iForensics App Sandbox
Solution for semi-automatic dynamic/static mobile application testing.

iForensics App Sandbox

  • Utilize semi-auto process to enhance your workflow efficiency
  • Supports sandbox with physical device
  • Supports static analysis, source code security analysis, dynamic analysis, etc
  • Utilizes browser-like UI and visualization dashboard, which can present the inspection results in a simple, straight-forward fashion
  • Supports the visualization of geolocation of the networking with external IPs
  • Supports security database analysis, find out malwares/malicious apps/suspicious apps with speed
Description
  • Supports Web UI both in English and Chinese, in which examiners can upload and analyze Android apps.
  • Supports the display of basic information of the app under inspection (e. g. MD5/SHA256 value, SDK version, app name, file type, file size, analysis platform and its time consumption, etc.).
  • Supports sandbox with both virtual machine and physical machine; for the physical sandbox with a mobile device or tablet computer, both static and dynamic analysis can be performed.
  • Support result indication of the analyzed app, in which our solution can tell whether the app uses dangerous permissions and utilize the hash value of the app, via automatically verifying it with the VirusTotal database, to find out its security rating.
  • Support project-oriented management, in which examiners can see the app inspection records of the project, and can create/delete projects if needed.
  • Supports automatic and manual analysis, which can proceed respectively at the same time and display the inspection progress.
  • Supports batch uploading of multiple apps for analysis and can display the progress.
  • Support dynamic analysis to app behavior (e. g. privilege escalation, access to specific data, audio recording, access to camera, external connection, use of Native Code components, use of Dynamic Code, external networking, etc.).
  • Supports capturing and analysis to the content of unencrypted network packets; also, the geo-location of the packet flow destination IPs can be displayed with a visualized world map UI.
  • Supports man-in-the-middle method to decrypt and display the packet content of which the packets utilize encrypted https connections.
  • Supports the display of supported TLS version, encryption algorithm(s), key length and the information regarding the organization(s)/country(ies) which issued the certificate ,etc., for the connections utilizing HTTPS.
  • Supports the inspection on whether the app utilize AES or DES encryption when accessing information and can obtain the inputted parameter(s) and encryption key (if any).
  • Supports the display of SMS sending and call-out behaviors, including the content of SMS and the dialed number(s).
  • Supports listing out the corresponding times of the files read, generated, or deleted during the process of analysis to the app(s).
  • Supports listing out all the broadcast receivers called during app execution.
  • Supports listing out the SQL syntax and time utilized by the app in the access to the database.
  • Supports screenshot capture to the app operation screen, and can display it in the report of analysis results.
  • Supports the analysis to information/records regarding the surroundings. (e. g. WiFi, GPS, Bluetooth, NFC, IMEI, IMSI, etc.)
  • Supports decompilation to the analyzed app.
  • Supports static analysis, which is able in tell whether the behaviors listed below exist: privilege escalation, access to specific data, audio recording, access to camera, external connection, etc.
  • Supports checking whether there is AES or DES encrypted code.
  • Supports listing out the permission list of apps, and can mark whether the declared permissions in the permission list are corresponding those of the decompiled code functions.
  • Support generation of a visualized correlation analysis diagram of function call.
  • Supports keyword search and automatic highlighting to hits in the search results to objects which came from the overall process of analysis, including (but not related to): decompiled content of the program, packet content, content of system log, content of files within app folder(s), etc.
  • Supports customization of keyword groups in advance in order to compare the test results of each app.
  • Support export of IP address of networking behavior.
  • Support report generation into .html or .pdf format, in which all the detailed information/records of analysis process will be listed. Examiners can also print out keyword search results.
  • Support report generation; examiners can click the items they need and generate report accordingly.