RoidMole – A Forensic Tool I’ve Been Building for Android

Lalit Kumar
Development

Over the past few weeks, I’ve been working on a Python tool called RoidMole, aimed at extracting data from Android devices in a way that’s safe for forensic use. It’s still a work in progress, but I thought I’d share a bit about what it is and why I’m building it.

What Problem Am I Trying to Solve?

When doing digital forensics on Android phones, it’s easy to accidentally modify data on the device—especially if you're not careful with how you extract it. That’s a big problem if you're trying to maintain the integrity of the original data for investigations, research, or even just careful analysis.

RoidMole is my attempt at a lightweight, read-only data extraction tool. It connects to an Android device, pulls out relevant data (like messages, logs, etc.), and saves it locally without making any changes on the device itself.

How It Works ?

The tool uses ADB to interface with the device. Once connected, it runs a series of modular scripts that I’ve been writing for different data sources.

I’ve intentionally kept the structure modular so that new devices or data types can be supported by simply adding a script—no need to touch the core logic.

Here’s a quick breakdown of what happens:

  1. Connect the device via USB

  2. Run the main script

  3. Let RoidMole gather data based on whatever modules/scripts are in place

  4. Output is saved locally in a structured format for analysis

I’ve also added a flowchart in the repo if you want to understand the internals more clearly.

Why Modular Scripts?

No two Android devices behave the same—manufacturers love to tweak things, and newer Android versions shift things around too. By keeping the scripts separate from the core tool, it becomes easier to support more devices and use-cases over time. Contributors can write their own scripts without worrying about the rest of the codebase.

What’s Next?

Right now, the tool is functional but minimal. I’ve focused on building a clean base and getting the extraction flow working reliably. In the next stages, I plan to:

  • Add more scripts for common apps and data types

  • Improve how output is structured and presented

  • Maybe create a small CLI dashboard or report viewer

If you're curious, the code is open on GitHub: github.com/lalit22km/RoidMole. I'm open to feedback, contributions, or just conversations about forensic tooling in general.

Final Thoughts

This is very much a project in progress, but I’m excited about the direction it’s heading. I’m building RoidMole to be useful, not flashy—something simple, transparent, and extensible for anyone who needs to dig into Android devices without making a mess.

If that sounds interesting to you, feel free to check it out or reach out.

This article was updated on 8 August 2025