As most of you already know I'm a big fan of the LEAPPs project, not only because I'm helping develop it but because what it stands for. There aren't many free mobile forensic tools out there that does what it does. Plus the community of helpers keep growing which in turn expands the capabilities of the products even more rapidly than before. With that expansion we were excited to announce the next step for reporting in LAVA a few weeks ago.
LAVA (LEAPPs Artifact Viewer App) is just another way to view reports created out of iLEAPP/ALEAPP/RLEAPP/VLEAPP. The idea is that it will eventually replace the aging HTML reporting. While the interface remains mostly the same as the HTML report we get some performance boosts in loading larger parsed results such as Health or Logarchive data from Apple.
Some news features exclusive to LAVA:
- Artifact search filtering (because proper categorization is hard)
- Individual column filtering in each reports
- Conversation (bubble) views for chat parsers (if parser code has been updated)
- Artifact Information metadata via info button (if parser code has been updated)
- Timestamp info button (with conversions)
- Recent projects on home page and drag and drop load
- Savable display settings including interface translations
- Export Options to clipboard or file (TSV, CSV, Table) on filtered or all rows and columns
Figure 1: LAVA Home screen
Figure 2: Case Default screen
There is much more to come and we are open to feedback and suggestions on improvements and new feature requests. We are working hard on getting all artifacts updated for LAVA compliance.
If you'd like to help contribute join the Discord server, and check out the brand new LEAPPs.org website for more info.