The aim of the Aardwolf project is to develop a system for determining and exporting those files that are changed, created or deleted during the execution of certain actions with a mobile phone application. Subsequently, these files will be stored in a central reference database to facilitate querying, retrieval and sharing of results with other users.
The component of the system that harvests file information is a stand-alone program named Argus. The reference database and accompanying web application is called Aardwolf (an acronym for Application Analysis Results Database With Open-source Library Foundation) and the third component of the project is the Online Store Scraper (OSS). This downloads new versions of selected mobile apps and populates the reference database with application installation files and their metadata.
The project is partially funded by the ENFSI Monopoly 2020 program.
Digital investigators can use the standalone tool Argus to export and analyze the data generated by a mobile app.
To extract files from a device, Argus requires that the device under test is a rooted Android phone, an android virtual device (AVD) or a jailbroken iPhone.
The reference database will contain traces produced by an app, thereby enabling investigators to query it to find which traces are left behind by a specific app.
The reference database will ensure that knowledge in the field of app analysis can be guaranteed and shared.
This will stimulate collaboration between investigators and research institutes in the field of app analysis.
The Aardwolf system consists of several parts. These parts are briefly described below.
Work package 1 is intended for all activities related to the general management and coordination of the action (meetings, coordination, project monitoring and evaluation, financial management) and all the activities which are cross cutting and therefore difficult to assign just to one specific work package. In such case, instead of splitting them across many work packages please enter and describe them in Work package 1. For this reason, it has a different layout where you do not have to enter objectives and duration. Nevertheless, this work package will have its own deliverables (e.g. reports, work plan, evaluation report) and outputs (e.g. meetings).
