FAMA: Forensic Analysis For Mobile Apps

FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF).

FAMA is an Android extraction and analysis framework, useful for easily dump user data from a device and generate powerful reports for Autopsy or external applications.

The framework is developed and maintained by José Francisco and Ruben Nogueira.


Features

  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

The script can be used as Autopsy module or in a terminal, please refers to GitHub [2] repository for usage info.


References

  1. https://github.com/labcif
  2. https://github.com/labcif/FAMA

Related posts

  1. Linux Forensics: Memory Capture and Analysis
  2. Digital Forensic Basics: an analysis methodology flow chart
  3. Cybersecurity Roundup #17
  4. How to extract sysdiagnose logs for forensic purposes on iOS
  5. Technology Roundup #16