FAMA: Forensic Analysis For Mobile Apps

FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF).

FAMA is an Android extraction and analysis framework, useful for easily dump user data from a device and generate powerful reports for Autopsy or external applications.

The framework is developed and maintained by José Francisco and Ruben Nogueira.


  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

The script can be used as Autopsy module or in a terminal, please refers to GitHub [2] repository for usage info.


  1. https://github.com/labcif
  2. https://github.com/labcif/FAMA

Related posts

  1. How to sort and organize files recovered by PhotoRec
  2. Android Triage: a really useful forensic tool by Mattia Epifani
  3. How many data are shared by iOS and Android telemetry?
  4. Didier Stevens: finding Metasploit & Cobalt Strike URLs
  5. Coding on iPad Pro: my own setup