Device Detection
Automatically detects connected Android devices via ADB. Displays device serial number, manufacturer, model name, Android version and build number. Supports multiple simultaneous device connections for batch processing workflows.
Free Download
Acquire Android Evidence Without a $15k Cellebrite. Free.
Logical acquisition via ADB. SMS, contacts, call logs, media, apps. Court-ready PDF report with SHA-256 hashes for $399 one-time. The 90% of cases that don't need a passcode break.
Sherlock Forensics Android Acquirer is a Windows and Linux forensic tool that performs logical acquisition of Android devices via ADB. It detects connected devices, checks bootloader status, inventories available data and extracts SMS, contacts, call logs, media and apps. Free for device detection and data inventory. The Forensic Edition at $399 one-time adds full data extraction, court-ready PDF reports with SHA-256 per-artifact hashing and chain of custody documentation. Replaces $10,000+ annual platforms like Cellebrite UFED for the logical acquisition cases that make up the majority of mobile forensic workflows.
Linux requires: libgtk-3, libfontconfig1, libxkbcommon. See install instructions.
Version 0.1.6 | 5.0 MB | Windows 10/11 + Linux x64 | SHA256 verified
Compare
Free vs Pro
| Feature | Free | Pro ($399) |
|---|---|---|
| Device detection and identification | Yes | Yes |
| Bootloader status check | Yes | Yes |
| Data category inventory | Yes | Yes |
| Helper APK install | Yes | Yes |
| Data extraction to folder | No | Yes |
| SMS/MMS extraction | No | Yes |
| Contacts extraction | No | Yes |
| Call log extraction | No | Yes |
| Media file extraction | No | Yes |
| App/APK extraction | No | Yes |
| Forensic PDF report | No | Yes |
| SHA-256 hash verification | No | Yes |
| Chain of custody logging | No | Yes |
| Priority support | No | Yes |
Cost
Cost Comparison
| Solution | Price | Acquisition Type | Notes |
|---|---|---|---|
| Cellebrite UFED | $10,000 to $15,000+ / year | Logical, file system, physical | Enterprise platform, annual licensing, training required |
| GrayKey | $15,000 to $30,000+ / year | Physical (passcode bypass) | iOS focused, restricted distribution, annual subscription |
| Magnet AXIOM | $4,000+ / year | Logical, file system | Annual licensing, analysis platform |
| Oxygen Forensic Detective | $3,000+ / year | Logical, file system | Annual licensing, broad device support |
| Sherlock Forensics Android Acquirer Pro | $399 one-time | Logical via ADB only | Court-ready PDF, SHA-256 per artifact, no annual fees |
| Sherlock Forensics Android Acquirer Free | $0 | Detection + inventory only | No extraction, no report |
What We Are Honest About
Sherlock Forensics Android Acquirer performs logical acquisition via ADB only. We do not do chip-off, JTAG, ISP or physical extraction. We do not bypass passcodes, brute-force bootloaders or exploit baseband chips. If your case requires physical acquisition of a locked device with an unknown PIN, you need Cellebrite, GrayKey or a specialist lab. For the cases that do not require that ceiling, which is the majority of corporate, family law, eDiscovery and civil work, logical acquisition with full chain of custody is the right tool at the right price. Logical extraction still recovers data not visible in the device UI: app SQLite databases, cached content, system logs and metadata. That covers 90% of real-world Android forensic requirements at 3% of the annual cost of enterprise tools.
Capabilities
Feature Overview
Bootloader Check
Queries the bootloader lock status of the connected device. An unlocked bootloader indicates the device may have been modified, which is critical context for forensic analysis. This status is documented in the forensic report.
Data Categories
Nine independently selectable data categories for targeted acquisition.
- SMS/MMS messages
- Contacts
- Call logs
- Media (photos, videos, audio)
- Installed apps and APKs
- Wi-Fi saved networks
- Browser history and bookmarks
- Calendar events
- Device accounts
Helper APK
A lightweight companion application deployed to the target device during acquisition. The helper APK provides access to protected data categories that ADB alone cannot reach on newer Android versions. It runs with standard permissions, does not root the device and can be removed after acquisition.
Forensic Report PDF
Pro generates a multi-page forensic PDF report documenting the acquisition. Includes device identification, examiner details, acquisition timestamps, selected data categories, SHA-256 hashes for all extracted files, bootloader status and chain of custody metadata. Structured for court submission.
Acquisition Output
Pro extracts all selected data to a structured local folder organized by data category. Each file is individually hashed with SHA-256. The output folder contains the raw extracted data alongside the forensic PDF report for a complete evidence package ready for analysis or archival.
Pricing
One-Time Payment. Yours Forever.
Pro License
$399 USD
Single machine license. No subscription. One-time payment. Yours forever.
- All free features included
- Full data extraction to folder
- Nine selectable data categories
- Court-ready forensic PDF report
- SHA-256 hash verification per file
- Chain of custody logging
- Priority email support
- Try the free version before you buy
5+ machines? Contact us for volume pricing.
Use Cases
Who Uses Android Acquirer
Law Enforcement
Police departments and federal agencies use Android Acquirer for rapid logical acquisition of suspect and victim devices. Court-ready PDF reports with SHA-256 hashing satisfy evidentiary requirements. Pairs with our expert witness services for testimony support.
Corporate Investigations
Internal investigation teams extract data from company-issued Android devices during policy violation inquiries, IP theft cases and employee misconduct investigations. The structured output folder integrates with existing case management systems. Pair with our chain of custody documentation for defensible evidence handling.
Family Law
Family law attorneys and private investigators acquire SMS messages, call logs and media from Android devices in custody disputes, divorce proceedings and harassment cases. Forensic PDF reports document the acquisition for court filing.
Incident Response
Security teams extract data from compromised Android devices during breach investigations. Browser history, installed apps and account data help reconstruct the timeline of a security incident. Used alongside our mobile forensics services.
eDiscovery
Litigation support teams preserve Android device data for electronic discovery obligations. The structured extraction with SHA-256 verification establishes chain of custody from the moment of acquisition. Defensible collection at a fraction of enterprise tool costs.
HR Investigations
HR teams extract SMS, messaging app content, photos and call logs from company-owned Android devices during harassment, discrimination and policy violation investigations. The forensic PDF report documents what was acquired, when, by whom and with what hash so the investigation withstands wrongful termination or grievance challenges. Pair with our workplace investigation services for end-to-end handling.
Corporate IR / Insider Threat
Incident response teams acquire compromised employee Androids during data exfiltration investigations, insider threat cases and breach response. Browser history, app installs, Wi-Fi networks and account telemetry build the attacker timeline. SHA-256 per-artifact hashes and chain of custody satisfy legal, insurance and regulatory reviewers without an annual enterprise license.
Guide
How to Acquire Android Evidence
- Enable USB DebuggingOn the Android device, navigate to Settings > About Phone and tap Build Number seven times to enable Developer Options. Then enable USB Debugging under Developer Options. Connect the device to your forensic workstation via USB.
- Launch Android AcquirerOpen Sherlock Forensics Android Acquirer on your Windows workstation. The tool automatically detects the connected device and displays the serial number, model and Android version.
- Review Device StatusVerify device identification details. Check the bootloader status (locked or unlocked). If needed, deploy the helper APK to access protected data categories on newer Android versions.
- Select Data CategoriesToggle the data categories you want to acquire. Choose from SMS, contacts, call logs, media, apps, Wi-Fi networks, browser history, calendar and accounts. Select only what is relevant to your investigation scope.
- Acquire and Generate ReportClick Acquire to extract selected data to a structured local folder. Pro users receive a forensic PDF report with device details, SHA-256 hashes for all extracted files and chain of custody documentation.
Questions
Android Acquirer FAQ
What is logical acquisition of an Android device?
Logical acquisition extracts user-accessible data from an Android device through ADB (Android Debug Bridge) without modifying the device storage. It captures SMS messages, contacts, call logs, media files, installed apps and other data categories. This method preserves the original device state and produces results suitable for court proceedings.
Does Android Acquirer require root access?
No. Sherlock Forensics Android Acquirer performs logical acquisition through ADB without requiring root access. The helper APK extends data access to additional categories without rooting the device. Root access would modify the device and compromise forensic integrity.
What is the helper APK and is it safe?
The helper APK is a lightweight application deployed to the Android device during acquisition. It provides access to data categories that ADB alone cannot reach, such as SMS messages and call logs on newer Android versions. The APK runs with standard user permissions, does not modify device data and can be removed after acquisition.
Are forensic reports from Android Acquirer admissible in court?
Sherlock Forensics Android Acquirer Forensic Edition generates forensic PDF reports with SHA-256 hash verification, device identification, acquisition timestamps, examiner details and chain of custody documentation. The tool is built by CISSP, ISSAP and ISSMP certified examiners with 20 years of courtroom experience. Admissibility depends on jurisdiction and proper evidence handling, but the reports document everything courts typically require for mobile device evidence.
What Android versions are supported?
Android 6.0 (Marshmallow) through Android 15. Device detection and bootloader checks work across all supported versions. Some data categories may have limited availability on older Android versions depending on manufacturer modifications.
What data categories can be extracted?
The tool supports nine data categories: SMS/MMS messages, contacts, call logs, media files (photos, videos, audio), installed applications and APKs, Wi-Fi saved networks, browser history and bookmarks, calendar events and device accounts. Each category can be toggled independently before acquisition. Logical acquisition also recovers data not visible in the device UI including app SQLite databases, cached content and system logs. You do not need physical extraction for 90% of forensic cases.
Is the $399 price a subscription?
No. The $399 USD Pro license is a one-time payment. No subscriptions and no recurring charges. You own the license permanently with free updates included.
How does Android Acquirer compare to Cellebrite?
Cellebrite UFED is an enterprise platform costing $10,000+ annually with physical and file system extraction capabilities. Sherlock Forensics Android Acquirer focuses on logical acquisition at $399 one-time with no annual fees. For investigators who need court-ready logical extractions without enterprise licensing costs, Android Acquirer provides the essential capabilities at a fraction of the price. See our full Cellebrite alternative comparison for a detailed feature-by-feature breakdown including pricing, acquisition types and court readiness.
Does Sherlock Forensics Android Acquirer work on Linux?
Yes. Sherlock Forensics Android Acquirer is available as a native Linux x64 binary. Download the .tar.gz archive, extract and run. Requires libgtk-3, libfontconfig1 and libxkbcommon.
Is the $399 license refundable?
The Pro license is sold as a final-sale digital product, no refunds. This is why the free version is unrestricted for device detection, bootloader checks and data category inventory. Test it against your case workflow on your hardware before purchasing. If something is technically broken, contact us at 604.229.1994 and we will make it right.
Does Android Acquirer send any device data to Sherlock Forensics?
No. All acquisition runs locally on your workstation. Evidence data, hashes and forensic PDF reports stay on your machine. No telemetry, no cloud upload, no phone-home. The tool talks to the connected Android device via ADB and writes output to your chosen local folder.
Get Started
Download Sherlock Forensics Android Acquirer Today
Free for device detection, bootloader checks and data inventory. Pro at $399 USD for full extraction and forensic PDF reports. Built by the same team that delivers expert witness testimony and mobile forensic investigations in Canadian courts. See also: chain of custody software, forensic report generator and ADB forensics guide, workplace investigation evidence and private investigator forensic tools. Questions? Call 604.229.1994.
Since 2006CISSP, ISSAP, ISSMP certified604.229.1994
Linux requires: libgtk-3, libfontconfig1, libxkbcommon. See install instructions.
b4ec8bd6a077a32090d4f35fc3cb32b9230c697b7ebe0b5f2057acaf966b0438
How to verify:
1. Open PowerShell (right-click Start menu, click Terminal)
2. Run: Get-FileHash .\sherlock-android-acquirer.exe
3. Compare the output with the hash above. If they match, the file has not been tampered with.
Sherlock Forensics Android Acquirer is provided for lawful use. Terms of Service