PiRogue tool suite (PTS) provides a platform combining analysis tools, knowledge management, incident response management and artifact management, which allows NGOs with limited resources to equip themselves at a low cost. The project consists of an open-source tool suite that provides a comprehensive mobile device forensics and network traffic analysis platform targeting mobile devices, both for Android and iOS.
The PiRogue is an open hardware device based on a Raspberry Pi operating as a network router analyzing network traffic in real time. The PiRogue helps analysts to detect the potential compromise of a mobile device and to have more information allowing them to detect more easily the potential threats represented by a mobile application.
Android | iOS | |
---|---|---|
Network traffic capture | supported | supported |
Network traffic analysis | supported | supported |
Deep packet inspection | supported | supported |
Threat detection | supported | supported |
Stalkerware detection | supported | supported |
TLS traffic decryption | supported | not yet |
Socket activity tracing | supported | not yet |
AES operations tracing | supported | not yet |
Device backup | supported | supported |
Device forensic analysis | supported | supported |
Colander is an incident response and knowledge management platform, delivered as a cloud-agnostic software stack, that organizations can deploy. It takes events (such as network flows, Suricata alerts), artifacts (such as PCAPs, APKs), observables extracted from artifacts or from 3rd-party providers, and turns them into browsable knowledge. Organized in cases, knowledge is then processed to automatically generate reports, detection rules and intelligence feeds.
" PiRogue and Colander tools from the PiRogue Tool Suite were instrumental for our project in conducting the analysis and identifying privacy violations in the mobile apps.
As strategic litigators, it is crucial for us to collect solid evidence of privacy violations to support our arguments during the procedure. The two tools provide a comprehensive setup for mobile app investigations and are open source.
PiRogue helps record network traffic and other evidence such as cryptographic activity, SSL keylog files, socket activity, and even a screencast of the app from the viewpoint of the app user. Thanks to Colander, we were able to analyse the entire network traffic of the apps tested and identify suspicious activities. Both tools are intuitive to use and deliver reliable results.
As an NGO, we highly value the tool's reliability and accessibility, as it empowers us to investigate mobile apps that would otherwise be very difficult to explore.