sqlite · notes including deleted · locked metadata · attachments · sensitive content scan · runs locally
  24. android notification history forensic analyzerdrop notification db or log exports · reconstruct alerts · message previews · communication timeline · runs locally
  25. ios location history deep reconstructordrop ios backup databases · correlate significant locations · routined · coreduet · cache.sqlite · motion data · reconstruct complete movement history from all available ios location sources · runs locally
  26. mobile app sqlite schema auto-mapperdrop any unknown mobile app sqlite database · auto-detect schema · classify tables by content type · identify messages contacts locations media · extract data from recognized patterns · reverse-engineer unknown app databases · runs locally
  27. android ota and system image inspectordrop android ota zip files or system img files · parse sparse image format · extract partition table · browse installed app list · detect modifications from stock · extract build fingerprint · identify rooting indicators · runs locally
  28. android logcat forensic parserdrop android logcat txt or log · threadtime brief time auto-detect · crash selinux install security panels · runs locally
  29. android sqlite app database browserdrop android app sqlite db · schema discovery · table heuristics · credential column masking · runs locally
  30. ios backup manifest and status parserdrop manifest status or info plist · backupkeybag tlv · encryption assessment · installed apps · runs locally
  31. ios encrypted backup password recovery artifact detectordrop manifest.plist · keybag pbkdf2 salt and iterations · crack time estimates · protection class keys · runs locally
  32. ios backup manifest integrity verifierdrop manifest.db and backup blobs · sha1 integrity vs manifest · missing modified unexpected files · runs locally
  33. ios backup diff and version comparatordrop two manifest.db files · added deleted modified renamed paths · forensic significance tags · runs locally
  34. ios backup encryption key artifact analyzerdrop manifest.plist and manifest.db · keybag hierarchy · protection class accessibility · per-file encryption class counts · runs locally
  35. ios crash log forensic analyzerdrop ios crash log .ips or .crash file · parse structured crash report · extract exception type signal and faulting address · reconstruct crash context · surface forensically relevant crash patterns and repeated crashes · runs locally
  36. ios datausage sqlite parserdrop ios datausage sqlite · parse per-app cellular and wifi data usage statistics · reconstruct which apps consumed network data and when · surface large data transfers and unusual app network activity · runs locally
  37. ios keychain artifact parserdrop keychain-backup plist · metadata only · access groups · wifi and web credentials · no secret bytes · runs locally
  38. ios plist parser and analyzerdrop ios plist binary or xml · nested tree · forensic key detection · flattened csv export · runs locally
  39. ios pairing record forensic analyzerdrop itunes lockdown pairing plist · parse device and host certificates · escrow bag detection · pairing age and trust implications · csv json export · runs locally
  40. ios lockdown certificate artifact extractordrop pairing plist der or pem · decode x509 lockdown certs · chain validation · udid and host uuid · pem csv json export · runs locally
  41. sms and imessage database parserdrop ios sms.db sqlite file · parse all messages conversations and attachments · reconstruct conversation threads · surface deleted message gaps and attachment metadata · runs locally
  42. ios imessage attachment forensic extractordrop ios sms.db and attachment files from backup · parse attachment records · uti types · transfer state · cross-reference files on disk · expired audio · stickers · runs locally
  43. ios imessage deletion artifact detectordrop ios sms.db · rowid gaps · join orphans · deleted_messages tombstones · ck_sync_state=2 · two-db guid compare · bulk deletion · runs locally
  44. ios imessage unsend artifact detectordrop ios sms.db · detect imessage unsend artifacts · system messages · processing tasks · 2-minute window · runs locally
  45. ios imessage edited message forensic reconstructordrop ios sms.db · detect imessage edit artifacts · edit chain reconstruction · word diff between versions · two-db text delta · runs locally
  46. ios spotlight search artifact extractordrop ios spotlight sqlite or interactionc database · extract spotlight search queries · reconstruct what the user searched for on device · surface app launches via spotlight and searched contact names · runs locally
  47. itunes backup artifact extractordrop manifest db and backup plists · domain inventory · high-value paths · fileid mapping · runs locally
  48. iOS iTunes backup forensic analyzerdrop manifest db or plist · full backup inventory · device identity · keybag · domain breakdown · runs locally
  49. iOS backup source device identifierdrop info plist · extract udid imei serial · model lookup · multi-backup mismatch flags · runs locally
  50. iOS partial backup forensic reconstructordrop manifest db and status plist · reconstruct interrupted backup coverage · domain and app gaps · runs locally
  51. iOS device timestamp vs backup timestamp conflict detectordrop info plist and manifest db · detect future file timestamps · clock manipulation flags · runs locally
  52. mobile app sandbox artifact analyzerdrop ios app sandbox directory listing or android app data directory listing · identify forensically significant files within app sandboxes · map file types to forensic categories · surface databases caches preferences and logs within each app container · runs locally
  53. mobile device pairing record analyzerdrop ios lockdown pairing plist or android adb key files · parse device pairing credentials · identify which computers have been paired with the device · surface pairing timestamps and certificate details · runs locally
  54. mobile location history extractordrop ios locations sqlite · google location json · csv gps · haversine stops · movement timeline · runs locally
  55. mobile photo metadata batch analyzerdrop multiple jpeg or heic image files · extract and aggregate exif metadata · reconstruct photo timeline and location trail · surface device identifiers camera settings and gps coordinates across all images · runs locally
  56. mobile screen time parserdrop ios screen time sqlite or android usage_stats.db · daily usage · per-app ranking · hourly heatmap · runs locally
  57. ios afc (apple file conduit) artifact extractorpaste or drop afc log or filesystem listing · parse afc transfer artifacts · reconstruct access timeline · flag afc2 paths · runs locally
  58. ios checkm8 extraction artifact analyzerpaste or drop checkra1n or palera1n log · parse exploit chain · device chip ios version · forensic integrity rating · runs locally
  59. ios jailbreak artifact detectordrop manifest db or path list · detect jailbreak indicators cydia sileo substrate · tool identification · removal hints · runs locally
  60. ios jailbreak type and version identifierdrop path list or manifest db · identify jailbreak tool version type rootless rootful · bootstrap hooking framework · integrity assessment · runs locally
  61. ios agent-based extraction artifact parserdrop agent extraction manifest json xml plist · parse tool version data classes · team id lookup · consent and integrity notes · runs locally
  62. iOS DataUsage.sqlite forensic analyzerdrop an iOS DataUsage.sqlite file · parse cellular and WiFi data usage records per app · surface usage timelines, roaming events, and anomalous data transfers · correlate app data usage with device activity · reconstruct network activity timeline · runs locally
  63. iOS netusage artifact forensic extractordrop an iOS netusage.sqlite or network usage plist · parse per-process network usage records · surface WiFi and cellular transfer volumes · reconstruct network activity timeline per app · detect anomalous upload patterns · runs locally
  64. iOS powerlog forensic analyzerdrop an iOS powerlog database (CurrentPowerlog.PLSQL or exported powerlog text) · parse power state, app foreground/background transitions, CPU wake events, and network activity indicators · reconstruct device activity timeline from power events · runs locally
  65. iOS aggregated dict forensic extractordrop iOS aggregated usage plist files (from private/var/mobile/Library/AggregateDictionary/) · parse aggregated scalar and histogram counters · decode counter keys · surface usage frequency data for system features and app interactions · runs locally
  66. iOS biome artifact forensic analyzerdrop iOS BIOME stream files (from private/var/mobile/Library/Biome/streams/) · parse BIOME protobuf or binary format records · decode activity stream entries · surface app usage, user interactions, and behavioral patterns recorded by the BIOME framework · runs locally
  67. ios knowledge c database forensic analyzerdrop knowledgeC.db · parse ZOBJECT activity store · app sessions lock wifi location siri camera mic · full timeline · runs locally
  68. ios screen time artifact forensic extractordrop RMAdminStore or screen time db · app usage pickups notifications web · gaps bypass flags · runs locally
  69. ios app install and uninstall timeline reconstructordrop manifest db applicationstate plists installd log · install uninstall upgrade timeline · mass uninstall alerts · runs locally
  70. ios app usage duration forensic analyzerdrop knowledgeC RMAdminStore BIOME · multi-source session merge · per-app stats gaps discrepancies · runs locally
  71. ios spotlight forensic artifact extractordrop spotlight index stores or plist exports · parse search index artifacts · query history and app indexing records · detect anti-forensic index removal · runs locally
  72. ios core data artifact forensic parserdrop an ios core data sqlite store · parse entity model and records · decode timestamps and blob attributes · reconstruct schema for forensic interpretation · runs locally
  73. ios keychain artifact forensic extractordrop keychain-backup plist from itunes backup · parse item classes · decode accessibility and timestamps · surface credentials tokens certificates · runs locally
  74. ios wallet pass forensic artifact analyzerdrop apple wallet pkpass or wallet database · parse pass structure · extract barcode location beacons and travel dates · surface payment and identity pass data · runs locally
  75. ios health database forensic extractordrop healthdb secure sqlite · parse health records samples and metadata · step counts heart rate sleep workouts · reconstruct activity timeline · runs locally
  76. ios activity energy and motion artifact analyzerdrop ios health databases · parse energy exercise stand and move goal data · reconstruct activity ring history · correlate energy with device activity · runs locally
  77. iOS plist forensic parserdrop any iOS plist file (binary or XML) · parse all keys and values · decode NSDate timestamps to human-readable UTC · detect and decode nested binary plists · surface all forensically significant fields · runs locally
  78. iOS binary plist deep extractordrop a binary plist or any file containing embedded bplist blobs · deeply extract all nested binary plists · decode all NSDate timestamps · recover partial or truncated plist structures · surface all embedded data objects · runs locally
  79. iOS unified log (logarchive) forensic analyzerdrop an iOS unified log export (text, JSON, or CSV from log show) · parse log entries · filter by subsystem, category, process, and time range · surface security-relevant events · reconstruct activity timelines · runs locally
  80. iOS crash log forensic extractordrop an iOS crash log (.crash or .ips file) · parse crash report structure · extract faulting process, exception type, crashed thread backtrace, and binary images · identify forensically significant crashes · detect signs of exploitation or intentional crash induction · runs locally
  81. iOS sysdiagnose artifact analyzerdrop an iOS sysdiagnose archive (tar.gz or extracted folder listing) · enumerate all artifact categories present · parse high-value forensic files within the archive · surface device state, installed apps, active processes, network state, and log excerpts · runs locally
  82. iOS IPS crash report forensic parserdrop iOS .ips crash report files (JSON format, iOS 15+) · parse the full IPS structure · decode all fields · surface exception details, thread states, memory maps, and jetsam metadata · correlate multiple crash reports · runs locally
  83. iOS ktrace artifact forensic analyzerdrop an iOS ktrace file or kdebug log export · parse kernel trace events · surface syscall patterns, process activity, and I/O operations · detect anomalous kernel event sequences · reconstruct process and thread activity timelines · runs locally
  84. ios voicemail artifact forensic extractordrop voicemail.db · parse voicemail records · caller numbers timestamps durations · deleted tombstones · rowid gaps · runs locally
  85. ios recent calls database forensic analyzerdrop CallHistory.storedata · parse call records · caller callee type duration · deleted row gaps · call timeline · runs locally
  86. ios call history gap detectordrop CallHistory.storedata · detect pk gaps and temporal silence · two-db delta · voicemail cross-ref · runs locally
  87. ios contacts database forensic analyzerdrop AddressBook.sqlitedb · parse contacts phones emails notes · rowid gaps · account sources · runs locally
  88. ios contact merge and deletion artifact detectordrop AddressBook.sqlitedb · detect deleted merged modified contacts · orphaned multi-values · two-db delta · runs locally
  89. ios notes database forensic extractordrop NoteStore.sqlite · parse note content attachments · deleted trashed notes · nskeyedarchiver decode · runs locally
  90. ios locked note artifact analyzerdrop NoteStore.sqlite · surface password-protected notes · encryption header metadata · snippet fragments · runs locally
  91. ios reminders database forensic extractordrop RemindersV6.storedata · parse reminders lists due dates · completed trashed recurring · runs locally
  92. ios calendar event forensic analyzerdrop Calendar.sqlitedb · parse events calendars attendees · deleted cancelled meetings · runs locally
  93. ios maps search history forensic extractordrop Maps sqlite or plist · parse searches destinations · home work locations · route history · runs locally
  94. ios significant locations forensic extractordrop routined Cache.sqlite · parse significant places visits · home work inference · visit timeline · runs locally
  95. ios frequent locations artifact analyzerdrop routined cache · location clusters stay-points · commute patterns · anomaly detection · runs locally
  96. ios geofence artifact forensic extractordrop clients.plist · parse geofence regions · entry exit events · stalkerware heuristics · runs locally
  97. ios motion activity artifact forensic analyzerdrop CoreMotion sqlite · parse activity sessions · automotive walking timeline · daily summaries · runs locally
  98. ios workout route forensic extractordrop healthdb with workout routes · decode protobuf cllocation series · reconstruct gps paths · gpx and csv export · runs locally
  99. ios coremotion artifact forensic analyzerdrop coremotion sqlite · parse cmmotionactivity · motion timeline · automotive sessions · gap inventory · runs locally
  100. ios exif and photo metadata forensic extractordrop jpeg heic png · extract exif gps tags · timestamp discrepancy flags · metadata csv export · runs locally
  101. ios photos.sqlite forensic analyzerdrop photos.sqlite · zasset inventory · deleted hidden gps clusters · faces albums · timestomp flags · runs locally
  102. ios deleted photo recovery artifact detectordrop photos.sqlite · recently deleted tombstones · mass deletion events · cloud-only artifacts · runs locally
  103. ios shared album artifact forensic extractordrop photos.sqlite · shared album inventory · public url alerts · participant metadata · runs locally
  104. ios face recognition grouping forensic analyzerdrop photos.sqlite · zperson zdetectedface · co-occurrence matrix · person directory · runs locally
  105. ios screen recording artifact detectordrop photos.sqlite or path list · detect screen recordings · replaykit resolution match · deleted hidden alerts · runs locally
  106. ios screenshot burst forensic analyzerdrop photos.sqlite · screenshot detection · burst clustering · rapid capture flags · runs locally
  107. iOS WhatsApp artifact forensic extractordrop iOS WhatsApp ChatStorage.sqlite and Contacts.sqlite · parse all chats, messages, groups, and media references · reconstruct conversation timelines with delivery status · surface location shares, contact cards, and deleted message placeholders · runs locally
  108. iOS WhatsApp call log forensic analyzerdrop iOS WhatsApp ChatStorage.sqlite · parse WhatsApp voice and video call records from ZWACALLHISTORY or system message fallback · extract call type, duration, direction, and timestamps · detect missed and rejected calls · surface call patterns · runs locally
  109. iOS WhatsApp deleted message recovery detectordrop iOS WhatsApp ChatStorage.sqlite (one or two versions) · detect soft-deleted placeholders and hard-deleted ROWID gaps · surface media residue from deleted messages · detect bulk deletion patterns before acquisition · runs locally
  110. ios safari browsing history forensic analyzerdrop History.db · urls titles visit counts timestamps · tombstones rowid gaps · sessions search queries · runs locally
  111. ios safari icloud tab forensic extractordrop CloudTabs.db · synced open tabs across icloud devices · urls titles device names · cross-device overlap · runs locally
  112. ios safari download artifact forensic analyzerdrop Downloads.plist · source urls filenames sizes timestamps · partial auto-delete flags · suspicious types · runs locally
  113. ios safari favicon database forensic extractordrop Favicons.db · page urls and favicon timestamps · survives history clearing · optional History.db cross-ref · runs locally
  114. ios safari reading list artifact forensic extractordrop Bookmarks.db · reading list urls titles excerpts · fetch status offline copy · deleted row gaps · runs locally
  115. ios signal artifact forensic extractordrop signal.sqlite · parse conversations and messages · disappearing timers · view-once flags · draft messages · registered phone · rowid gaps · runs locally
  116. ios signal sealed sender artifact analyzerdrop signal.sqlite · three-timestamp delivery analysis · linked device activity · identity verification · burst detection · latency patterns · runs locally
  117. ios telegram artifact forensic extractordrop cache4.db or account db · parse chats messages channels · forwarding edits tombstones · disappearing timers · mid gap analysis · runs locally
  118. ios telegram secret chat artifact detectordrop telegram db · detect secret chat sessions · dh key fingerprint emoji grid · sequence gap analysis · self-destruct timers · runs locally
  119. ios instagram artifact forensic extractordrop iOS Instagram database files from the app container · parse direct messages, search history, and account artifacts · surface ephemeral media tombstones and cached CDN URLs · reconstruct Instagram activity timeline · runs locally
  120. ios snapchat artifact forensic extractordrop iOS Snapchat database files from the app container · parse snap metadata, chat records, and friend lists · surface snap open timestamps, screenshot alerts, and expired snap tombstones · reconstruct Snapchat activity timeline · runs locally
  121. ios snapchat memory forensic extractordrop iOS Snapchat database files · parse Snapchat Memories artifacts · extract saved snap metadata, camera roll save records, location tags, and Highlights · detect deleted Memories · surface cloud sync status · runs locally
  122. ios tiktok local artifact forensic extractordrop iOS TikTok database files from the app container · parse direct messages, search history, video view records, and account identity artifacts · surface content interaction patterns and communication metadata · reconstruct TikTok activity timeline · runs locally
  123. ios discord artifact forensic extractordrop iOS Discord database files from the app container · parse cached messages, server memberships, DM threads, and user identity · surface deleted message local cache content · decode Discord snowflake timestamps · reconstruct Discord communication timeline · runs locally
  124. ios facebook messenger artifact forensic extractordrop iOS Facebook Messenger database files from the app container · parse message threads, call records, and group memberships · surface message content, unsent message envelopes, and media references · reconstruct Messenger communication timeline · runs locally
  125. ios linkedin artifact forensic extractordrop iOS LinkedIn database files from the app container · parse messaging artifacts, connection metadata, job search history, and application records · surface professional identity and communication patterns · reconstruct LinkedIn activity timeline · runs locally
  126. ios twitter/x artifact forensic extractordrop iOS Twitter/X database files from the app container · parse direct messages, tweet cache, and search history · surface DM content including deleted message local cache · decode Twitter snowflake timestamps · reconstruct Twitter/X activity timeline · runs locally
  127. ios cash app artifact forensic extractordrop iOS Cash App database files from the app container · parse transaction records, payment notes, and account artifacts · surface payment amounts, counterparty Cashtags, and timestamps · detect suspicious payment patterns and structured transactions · runs locally
  128. ios venmo artifact forensic extractordrop iOS Venmo database files from the app container · parse payment records and transaction notes · surface audience settings (public/friends/private) · surface social feed likes and comments on transactions · reconstruct Venmo financial and social activity timeline · runs locally
  129. ios uber artifact forensic extractordrop iOS Uber database files from the app container · parse trip records and pickup/dropoff locations · surface saved Home and Work locations · detect airport trips, night trips, and surge pricing events · reconstruct travel history · runs locally
  130. ios lyft artifact forensic extractordrop iOS Lyft database files from the app container · parse ride records and pickup/dropoff locations · surface saved Home and Work locations · detect airport trips, night trips, and Primetime pricing events · reconstruct Lyft travel history · runs locally
  131. iOS Mail app artifact forensic extractordrop iOS Mail Envelope Index + Protected Index · parse envelope metadata · sender recipient subject snippet · mailbox threads accounts · runs locally
  132. iOS Mail deleted message recovery artifact detectordrop iOS Mail Envelope Index (1–2 versions) · Trash soft-delete · ROWID gaps · flags deleted · thread orphans · two-DB delta · runs locally
  133. ios dating app artifact forensic extractor (Tinder, Bumble, Hinge)drop iOS dating app database files (Tinder, Bumble, or Hinge) · auto-detect app · parse match records, messages, and profile metadata · surface match timestamps, screenshot alerts, and own location from account plist · detect confirmed real-world meetings (Hinge We Met) · runs locally
  134. ios gaming artifact forensic extractordrop iOS Game Center database files or StoreKit IAP cache · parse achievement records, leaderboard scores, multiplayer match history, and in-app purchase records · surface gaming activity timestamps and social gaming relationships · runs locally
  135. ios banking app artifact forensic extractordrop iOS banking app database files from the app container · parse cached transaction records, account summaries, and notification artifacts · surface transaction metadata, MCC-decoded merchant types, and fraud/login alerts · detect suspicious transaction patterns · runs locally
  136. ios vpn app artifact forensic extractordrop iOS VPN app database files, configuration plists, and NEVPNManager records · parse connection session logs, server configurations, and account artifacts · surface kill switch, obfuscation, multi-hop, and Tor settings · detect VPN usage gaps and anti-forensic patterns · runs locally
  137. ios burner app artifact detectordrop iOS backup Manifest.db, ApplicationState.db, knowledgeC.db, or app listings · detect installed and previously deleted burner phone number and anonymous communication apps · surface usage timestamps and residual artifacts from deleted apps · identify ephemeral identity patterns · runs locally
  138. ios encrypted messaging app residue detectordrop iOS backup Manifest.db, knowledgeC.db, Screen Time database, DataUsage.sqlite, and keychain files · detect and quantify encrypted messaging app usage across all artifact sources · reconstruct scope of inaccessible encrypted communications · produce forensic gap assessment · runs locally
  139. ios sms and imessage database forensic analyzerdrop sms.db · parse messages handles chats attachments · tapbacks reply threads rowid gaps · delivery read receipts timeline · runs locally
  140. iOS FaceTime call artifact forensic analyzerdrop iOS FaceTime call history databases (FaceTime.db or CallHistory.storedata) and relevant plists · parse FaceTime audio and video call records · extract caller/callee identities, call duration, call type, and timestamps · detect missed, declined, and failed calls · surface FaceTime Link artifacts · reconstruct FaceTime communication timeline · runs locally
  141. iOS AirDrop artifact forensic extractordrop iOS AirDrop database files and system logs · parse AirDrop transfer records · extract sender and receiver identities, filenames, transfer timestamps, and acceptance status · surface AirDrop discovery logs · detect unsolicited AirDrop attempts · reconstruct AirDrop file transfer history · runs locally
  142. iOS SharePlay artifact forensic analyzerdrop iOS SharePlay database files, FaceTime call history, and relevant plists · parse SharePlay session artifacts · surface shared media identifiers, activity types, and participant information · reconstruct SharePlay activity timeline and co-viewing/co-listening history · runs locally
  143. android adb backup forensic analyzerdrop an android adb backup file (.ab) · parse the backup header · decompress and extract the tar archive · enumerate all backed-up app packages, files, and databases · surface device metadata, backup flags, and encryption status · reconstruct the full backup manifest · runs locally
  144. android adb logcat forensic extractordrop an android logcat output file (text or binary) · parse all log entries · extract timestamps, pid, tid, log level, tag, and message · detect forensically significant events · surface app crashes, permission grants, package installs/uninstalls, and network events · reconstruct device activity timeline · runs locally
  145. android apk downgrade artifact detectordrop android apk files, logcat output, or package manager dump text · detect apk downgrade installation artifacts · identify version regression indicators · surface forensic tool signatures associated with downgrade-based extraction (oxygen, cellebrite, ufed) · assess whether downgrade was used for forensic data extraction · runs locally
  146. android full filesystem extraction artifact analyzerdrop an android filesystem extraction manifest or directory listing · parse the filesystem structure · enumerate partitions, key directories, and forensically significant files · surface extraction method artifacts · assess completeness of the extraction · identify files requiring further analysis · runs locally
  147. android edl artifact analyzerdrop edl extraction logs, qpst output files, or qualcomm emergency download metadata · parse edl session artifacts · identify programmer (firehose) version and capabilities · surface partition table from gpt artifacts · detect edl-based extraction tool signatures · assess forensic integrity of edl extraction · runs locally
  148. android mtk preloader artifact extractordrop mtk sp flash tool logs scatter files or nvram · parse brom extraction artifacts · imei mac identity · critical write alerts · runs locally
  149. android qualcomm sahara artifact forensic analyzerdrop qualcomm sahara edl logs or hex captures · parse handshake packets · msm chipset oem pk hash · command timeline csv · runs locally
  150. android chipset-specific extraction artifact analyzerdrop getprop bugreport or extraction logs · identify chipset family · extraction capability matrix · device model lookup · runs locally
  151. android rooting method artifact detectordrop filesystem listing getprop or logcat · detect magisk kernelsu supersu frida · root path database · confidence scoring · runs locally
  152. android root residue forensic analyzerdrop getprop filesystem listing or logcat · detect past rooting residue · knox bit bootloader unlock · magisk cleanup artifacts · runs locally
  153. android factory reset artifact detectordrop recovery logs logcat getprop or path listings · detect factory reset evidence · recovery wipe timeline · mdm remote wipe · boot count · runs locally
  154. android factory reset protection bypass artifact detectordrop frp partition logcat getprop or accounts data · detect frp bypass artifacts · identify bypass method · bootloader unlock · account setup forensics · runs locally
  155. android device encryption artifact analyzerdrop getprop fstab logcat or path listings · fbe vs fde detection · de vs ce accessibility matrix · metadata encryption · runs locally
  156. android file-based encryption artifact extractordrop fbe key blobs vold listings getprop or keystore files · parse key blob v1/v2 · secdiscardable alerts · de vs ce inventory · runs locally
  157. android full disk encryption artifact analyzerdrop fde crypto footer binary getprop or logcat · parse kdf scrypt parameters · keymaster binding · brute-force matrix · hashcat hints · runs locally
  158. sim card artifact forensic extractordrop SIM dumps, ATR logs, EF file exports, or SIM filesystem images · parse SIM identifiers, service tables, SMS storage, network configuration, and SIM metadata · reconstruct SIM-level evidence and carrier provisioning state · runs locally
  159. sim iccid and imsi forensic correlatorcorrelate ICCID, IMSI, MSISDN, and carrier identifiers across artifacts · detect reused SIMs, carrier migrations, cloned identifiers, and multi-device associations · runs locally
  160. sim phonebook artifact forensic extractorparse SIM ADN/FDN/LND phonebook entries and reconstruct SIM-resident contact evidence · runs locally
  161. sim last number dialed artifact extractorparse SIM LND records and reconstruct last dialed number history · runs locally
  162. sim sms artifact forensic extractorparse SIM-resident SMS storage and reconstruct stored SMS evidence · runs locally
ready