mvt/README.md

<p align="center">
     <img src="./docs/mvt.png" width="300" />
</p>

# Mobile Verification Toolkit

[![](https://img.shields.io/pypi/v/mvt)](https://pypi.org/project/mvt/)
[![](https://img.shields.io/badge/docs-blue.svg)](https://docs.mvt.re)

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

It has been developed and released by the [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) in July 2021 in the context of the [Pegasus project](https://forbiddenstories.org/about-the-pegasus-project/) along with [a technical forensic methodology and forensic evidence](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/).

*Warning*: MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.

## Installation

MVT can be installed from sources or conveniently using:

```
pip3 install mvt
```

You will need some dependencies, so please check the [documentation](https://docs.mvt.re/en/latest/install.html).

Alternatively, you can decide to run MVT and all relevant tools through a [Docker container](https://docs.mvt.re/en/latest/docker.html).


## Usage

MVT provides two commands `mvt-ios` and `mvt-android` with the following subcommands available:

* `mvt-ios`:
    * `check-backup`: Extract artifacts from an iTunes backup
    * `check-fs`: Extract artifacts from a full filesystem dump
    * `check-iocs`: Compare stored JSON results to provided indicators
    * `decrypt-backup`:  Decrypt an encrypted iTunes backup
    * `extract-key`: Extract decryption key from an iTunes backup
* `mvt-android`:
    * `check-backup`: Check an Android Backup
    * `download-apks`: Download all or non-safelisted installed APKs

Check out [the documentation to see how to use them](https://docs.mvt.re/).


## License

The purpose of MVT is to facilitate the ***consensual forensic analysis*** of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of *adversarial forensics*.

In order to achieve this, MVT is released under an adaptation of [Mozilla Public License v2.0](https://www.mozilla.org/MPL). This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any *"Larger Work"* derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed (*"Data Owner"*).

[Read the LICENSE](https://github.com/mvt-project/mvt/blob/main/LICENSE)
First commit 2021-07-16 06:05:01 +00:00			`<p align="center">`
			`<img src="./docs/mvt.png" width="300" />`
			`</p>`

			`# Mobile Verification Toolkit`

Update readme and version for pypi 2021-07-18 14:31:25 +00:00			`[![](https://img.shields.io/pypi/v/mvt)](https://pypi.org/project/mvt/)`
Updated documentation links 2021-07-30 15:59:17 +00:00			`[![](https://img.shields.io/badge/docs-blue.svg)](https://docs.mvt.re)`
First commit 2021-07-16 06:05:01 +00:00
			`Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.`

fix: readme grammar Changed "evidences" to "evidence". Changed "understanding basics" to "understanding the basics". Changed "command line" to "command-line" 2021-07-25 21:16:26 +00:00			`It has been developed and released by the [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) in July 2021 in the context of the [Pegasus project](https://forbiddenstories.org/about-the-pegasus-project/) along with [a technical forensic methodology and forensic evidence](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/).`
updated readme 2021-07-21 08:25:02 +00:00
Update README.md 2021-07-26 19:39:49 +00:00			`Warning: MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.`
Update README 2021-07-21 11:59:54 +00:00
Included Docker details in the documentation 2021-07-24 11:23:45 +00:00			`## Installation`
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Included Docker details in the documentation 2021-07-24 11:23:45 +00:00			`MVT can be installed from sources or conveniently using:`
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Fixed some formatting 2021-07-26 17:33:12 +00:00			```
			`pip3 install mvt`
			```
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Updated documentation links 2021-07-30 15:59:17 +00:00			`You will need some dependencies, so please check the [documentation](https://docs.mvt.re/en/latest/install.html).`
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Updated documentation links 2021-07-30 15:59:17 +00:00			`Alternatively, you can decide to run MVT and all relevant tools through a [Docker container](https://docs.mvt.re/en/latest/docker.html).`
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Update readme and version for pypi 2021-07-18 14:31:25 +00:00
			`## Usage`

			MVT provides two commands `mvt-ios` and `mvt-android` with the following subcommands available:
Fixed documentation links 2021-07-20 11:42:13 +00:00
Update readme and version for pypi 2021-07-18 14:31:25 +00:00			* `mvt-ios`:
			* `check-backup`: Extract artifacts from an iTunes backup
			* `check-fs`: Extract artifacts from a full filesystem dump
			* `check-iocs`: Compare stored JSON results to provided indicators
			* `decrypt-backup`: Decrypt an encrypted iTunes backup
Update README with `extract-key` command 2021-07-23 06:55:08 +00:00			* `extract-key`: Extract decryption key from an iTunes backup
Update readme and version for pypi 2021-07-18 14:31:25 +00:00			* `mvt-android`:
			* `check-backup`: Check an Android Backup
			* `download-apks`: Download all or non-safelisted installed APKs

Updated documentation links 2021-07-30 15:59:17 +00:00			`Check out [the documentation to see how to use them](https://docs.mvt.re/).`
Update readme and version for pypi 2021-07-18 14:31:25 +00:00
Add Dockerfile with Android dependencies solved 2021-07-20 10:10:37 +00:00
Update readme and version for pypi 2021-07-18 14:31:25 +00:00			`## License`

			`The purpose of MVT is to facilitate the *consensual forensic analysis* of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of adversarial forensics.`

			`In order to achieve this, MVT is released under an adaptation of [Mozilla Public License v2.0](https://www.mozilla.org/MPL). This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any "Larger Work" derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed ("Data Owner").`

			`[Read the LICENSE](https://github.com/mvt-project/mvt/blob/main/LICENSE)`