GDA APK Forensic

When we're doing APK forensic analysis or malicious code analysis, you will want to know the original time of each file in an APK file to determine the earliest generation time and the last signature time of the code project, as well as the global search of all files in the APK to collect relevant clues and evidence, such as IP address, domain, URL, DB file name, apikey, etc. So I add the tool to GDA decompiler to deal with those special scenarios.

In order to view all the files compressed in APK more conveniently, I fill them all in the list. Further, we can do date comparison more intuitively and date sorting (click the header at the top of the list column). The tool usage is as follows: search-box (1) can search in different ways by select different radio button (7). After clicking the Search button, a dialog(3) will pop up with the number of search results which represents the number of files found. After clicking OK, each found file will be marked with red color(3). Double click the file (3) in the list to view the data of the file (4). The file display mode is determined by (5). In addition, By default, the file data will be shown and begin with the offset of the first found string. If you need to view other results in this file, just press F3. What needs to be explained here is that many apks contain too many files, which will lead the tool to a deadlock. Therefore, for apks with hug files, only some of them are displayed first. If you need to view more files, you need to manually click the folder in the file directory tree (8) at the top left.