FAMA: Forensic Analysis For Mobile Apps

FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF).

FAMA is an Android extraction and analysis framework, useful for easily dump user data from a device and generate powerful reports for Autopsy or external applications.

The framework is developed and maintained by José Francisco and Ruben Nogueira.


Features

  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

The script can be used as Autopsy module or in a terminal, please refers to GitHub [2] repository for usage info.


References

  1. https://github.com/labcif
  2. https://github.com/labcif/FAMA

Related posts

  1. dfir_ntfs: a forensic parser for NTFS filesystems
  2. iLEAPP: an iOS logs, events, and plists parser
  3. iOS Forensics: how to perform a logical acquisition with libimobiledevice
  4. How smartphones reacts to IMSI catching attacks?
  5. How to sort and organize files recovered by PhotoRec