About — LEAPPs
Mission · Origin · Philosophy

About LEAPPs

Free, open-source digital forensics tools built by a practitioner — designed for the investigators, analysts, and examiners who use them every day.

The Origin

Built Out of Necessity

LEAPPs began in 2019 as a direct response to a gap in the digital forensics toolset. Alexis Brignoni, then a Special Agent and digital forensic examiner with the FBI, was regularly encountering mobile device artifacts that commercial tools either did not support or parsed incorrectly. Rather than wait for vendors to catch up, he wrote his own parser.

That first parser grew into iLEAPP — the iOS Logs, Events and Plists Parser. iLEAPP was open-sourced on GitHub so that any examiner facing the same problem could use it, improve it, and build on it. The response from the forensics community was immediate. Examiners filed issues, submitted pull requests, and extended the tool in directions that no single person could have anticipated.

What followed was a natural expansion. Android examiners needed the same capability, so ALEAPP followed. ISP return data required its own tooling, so RLEAPP was created. Vehicle system artifacts gave rise to VLEAPP. And as the volume and complexity of parsed output grew, a dedicated viewer — LAVA — was built to make that data navigable in investigations and court proceedings.

"Tool reports are not the data. The data is the data. Validate everything that matters."

Philosophy

Principles That Drive the Project

Every decision in LEAPPs — what to build, how to build it, and who can use it — flows from a small set of principles that have held since the beginning.

Always Free
The core parsers — iLEAPP, ALEAPP, RLEAPP, VLEAPP — are free to download and use, forever. No licensing fees, no trial limits, no paywalls on parser coverage.
Open Source
The source code is public and auditable. Examiners, defense attorneys, and researchers can inspect exactly how every artifact is parsed. Transparency is a prerequisite for forensic credibility.
Community First
LEAPPs is built by practitioners, for practitioners. The community writes parsers, files bugs, proposes features, and keeps the tools current with every new OS release.
Practitioner Speed
New artifacts are added as soon as the community discovers and reverse-engineers them — not on a quarterly vendor cycle. If an examiner needs it today, the project moves today.
How It Fits

How LEAPPs Fits in Your Workflow

LEAPPs is not a replacement for commercial tools — it's a complement. Use what works for your case.

LEAPPs Commercial Tools Manual Review
Cost Free Licensed Free
Source code ✅ Open ❌ Closed
Parser contributions ✅ Community ❌ Vendor only
Code auditable ✅ Yes ❌ No
Offline use ✅ Yes Varies ✅ Yes
Custom artifacts ✅ Yes ❌ Limited ✅ Yes
Interface GUI & CLI GUI only
Timeline

How We Got Here

2019
iLEAPP Released
The iOS Logs, Events and Plists Parser is published on GitHub. The first community contributions arrive within weeks.
2020
ALEAPP & OSDFCon
ALEAPP launches to extend the same approach to Android. The project is presented at OSDFCon 2020, reaching a broader DFIR audience.
2021
RLEAPP & SANS FOR585
RLEAPP is built to handle ISP return data. iLEAPP and ALEAPP are incorporated into the SANS FOR585 Advanced Smartphone Forensics curriculum.
2022
Awards & VLEAPP
Alexis receives the SANS Difference Makers Award and Forensic 4:cast recognition. VLEAPP expands the suite to vehicle system forensics.
2026
LAVA Launches
LAVA — the LEAPP Artifact Viewer App — is released, giving examiners a dedicated interface for navigating and correlating parsed output across all LEAPPs tools.
Today
100+ Contributors, 500+ Parsers
The LEAPPs suite has been downloaded hundreds of thousands of times and is used in law enforcement agencies, private labs, and academic institutions worldwide.
The Creator

Alexis Brignoni

Alexis Brignoni is a digital forensics practitioner, researcher, and educator. He built iLEAPP while working as a Special Agent and digital forensic examiner with the FBI, and has continued to develop the LEAPPs suite alongside his work in the field.

Alexis has presented at SANS DFIR Summit, OSDFCon, Magnet Virtual Summit, and other major DFIR conferences. He has been featured in interviews by Forensic Focus and Cellebrite, and appeared on multiple forensics podcasts. His work on mobile forensics has been incorporated into professional training programs including SANS FOR585 and IACIS Advanced Mobile Device Forensics.

He continues to actively develop and maintain the suite, and regularly hosts live coding sessions open to the community — working through new artifacts, parser patterns, and tool development in the open.

github.com/abrignoni

Key Collaborators

Core Contributors

The LEAPPs suite is shaped by a community of forensics practitioners who contribute parsers, research, and tooling. These contributors have had the most impact on the project.

Johann-PLW
Johann-PLW
Main core developer for all the LEAPPs, prolific parser developer
github.com/Johann-PLW
stark4n6
stark4n6
Artifact research and parser contributions for iOS and Android
github.com/stark4n6
ydkhatri
ydkhatri
Mac and iOS forensics research, artifact parser contributions
github.com/ydkhatri
JamesHabben
JamesHabben
LAVA creator and lead developer, parser development and forensic artifact research
github.com/JamesHabben
snoop168
snoop168
Forensic artifact research and parser development
github.com/snoop168
Ready to get started?
Download the tools, browse supported artifacts, or join the community on Discord.
Download Tools Join Discord