Nyuki Forensic Investigator (NFI)


Nyuki Forensic Investigator is an open source application, that aims to provide a user friendly interface for the analysis of mobile device artefacts, that exist on Smartphone devices running the Android and iOS Operating System. It can be used to extract specific and aggregated information from individual applications and system files using a simple modular architecture, which is capable of accommodating any changes to individual artefacts.

Nyuki Forensics Investigator can be used by forensic analysts or mobile application penetration testers to analyze the contents of individual applications or global databases for information that can reveal user actions or internal application structures.

Nyuki Forensics Investigator was initially developed during an Android application penetration test in our spare time. It later grew into platform that students could use during the Mobile Forensic Bee™  course offered by Silensec (read more). Finally, it was decided that the application could become something more than a training assistant and thus we began developing what would later be called the Nyuki Forensic Investigator.

Application Features (Current Release)

  • Extract information from Android data partitions
  • Retrieve information about screen locks and device accounts
  • Explore the device contacts, Facebook friends, LinkedIn connections, Whatsapp contacts
  • Read through Facebook, LinkedIn, Skype chats
  • View networking information such as connected WiFi networks, Bluetooth devices, tethering settings, IP address leases and more
  • View SELinux logs and application usage statistics
  • List Telephony communications such as Calls, SMS messages
  • Explore individual application stores
  • View individual application file attributes, types, content and application usage timeline
  • Extract ASCII and Unicode strings from Application files
  • View Application usage timeline
  • Search through applications for specific data, permissions or execution dates
  • Many more to come...

Screenshots

User Guide

A copy of the initial user guide can be downloaded from here

Source Code

You may find the source code of this application at the following link:

GitHub

Or, you may download the source code by executing the following command:

git clone https://github.com/georgenicolaou/nfi.git

 

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.