 It's Friday night, you're in the office. You're almost done and you are ready to go. All of a sudden your boss walks in with an Android dump and says you have to finish this before you go home. What do you do? Probably search for something like Android, forensics, and these are all great but they're not gonna do what you want. Luckily you remember ALEEP. So you go to the ALEEP GitHub, click on code, copy the repo, open up PowerShell, type get clone and then paste in the repository that you just copied. Hit enter. Now it's cloning into the ALEEP folder. Once that's done, CD ALEEP. And we have two options, the ALEEP.py or the ALEEP GUI.py. Before we can run ALEEP, make sure that you have Python installed. You can get Python from Python.org and downloads and the current version is Python 3.10. Make sure you have anything over 3.9 and it will greatly speed up your investigations. Once you have Python installed, type pip install dash r requirements.txt and this lists all of the Python software that we need to run ALEEP. Press enter, pip will automatically install the software and when that's done, you can run ALEEP. We hate a lot of typing, so we type Python, ALEEP GUI and then up pops a very beautiful ALEEP interface. All of these Android files were already extracted into a folder. If our Android dump was in tar, zip or GZ, we would just choose browse file but since all of our files are extracted into a folder already, we just choose browse folder. Select the location of our Android dump, select our output folder and then choose which modules we want. We're just gonna choose everything. Then click process. One minute later, reports done, click okay and the results will automatically pop up in the browser. Now you can see all the information that ALEEP provides. For example, host information. If you go to report home, you can see device details. You can see Bluetooth connections. Do an entire triage of the phone and it only took one minute to process. But wait, you say I really like using the command line. Can I do that? Yeah, of course you can. Just type Python and then ALEEP.py-h and you'll get the help menu. All you have to give it is the input type, the output path and the input path. I have Python ALEEP-py-t, our type again is file system for a folder. Next is output path. We're going to put this on the desktop. And then for my input path, go find where your data is, copy the address bar and then just right click and it'll paste right in there. And then just hit enter and you're good to go. So what can ALEEP actually tell you? Well, it depends on the phone and the data you have. ALEEP is made of a lot of different plugins that are constantly being updated. And if it understands a data structure, it'll try to extract that information. Usually you can rely on things like accounts, browser history, map information, wifi, Bluetooth information, potentially locations, mail, potentially chats, things like that. And modules are constantly being updated. So as long as you keep up to date, you'll be able to pull out quite a bit of information on a lot of different types of Android phones. Go through, have a look at it. And if it doesn't do what you want to do, you can easily write a module for it. We'll talk about that later. You've gone through, you've triaged the data, write up a quick report, send that to your boss and say, hey, have a nice weekend.