crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
MVT is a forensic tool to look for signs of infection in smartphone devices
45 Commits 22 Branches 67 Tags 6 MiB
Python 99.9%
Go to file
Nex 3fd8d1524f Updated LICENSE 2021-07-25 12:01:23 +02:00
dev First commit 2021-07-16 08:05:01 +02:00
docs Automatically recover malformed sqlite3 databases (closes: #25 #37) 2021-07-25 11:47:05 +02:00
mvt Automatically recover malformed sqlite3 databases (closes: #25 #37) 2021-07-25 11:47:05 +02:00
.gitignore First commit 2021-07-16 08:05:01 +02:00
.readthedocs.yaml Improves documentation 2021-07-18 16:33:34 +02:00
Dockerfile Add compilation of libimobiledevice for iOS compatibility 2021-07-22 17:44:17 +02:00
LICENSE Updated LICENSE 2021-07-25 12:01:23 +02:00
Makefile First commit 2021-07-16 08:05:01 +02:00
README.md Included Docker details in the documentation 2021-07-24 13:23:45 +02:00
mkdocs.yml Included Docker details in the documentation 2021-07-24 13:23:45 +02:00
setup.py Require click >= 8.0.1 2021-07-23 02:08:15 -07:00

README.md

Mobile Verification Toolkit

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidences.

Warning: this tool has been released as a forensic tool for a technical audience. Using it requires some technical skills such as understanding basics of forensic analysis and using command line tools.

Please check out the documentation.

Installation

MVT can be installed from sources or conveniently using:

pip3 install mvt.

You will need some dependencies, so please check the documentation.

Alternatively, you can decide to run MVT and all relevant tools through a Docker container

Usage

MVT provides two commands mvt-ios and mvt-android with the following subcommands available:

  • mvt-ios:
    • check-backup: Extract artifacts from an iTunes backup
    • check-fs: Extract artifacts from a full filesystem dump
    • check-iocs: Compare stored JSON results to provided indicators
    • decrypt-backup: Decrypt an encrypted iTunes backup
  • mvt-android:
    • check-backup: Check an Android Backup
    • download-apks: Download all or non-safelisted installed APKs

Check out the documentation to see how to use them.

License

The purpose of MVT is to facilitate the consensual forensic analysis of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of adversarial forensics.

In order to achieve this, MVT is released under an adaptation of Mozilla Public License v2.0. This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any "Larger Work" derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed ("Data Owner").

Read the LICENSE