Device Detection
Automatically detects connected Android devices via ADB. Displays device serial number, manufacturer, model name, Android version and build number. Supports multiple simultaneous device connections for batch processing workflows.
Free Download
Sherlock Forensics Android Acquirer
Since 2006. CISSP, ISSAP and ISSMP certified. SHA256 verified. Logical acquisition via ADB for forensic examiners and investigators.
Sherlock Forensics Android Acquirer is a Windows forensic tool that performs logical acquisition of Android devices via ADB. It detects connected devices, checks bootloader status, inventories available data and extracts SMS, contacts, call logs, media and apps. The Forensic Edition generates court-ready forensic PDF reports with SHA-256 hashing.
Version 0.1.6 | 5.0 MB | Windows 10/11 | SHA256 verified
Compare
Free vs Pro
| Feature | Free | Pro ($399) |
|---|---|---|
| Device detection and identification | Yes | Yes |
| Bootloader status check | Yes | Yes |
| Data category inventory | Yes | Yes |
| Helper APK install | Yes | Yes |
| Data extraction to folder | No | Yes |
| SMS/MMS extraction | No | Yes |
| Contacts extraction | No | Yes |
| Call log extraction | No | Yes |
| Media file extraction | No | Yes |
| App/APK extraction | No | Yes |
| Forensic PDF report | No | Yes |
| SHA-256 hash verification | No | Yes |
| Chain of custody logging | No | Yes |
| Priority support | No | Yes |
Capabilities
Feature Overview
Bootloader Check
Queries the bootloader lock status of the connected device. An unlocked bootloader indicates the device may have been modified, which is critical context for forensic analysis. This status is documented in the forensic report.
Data Categories
Nine independently selectable data categories for targeted acquisition.
- SMS/MMS messages
- Contacts
- Call logs
- Media (photos, videos, audio)
- Installed apps and APKs
- Wi-Fi saved networks
- Browser history and bookmarks
- Calendar events
- Device accounts
Helper APK
A lightweight companion application deployed to the target device during acquisition. The helper APK provides access to protected data categories that ADB alone cannot reach on newer Android versions. It runs with standard permissions, does not root the device and can be removed after acquisition.
Forensic Report PDF
Pro generates a multi-page forensic PDF report documenting the acquisition. Includes device identification, examiner details, acquisition timestamps, selected data categories, SHA-256 hashes for all extracted files, bootloader status and chain of custody metadata. Structured for court submission.
Acquisition Output
Pro extracts all selected data to a structured local folder organized by data category. Each file is individually hashed with SHA-256. The output folder contains the raw extracted data alongside the forensic PDF report for a complete evidence package ready for analysis or archival.
Pricing
One-Time Payment. Yours Forever.
Pro License
$399 USD
Single machine license. No subscription. One-time payment. Yours forever.
- All free features included
- Full data extraction to folder
- Nine selectable data categories
- Court-ready forensic PDF report
- SHA-256 hash verification per file
- Chain of custody logging
- Priority email support
- 30-day money-back guarantee
5+ machines? Contact us for volume pricing.
Use Cases
Who Uses Android Acquirer
Law Enforcement
Police departments and federal agencies use Android Acquirer for rapid logical acquisition of suspect and victim devices. Court-ready PDF reports with SHA-256 hashing satisfy evidentiary requirements. Pairs with our expert witness services for testimony support.
Corporate Investigations
Internal investigation teams extract data from company-issued Android devices during policy violation inquiries, IP theft cases and employee misconduct investigations. The structured output folder integrates with existing case management systems.
Family Law
Family law attorneys and private investigators acquire SMS messages, call logs and media from Android devices in custody disputes, divorce proceedings and harassment cases. Forensic PDF reports document the acquisition for court filing.
Incident Response
Security teams extract data from compromised Android devices during breach investigations. Browser history, installed apps and account data help reconstruct the timeline of a security incident. Used alongside our mobile forensics services.
eDiscovery
Litigation support teams preserve Android device data for electronic discovery obligations. The structured extraction with SHA-256 verification establishes chain of custody from the moment of acquisition. Defensible collection at a fraction of enterprise tool costs.
Guide
How to Acquire Android Evidence
- Enable USB DebuggingOn the Android device, navigate to Settings > About Phone and tap Build Number seven times to enable Developer Options. Then enable USB Debugging under Developer Options. Connect the device to your forensic workstation via USB.
- Launch Android AcquirerOpen Sherlock Forensics Android Acquirer on your Windows workstation. The tool automatically detects the connected device and displays the serial number, model and Android version.
- Review Device StatusVerify device identification details. Check the bootloader status (locked or unlocked). If needed, deploy the helper APK to access protected data categories on newer Android versions.
- Select Data CategoriesToggle the data categories you want to acquire. Choose from SMS, contacts, call logs, media, apps, Wi-Fi networks, browser history, calendar and accounts. Select only what is relevant to your investigation scope.
- Acquire and Generate ReportClick Acquire to extract selected data to a structured local folder. Pro users receive a forensic PDF report with device details, SHA-256 hashes for all extracted files and chain of custody documentation.
Questions
Android Acquirer FAQ
What is logical acquisition of an Android device?
Logical acquisition extracts user-accessible data from an Android device through ADB (Android Debug Bridge) without modifying the device storage. It captures SMS messages, contacts, call logs, media files, installed apps and other data categories. This method preserves the original device state and produces results suitable for court proceedings.
Does Android Acquirer require root access?
No. Sherlock Forensics Android Acquirer performs logical acquisition through ADB without requiring root access. The helper APK extends data access to additional categories without rooting the device. Root access would modify the device and compromise forensic integrity.
What is the helper APK and is it safe?
The helper APK is a lightweight application deployed to the Android device during acquisition. It provides access to data categories that ADB alone cannot reach, such as SMS messages and call logs on newer Android versions. The APK runs with standard user permissions, does not modify device data and can be removed after acquisition.
Are forensic reports from Android Acquirer admissible in court?
Sherlock Forensics Android Acquirer Forensic Edition generates forensic PDF reports with SHA-256 hash verification, device identification, acquisition timestamps, examiner details and chain of custody documentation. The tool is built by CISSP, ISSAP and ISSMP certified examiners with 20 years of courtroom experience. Admissibility depends on jurisdiction and proper evidence handling, but the reports document everything courts typically require for mobile device evidence.
What Android versions are supported?
Android 6.0 (Marshmallow) through Android 15. Device detection and bootloader checks work across all supported versions. Some data categories may have limited availability on older Android versions depending on manufacturer modifications.
What data categories can be extracted?
The tool supports nine data categories: SMS/MMS messages, contacts, call logs, media files (photos, videos, audio), installed applications and APKs, Wi-Fi saved networks, browser history and bookmarks, calendar events and device accounts. Each category can be toggled independently before acquisition.
Is the $399 price a subscription?
No. The $399 USD Pro license is a one-time payment. No subscriptions and no recurring charges. You own the license permanently with free updates included.
How does Android Acquirer compare to Cellebrite?
Cellebrite UFED is an enterprise platform costing $10,000+ annually with physical and file system extraction capabilities. Sherlock Forensics Android Acquirer focuses on logical acquisition at $399 one-time with no annual fees. For investigators who need court-ready logical extractions without enterprise licensing costs, Android Acquirer provides the essential capabilities at a fraction of the price.
Get Started
Download Sherlock Forensics Android Acquirer Today
Free for device detection, bootloader checks and data inventory. Pro at $399 USD for full extraction and forensic PDF reports. Built by the same team that delivers expert witness testimony and mobile forensic investigations in Canadian courts. See also: chain of custody software and forensic report generator. Questions? Call 604.229.1994.
Since 2006CISSP, ISSAP, ISSMP certified604.229.1994
Sherlock Forensics Android Acquirer is provided for lawful use. Terms of Service