Sandroid Documentation

Sandroid Logo

Sandroid is a comprehensive Android forensic analysis framework designed for extracting artifacts from Android Virtual Devices (AVD). It provides both static and dynamic analysis capabilities for Android applications, including automated malware trigger execution, file system monitoring, network traffic capture, and comprehensive forensic reporting.

Features

🔍 Dynamic Analysis

  • Real-time file system monitoring

  • Network traffic capture and analysis

  • Process and socket monitoring

  • Frida-based runtime instrumentation

📱 Android Integration

  • ADB interface for device communication

  • Android emulator management

  • APK installation and analysis

  • Automated screenshot capture

🛡️ Security Analysis

  • Malware behavior monitoring

  • SSL/TLS traffic interception (friTap)

  • Memory dumping capabilities

  • Automated trigger execution (TrigDroid)

📊 Reporting

  • JSON output format

  • PDF report generation

  • AI-powered analysis summaries

  • Comprehensive logging

Quick Start

Installation:

pip install sandroid

Initialize Configuration:

sandroid-config init

Run Analysis:

# Interactive mode
sandroid

# Command-line mode
sandroid --network --screenshot 5 --report

Getting Started

User Guide

API Reference

Python API

Advanced Topics

Advanced Usage

Developer Documentation

Development

Note

For Contributors: Before contributing to Sandroid, please review the comprehensive Coding Guidelines that cover code style, testing requirements, security practices, and Sandroid-specific development patterns.

About

Project Information

Indices and tables