Mobile Verification Toolkit
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidences.
First you need to install dependencies, on Linux
sudo apt install python3 python3-pip libusb-1.0-0 or on MacOS
brew install python3 libusb.
Then you can install mvt from pypi with
pip3 install mvt, or directly from sources:
git clone https://github.com/mvt-project/mvt.git cd mvt pip3 install .
MVT provides two commands
mvt-android with the following subcommands available:
check-backup: Extract artifacts from an iTunes backup
check-fs: Extract artifacts from a full filesystem dump
check-iocs: Compare stored JSON results to provided indicators
decrypt-backup: Decrypt an encrypted iTunes backup
check-backup: Check an Android Backup
download-apks: Download all or non-safelisted installed APKs
Check out the documentation to see how to use them.
The purpose of MVT is to facilitate the consensual forensic analysis of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of adversarial forensics.
In order to achieve this, MVT is released under an adaptation of Mozilla Public License v2.0. This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any "Larger Work" derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed ("Data Owner").