Free Download

Built in Rust

Acquire Android Evidence Without a $15k Cellebrite. Free.

Logical acquisition via ADB. SMS, contacts, call logs, media, apps. Court-ready PDF report with SHA-256 hashes for $399 one-time. The 90% of cases that don't need a passcode break.

Sherlock Forensics Android Acquirer is a Windows and Linux forensic tool that performs logical acquisition of Android devices via ADB. It detects connected devices, checks bootloader status, inventories available data and extracts SMS, contacts, call logs, media and apps. Free for device detection and data inventory. The Forensic Edition at $399 one-time adds full data extraction, court-ready PDF reports with SHA-256 per-artifact hashing and chain of custody documentation. Replaces $10,000+ annual platforms like Cellebrite UFED for the logical acquisition cases that make up the majority of mobile forensic workflows.

Compare to Cellebrite ($15k+)

Linux requires: libgtk-3, libfontconfig1, libxkbcommon. See install instructions.

Version 0.1.6 | 5.0 MB | Windows 10/11 + Linux x64 | SHA256 verified

Cellebrite alternative

Android Forensics Without Cellebrite: The $399 Budget Alternative

The Android forensics market is dominated by Cellebrite UFED at $15,000+ per year and Magnet AXIOM at $4,000+ per year. Both are enterprise platforms designed for federal law enforcement, large police agencies and Fortune-500 forensic labs. For mid-market forensic firms, solo examiners, attorneys needing Android evidence in civil litigation, IT administrators doing internal investigations and law-enforcement secondary tools, that pricing is out of reach. Sherlock Forensics Android Acquirer is the $399 Cellebrite alternative for the buyer who needs court-ready Android forensics without the enterprise platform license.

The pricing gap is 38x at the high end. The capability gap is much smaller than the price difference suggests. Sherlock Forensics Android Acquirer does logical acquisition through ADB - the same Android Debug Bridge protocol Cellebrite and Magnet AXIOM use for their logical acquisition mode. The forensic features Cellebrite charges $15k+ for (court-ready PDF reports, SHA-256 per-artifact hashing, chain of custody logging, examiner attestation) are all in Sherlock at $399. The Magnet AXIOM alternative buyer gets the same logical acquisition surface at 1/10 the price.

Honest about scope: Sherlock Forensics Android Acquirer does NOT do physical acquisition (chip-off, JTAG, ISP), proprietary lock bypass (Cellebrite's "Advanced Logical" decryption of locked devices) or encrypted-backup decryption without the password. For a locked device with no backup password, Cellebrite is the only path. For the much larger set of cases (consented logical acquisition, unlocked device, known-password backup), the cellebrite alternative at $399 covers the same forensic ground.

Who buys the cellebrite alternative path: solo forensic examiners doing $500-$5,000 cases where a $15k tool fee kills the margin, mid-market forensic firms doing internal training without enterprise licensing, attorneys building Android evidence for civil litigation (custody, employment, IP theft), IT administrators conducting internal investigations on company-issued Android devices and law enforcement secondary tools for cases where the primary Cellebrite kit is in use elsewhere. The android forensics workflow runs the same regardless of which tool is in the buyer's hand; the Sherlock advantage is the price point and the no-subscription model.

Compare

Free vs Pro

FeatureFreePro ($399)
Device detection and identificationYesYes
Bootloader status checkYesYes
Data category inventoryYesYes
Helper APK installYesYes
Data extraction to folderNoYes
SMS/MMS extractionNoYes
Contacts extractionNoYes
Call log extractionNoYes
Media file extractionNoYes
App/APK extractionNoYes
Forensic PDF reportNoYes
SHA-256 hash verificationNoYes
Chain of custody loggingNoYes
Priority supportNoYes

Cost

Cost Comparison

SolutionPriceAcquisition TypeNotes
Cellebrite UFED$10,000 to $15,000+ / yearLogical, file system, physicalEnterprise platform, annual licensing, training required
GrayKey$15,000 to $30,000+ / yearPhysical (passcode bypass)iOS focused, restricted distribution, annual subscription
Magnet AXIOM$4,000+ / yearLogical, file systemAnnual licensing, analysis platform
Oxygen Forensic Detective$3,000+ / yearLogical, file systemAnnual licensing, broad device support
Sherlock Forensics Android Acquirer Pro$399 one-timeLogical via ADB onlyCourt-ready PDF, SHA-256 per artifact, no annual fees
Sherlock Forensics Android Acquirer Free$0Detection + inventory onlyNo extraction, no report

What We Are Honest About

Sherlock Forensics Android Acquirer performs logical acquisition via ADB only. We do not do chip-off, JTAG, ISP or physical extraction. We do not bypass passcodes, brute-force bootloaders or exploit baseband chips. If your case requires physical acquisition of a locked device with an unknown PIN, you need Cellebrite, GrayKey or a specialist lab. For the cases that do not require that ceiling, which is the majority of corporate, family law, eDiscovery and civil work, logical acquisition with full chain of custody is the right tool at the right price. Logical extraction still recovers data not visible in the device UI: app SQLite databases, cached content, system logs and metadata. That covers 90% of real-world Android forensic requirements at 3% of the annual cost of enterprise tools.

Capabilities

Feature Overview

Device Detection

Automatically detects connected Android devices via ADB. Displays device serial number, manufacturer, model name, Android version and build number. Supports multiple simultaneous device connections for batch processing workflows.

Bootloader Check

Queries the bootloader lock status of the connected device. An unlocked bootloader indicates the device may have been modified, which is critical context for forensic analysis. This status is documented in the forensic report.

Data Categories

Nine independently selectable data categories for targeted acquisition.

  • SMS/MMS messages
  • Contacts
  • Call logs
  • Media (photos, videos, audio)
  • Installed apps and APKs
  • Wi-Fi saved networks
  • Browser history and bookmarks
  • Calendar events
  • Device accounts

Helper APK

A lightweight companion application deployed to the target device during acquisition. The helper APK provides access to protected data categories that ADB alone cannot reach on newer Android versions. It runs with standard permissions, does not root the device and can be removed after acquisition.

Forensic Report PDF

Pro generates a multi-page forensic PDF report documenting the acquisition. Includes device identification, examiner details, acquisition timestamps, selected data categories, SHA-256 hashes for all extracted files, bootloader status and chain of custody metadata. Structured for court submission.

Acquisition Output

Pro extracts all selected data to a structured local folder organized by data category. Each file is individually hashed with SHA-256. The output folder contains the raw extracted data alongside the forensic PDF report for a complete evidence package ready for analysis or archival.

Data categories

What Android Data Sherlock Acquires: SMS, WhatsApp, Signal, Media, App Data

Sherlock Forensics Android Acquirer extracts the data categories that matter to a forensic examiner, with chain of custody preserved from the device through the forensic PDF report. The android acquisition surface covers nine primary data categories, each toggle-able independently.

SMS and RCS Messages, Including Deleted Text Messages

The SMS and RCS message categories include sent, received and draft messages. The android sms recovery surface includes soft-deleted messages still in the Android messaging app's trash folder (recoverable indefinitely until the user purges). Recently-deleted text messages on Android 11+ are recoverable through the messaging app's recently deleted section for 30 days. For permanently deleted text messages older than the 30-day window, file-system layer recovery via Sherlock Forensics Disk Imager (separate forensic acquisition workflow) is required.

WhatsApp Messages, Media, Voice Notes, Group Metadata

WhatsApp forensics is one of the most-requested mobile forensics capabilities. WhatsApp data on Android lives in the app's private storage area, which logical acquisition reads via ADB when the device is unlocked and USB debugging is enabled. The WhatsApp forensics surface in Sherlock Forensics Android Acquirer extracts message threads, media attachments, voice notes, group chat metadata, contact list and call logs. For end-to-end encrypted WhatsApp backups stored in Google Drive, the encryption key is required (typically obtained through legal process or the user's voluntary cooperation). The WhatsApp forensics extraction preserves message timestamps, sender IDs and media SHA-256 hashes for court-ready presentation.

Signal Messages and Metadata (Within E2E Limits)

Signal forensics on Android has hard limits because Signal's end-to-end encryption protects message content from any tool that does not have the user's signal database password. Sherlock Forensics Android Acquirer captures the Signal app metadata (contacts, group membership, app data structure, timestamp metadata for message events) within the limits of E2E encryption. For actual Signal message body content, the user's signal database password is required. The Signal forensics surface in Sherlock is honest about this limit; tools that claim to decrypt Signal without the password are usually claiming what they cannot deliver.

TikTok Forensics: Cache, Watched Videos, DMs

TikTok forensics is a growing category for civil and criminal investigations involving social-media evidence. The TikTok app cache on Android contains watched videos, paused-and-resumed playback positions, posted content metadata and direct message threads (when the user has granted access). Sherlock Forensics Android Acquirer extracts the TikTok cache data as part of the app data acquisition surface, with timestamps and SHA-256 hashes preserved.

Media Library: Photos, Videos, EXIF Metadata

The Android media library acquisition extracts photos, videos, audio recordings and the EXIF metadata embedded in image files. EXIF metadata captures device GPS coordinates, camera model, capture timestamps and editing history. For forensic photography evidence (where the chain of custody requires proof that a photo is unmodified from the moment of capture), the per-photo SHA-256 hash in the Sherlock acquisition surface establishes the chain of custody from device to exhibit.

App Data, SIM Card and System Categories

Additional data categories include installed app inventory (package names, install dates, signing certificates), SIM card data (ICCID, IMSI, stored contacts), Wi-Fi saved networks, browser history and bookmarks, calendar events and device accounts. Each category is toggle-able independently so the examiner can scope the acquisition to the legally-authorized data set.

Rooted vs non-rooted

Rooted vs Non-Rooted Android: What You Get From Each

The rooted device question is one of the most common buyer concerns in android forensics. Rooting an Android device grants superuser access to the full file system, which unlocks data categories that non-rooted android acquisition cannot reach. But rooting modifies the device, which can break chain of custody if not performed before the forensic acquisition begins under documented protocol.

Data categoryNon-Rooted AndroidRooted Device
SMS, contacts, call logsYes (via ADB + helper APK)Yes
WhatsApp messages and mediaYes (private storage via ADB)Yes (full app database)
Signal metadataYes (within E2E limits)Yes (still E2E-limited for content)
Media library + EXIFYes (public + app-scoped media)Yes (including app-private media stores)
System logs (logcat)PartialFull system log access
Encrypted app databases (e.g. password managers)NoSometimes (still requires app password)
Deleted text messages past 30-day windowNo (requires file-system forensics)Sometimes (database journal scan)
Chain-of-custody integrityPreserved (no device modification)Modified (rooting changes device state)

The honest forensic answer: for most cases (custody disputes, employment investigations, civil litigation involving Android evidence) the non-rooted android acquisition surface covers the data the case needs. Sherlock Forensics Android Acquirer is designed for the non-rooted path because that preserves chain of custody. If the case requires data only available on a rooted device, the examiner should consult counsel about whether to root and document the procedure under a forensic protocol. Rooting an Android device voids the manufacturer warranty in most cases; that consideration is separate from the forensic admissibility question.

Court-ready chain of custody

Chain of Custody and Court-Ready Reports for Android Evidence

Android evidence in legal proceedings has to satisfy the same chain-of-custody requirements as any other digital evidence. Sherlock Forensics Android Acquirer captures the android chain of custody trail from the moment the forensic acquisition begins through the production of the court-ready PDF report.

The android chain of custody log records device serial number, manufacturer and model, Android OS version, bootloader status, acquisition timestamp, examiner identity (configurable), data categories acquired, per-artifact SHA-256 hashes and final report SHA-256. The log writes to a signed JSON sidecar alongside the acquired data so the chain-of-custody record travels with the evidence into the production set.

The android court-ready PDF report includes the cover page with case metadata, device identification, acquisition method (logical via ADB), data category inventory, per-artifact SHA-256 verification table, examiner attestation block and chain-of-custody footer on every page. The android court-ready format matches what e-discovery review platforms expect to ingest and what trial courts expect to see attached to a declaration.

The android evidence applications cover family law (custody disputes, divorce proceedings, allegations of digital harassment), civil litigation (employment, IP theft, breach-of-contract cases involving Android-stored communications), criminal defense (Android device evidence presented by the defense to challenge prosecution narratives) and corporate internal investigations (HR investigations, fraud, policy violations involving company-issued Android devices). For each scenario, the android chain of custody + court-ready PDF + SHA-256 verification trail establishes the android evidence admissibility under Federal Rule of Evidence 901 (or the jurisdictional equivalent).

For the parallel desktop-forensics evidence workflow, see the PST Viewer for email evidence. For the broader Cellebrite vs Magnet AXIOM comparison see the Cellebrite vs Magnet AXIOM 2026 comparison. For the HR-investigation use case specifically see Android evidence collection for HR investigations. For the tool-comparison context see Android forensics tool comparison 2026 and Android logical acquisition without Cellebrite.

Pricing

One-Time Payment. Yours Forever.

Pro License

$399 USD
Single machine license. No subscription. One-time payment. Yours forever.
  • All free features included
  • Full data extraction to folder
  • Nine selectable data categories
  • Court-ready forensic PDF report
  • SHA-256 hash verification per file
  • Chain of custody logging
  • Priority email support
  • Try the free version before you buy

5+ machines? Contact us for volume pricing.

Use Cases

Who Uses Android Acquirer

Law Enforcement

Police departments and federal agencies use Android Acquirer for rapid logical acquisition of suspect and victim devices. Court-ready PDF reports with SHA-256 hashing satisfy evidentiary requirements. Pairs with our expert witness services for testimony support.

Corporate Investigations

Internal investigation teams extract data from company-issued Android devices during policy violation inquiries, IP theft cases and employee misconduct investigations. The structured output folder integrates with existing case management systems. Pair with our chain of custody documentation for defensible evidence handling.

Family Law

Family law attorneys and private investigators acquire SMS messages, call logs and media from Android devices in custody disputes, divorce proceedings and harassment cases. Forensic PDF reports document the acquisition for court filing.

Incident Response

Security teams extract data from compromised Android devices during breach investigations. Browser history, installed apps and account data help reconstruct the timeline of a security incident. Used alongside our mobile forensics services.

eDiscovery

Litigation support teams preserve Android device data for electronic discovery obligations. The structured extraction with SHA-256 verification establishes chain of custody from the moment of acquisition. Defensible collection at a fraction of enterprise tool costs.

HR Investigations

HR teams extract SMS, messaging app content, photos and call logs from company-owned Android devices during harassment, discrimination and policy violation investigations. The forensic PDF report documents what was acquired, when, by whom and with what hash so the investigation withstands wrongful termination or grievance challenges. Pair with our workplace investigation services for end-to-end handling.

Corporate IR / Insider Threat

Incident response teams acquire compromised employee Androids during data exfiltration investigations, insider threat cases and breach response. Browser history, app installs, Wi-Fi networks and account telemetry build the attacker timeline. SHA-256 per-artifact hashes and chain of custody satisfy legal, insurance and regulatory reviewers without an annual enterprise license.

Guide

How to Acquire Android Evidence

  1. Enable USB DebuggingOn the Android device, navigate to Settings > About Phone and tap Build Number seven times to enable Developer Options. Then enable USB Debugging under Developer Options. Connect the device to your forensic workstation via USB.
  2. Launch Android AcquirerOpen Sherlock Forensics Android Acquirer on your Windows workstation. The tool automatically detects the connected device and displays the serial number, model and Android version.
  3. Review Device StatusVerify device identification details. Check the bootloader status (locked or unlocked). If needed, deploy the helper APK to access protected data categories on newer Android versions.
  4. Select Data CategoriesToggle the data categories you want to acquire. Choose from SMS, contacts, call logs, media, apps, Wi-Fi networks, browser history, calendar and accounts. Select only what is relevant to your investigation scope.
  5. Acquire and Generate ReportClick Acquire to extract selected data to a structured local folder. Pro users receive a forensic PDF report with device details, SHA-256 hashes for all extracted files and chain of custody documentation.

Questions

Android Acquirer FAQ

What is logical acquisition of an Android device?
Logical acquisition extracts user-accessible data from an Android device through ADB (Android Debug Bridge) without modifying the device storage. It captures SMS messages, contacts, call logs, media files, installed apps and other data categories. This method preserves the original device state and produces results suitable for court proceedings.
Does Android Acquirer require root access?
No. Sherlock Forensics Android Acquirer performs logical acquisition through ADB without requiring root access. The helper APK extends data access to additional categories without rooting the device. Root access would modify the device and compromise forensic integrity.
What is the helper APK and is it safe?
The helper APK is a lightweight application deployed to the Android device during acquisition. It provides access to data categories that ADB alone cannot reach, such as SMS messages and call logs on newer Android versions. The APK runs with standard user permissions, does not modify device data and can be removed after acquisition.
Are forensic reports from Android Acquirer admissible in court?
Sherlock Forensics Android Acquirer Forensic Edition generates forensic PDF reports with SHA-256 hash verification, device identification, acquisition timestamps, examiner details and chain of custody documentation. The tool is built by CISSP, ISSAP and ISSMP certified examiners with 20 years of courtroom experience. Admissibility depends on jurisdiction and proper evidence handling, but the reports document everything courts typically require for mobile device evidence.
What Android versions are supported?
Android 6.0 (Marshmallow) through Android 15. Device detection and bootloader checks work across all supported versions. Some data categories may have limited availability on older Android versions depending on manufacturer modifications.
What data categories can be extracted?
The tool supports nine data categories: SMS/MMS messages, contacts, call logs, media files (photos, videos, audio), installed applications and APKs, Wi-Fi saved networks, browser history and bookmarks, calendar events and device accounts. Each category can be toggled independently before acquisition. Logical acquisition also recovers data not visible in the device UI including app SQLite databases, cached content and system logs. You do not need physical extraction for 90% of forensic cases.
Is the $399 price a subscription?
No. The $399 USD Pro license is a one-time payment. No subscriptions and no recurring charges. You own the license permanently with free updates included.
How does Android Acquirer compare to Cellebrite?
Cellebrite UFED is an enterprise platform costing $10,000+ annually with physical and file system extraction capabilities. Sherlock Forensics Android Acquirer focuses on logical acquisition at $399 one-time with no annual fees. For investigators who need court-ready logical extractions without enterprise licensing costs, Android Acquirer provides the essential capabilities at a fraction of the price. See our full Cellebrite alternative comparison for a detailed feature-by-feature breakdown including pricing, acquisition types and court readiness.
Does Sherlock Forensics Android Acquirer work on Linux?
Yes. Sherlock Forensics Android Acquirer is available as a native Linux x64 binary. Download the .tar.gz archive, extract and run. Requires libgtk-3, libfontconfig1 and libxkbcommon.
Is the $399 license refundable?
The Pro license is sold as a final-sale digital product, no refunds. This is why the free version is unrestricted for device detection, bootloader checks and data category inventory. Test it against your case workflow on your hardware before purchasing. If something is technically broken, contact us at 888.883.4550 and we will make it right.
Does Android Acquirer send any device data to Sherlock Forensics?
No. All acquisition runs locally on your workstation. Evidence data, hashes and forensic PDF reports stay on your machine. No telemetry, no cloud upload, no phone-home. The tool talks to the connected Android device via ADB and writes output to your chosen local folder.
What is Android forensic acquisition?
Android forensic acquisition is the process of extracting digital evidence from an Android device in a way that preserves its integrity for legal proceedings. Logical acquisition uses ADB to copy user-accessible data without modifying the device. Physical acquisition images the underlying NAND or UFS storage and requires root, bootloader unlock, chip-off or JTAG. Sherlock Forensics Android Acquirer performs court-ready logical Android acquisition at $399 with SHA-256 per-artifact hashing and full chain of custody logging.
Can I do Android forensics without Cellebrite?
Yes. Sherlock Forensics Android Acquirer is a $399 Cellebrite alternative built for solo examiners, mid-market forensic firms, defense attorneys and IT teams who cannot justify a $15,000+ Cellebrite UFED license. The tool covers Android forensics via ADB across Android 6 through 15 and produces forensic PDF reports with SHA-256 hashes. It does not bypass screen locks or chip-off the device, but for the majority of civil litigation and internal investigation work the data accessible via ADB is sufficient evidence.
How do I extract WhatsApp messages from an Android phone forensically?
On a non-rooted Android device, the WhatsApp local backup at /sdcard/WhatsApp/Databases/ can be acquired via ADB if WhatsApp has produced one. Sherlock Forensics Android Acquirer pulls the database file, msgstore.db.crypt encrypted databases, media library and group metadata into a forensic container with SHA-256 hashes. For full WhatsApp forensics including app-private data, a rooted device widens the scope to /data/data/com.whatsapp/. Sherlock supports both rooted device and non-rooted android extraction paths.
Can I recover deleted text messages from an Android device?
Sometimes. Android SMS recovery depends on whether the device has been used since deletion, the storage medium and whether root access is available. Sherlock Forensics Android Acquirer acquires the SMS database file (/data/data/com.android.providers.telephony/databases/mmssms.db on rooted devices) which can contain deleted text messages in unallocated SQLite pages. On non-rooted android, only currently active SMS records are accessible via ADB. The forensic PDF report documents exactly what android sms recovery scope the acquisition achieved.
Do I need to root the Android device to do forensic acquisition?
No. Sherlock Forensics Android Acquirer performs logical Android forensics on non-rooted Android devices via ADB and the helper APK. Rooting the device modifies storage and breaks chain of custody, which courts disfavor. Non-rooted android extraction covers SMS, contacts, call logs, media, installed apps, Wi-Fi networks, browser history and calendar. Rooted device extraction additionally exposes app-private data directories under /data/data/ such as WhatsApp, Signal and Telegram. Sherlock supports both acquisition paths.
What is the difference between logical and physical Android acquisition?
Logical Android acquisition extracts user-accessible data through ADB without modifying the device, producing court-ready Android evidence for the majority of civil, criminal and internal investigation work. Physical Android acquisition images the raw storage (NAND, eMMC or UFS) including unallocated space and deleted artifacts, but requires root, bootloader unlock, chip-off or JTAG-class tools. Cellebrite UFED and Magnet AXIOM offer both. Sherlock Forensics Android Acquirer focuses on logical Android acquisition at $399 versus $15,000+ for the enterprise platforms.
How does Sherlock Forensics Android Acquirer compare to Magnet AXIOM?
Magnet AXIOM is a $4,000+ annual subscription enterprise forensic platform covering Android, iOS, computer and cloud acquisition with deep analytics and case-management integration. Sherlock Forensics Android Acquirer is a $399 one-time license focused on Android logical acquisition via ADB with court-ready PDF reporting. AXIOM is the right tool for full-time forensic labs handling complex multi-device cases. Sherlock is the right Magnet AXIOM alternative for solo examiners, defense attorneys, IT teams and labs that need Android evidence acquisition without a four-figure annual contract.
Is Sherlock Forensics Android Acquirer court-ready for evidence admission?
Sherlock Forensics Android Acquirer Forensic Edition produces court-ready Android evidence reports with SHA-256 hashes per artifact, full android chain of custody logging, examiner identification, device fingerprint, acquisition timestamps and Daubert-aligned methodology documentation. The tool is built by CISSP, ISSAP and ISSMP certified examiners with 20+ years of courtroom testimony. Admissibility depends on jurisdiction and on the examiner following proper evidence-handling procedure, but the report format documents everything courts typically require for android court-ready digital evidence.
Can Sherlock acquire Signal messages from Android?
Signal forensics on Android is constrained by Signal's end-to-end encryption and on-device database protection. Sherlock Forensics Android Acquirer acquires the Signal application data directory on a rooted device, which includes the encrypted SQLite database, attachments cache and account metadata. Decryption of the Signal database requires the user passphrase or an extracted database key, which Sherlock does not attempt to crack. On non-rooted android, Signal data is generally inaccessible due to Android's app-private storage sandbox.
What Android versions does Sherlock Forensics Android Acquirer support?
Sherlock Forensics Android Acquirer supports Android 6.0 Marshmallow through Android 15 across Samsung, Google Pixel, OnePlus, Xiaomi, Motorola and most major OEM devices. Device detection, bootloader status check and the nine-category data inventory work on all supported versions. Newer Android security restrictions (scoped storage in Android 10, package visibility in Android 11) may reduce non-rooted android data scope on some categories, which the helper APK partially mitigates for SMS and call logs.

Get Started

Download Sherlock Forensics Android Acquirer Today

Free for device detection, bootloader checks and data inventory. Pro at $399 USD for full extraction and forensic PDF reports. Built by the same team that delivers expert witness testimony and mobile forensic investigations in Canadian courts. See also: chain of custody software, forensic report generator and ADB forensics guide, workplace investigation evidence and private investigator forensic tools. Questions? Call 888.883.4550.

Since 2006CISSP, ISSAP, ISSMP certified888.883.4550

Linux requires: libgtk-3, libfontconfig1, libxkbcommon. See install instructions.

432cc22b132775a7b74ef9f0382f620bcfbbd20dc58f353803b391dfcf2b4fc9

How to verify:
1. Open PowerShell (right-click Start menu, click Terminal)
2. Run: Get-FileHash .\sherlock-android-acquirer.exe
3. Compare the output with the hash above. If they match, the file has not been tampered with.

Sherlock Forensics Android Acquirer is provided for lawful use. Terms of Service

Download

Your email is optional. If you provide it, we send 3 product introduction emails over the next 2 weeks. No long-term marketing. No data sharing. Skip the field and download directly.

Checkout - Android Acquirer Forensic Edition

$399.00 USD. One-time payment. License key delivered to your email.

Secure via Stripe One-time purchase No subscription