Resource Center

How-Tos

Visualize Mobile Apps in a Virtual Environment with the MAGNET App Simulator

    An exciting, free tool was just released to give visualization to Android applications found during your investigation. Called the MAGNET App Simulator, it allows for the examiner to load application data from Android devices in your case into a virtual environment, enabling you to view and interact with the data as the user would have seen it on their own device.

    Use this tool to get a feel of how your suspect was interacting with their data, or to present the evidence to juries and stakeholders in a familiar mobile appearance. This tool runs completely outside of our main software suite, Magnet AXIOM, so you can try it out today with data output from any forensic review tool.

    Download the MAGNET App Simulator for free here. Note: The MAGNET App Simulator requires a Windows 10, Intel-based PC. 

    Setting up MAGNET App Simulator

    While working your case, you may identify an application of interest from your suspect’s Android device that you wish to view in the App Simulator. To simulate an application, you will require the Android Package file (.apk) for the application of interest, as well as its associated data folders. The base.apk file can generally be found in the /app folder, and the data folders can be found at the following locations:

    • /data/… (required)
    • /media/0/… (optional)
    • /media/0/Android/data/… (optional)

    The App Simulator itself requires two installations. First, the App Simulator program itself, and second is the installation of the emulator Image provided by Magnet. To download the setup files, go to the Free Tools section of the Resource Center on the Magnet Forensics site.

    The MAGNET App Simulator requires the current version of Oracle’s free virtualization software Virtual Box be installed. If you don’t already have it installed, we’ll install it for you during the App Simulator setup process.  If you already have Virtual Box installed, it must be upgraded to the latest version.

    When you launch the Simulator for the first time you will be prompted to enable Telemetry.  Telemetry data helps Magnet to better understand how the application is being used, and which applications are being successfully emulated.  Enabling telemetry allows us to continuously improve our software.  Magnet does not collect any data from the simulated devices – only package names and data path information.

    Running the Application

    Once both the App Simulator and the emulator Image are installed on your workstation, launch the App Simulator and follow the step-by-step process. First, point to the location of your base.apk file that you’ve exported from your case.

    Selecting the APK

    Then you can navigate to where the associated data for your application was exported.

    Navigate to where associated data was exported

    After clicking Next, the MAGNET App Simulator will attempt to install and load the user contents of the application into the virtual environment. If you have telemetry enabled, processing ends with a prompt to allow you to report on the success of the emulation.

    Once the application successfully installs in the App Simulator, the virtualized environment will automatically launch with your user data viewable. The simulator is made to look like the mobile environment, with the same settings and feel as a user would have operating their Android device.

    Simulator screen

    By default, the App Simulator will disconnect the virtual environment from the internet, but you can enable an internet connection through the interface if needed. Note that there are some added risks in doing so with active user data. Also from the MAGNET App Simulator interface, you can take a screen shot of the virtual box screen or choose to load additional apps into your virtual environment if you would like to load more. This allows you to demonstrate multiple applications at once in their native mobile environment.

    Summary

    When you are finished loading all of the applications of interest, you can use the use Virtual Box to save a snapshot of that image so that you can always revert back to it, rather than loading the same applications all over again in the future.

    Actions when finished

    Magnet Forensics would like to give credit and many thanks to Alexis Brignoni for his research in Android application emulation. His hard work allowed us to be able to create this tool for you. You can read about his research in his blog here.

    Go to our website to download the MAGNET App Simulator today! We at Magnet love our customers and encourage their feedback. Please don’t hesitate to reach out to me at tarah.melton@magnetforensics.com with any questions!

    Related Resources

    How-Tos

    How-Tos

    Introducing Magnet Automate Essentials

    Magnet Automate Essentials provides you with everything you need to build automated workflows across your entire DFIR toolkit to help you complete your digital investigations faster, easier, and more reliably.

    February 14, 2024 • About a 1 minute view
    How-Tos

    How-Tos

    Exploring the New User Interface Features in Review 5.0

    Magnet Review was designed to make it fast and easy for users to uncover the data they need. Review includes several options to help reviewers considerably reduce their time to

    April 25, 2023 • About a 1 minute view
    How-Tos

    How-Tos

    Getting Started With Magnet AXIOM Cyber

    This getting started with Magnet AXIOM Cyber playlist has been developed to help you quickly get up to speed on the basics with Magnet AXIOM Cyber. In this series of

    November 18, 2022 • About a 2 minute view
    Resource Center Home

    Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

    Start modernizing your digital investigations today.

    Top