FAMA – Forensic Analysis For Mobile Apps
LabCIF – Forensic Analysis for Mobile Apps
Getting Started
Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications.
Functionalities
- Extract user application data from an Android device with ADB (root and ADB required).
- Dump user data from an android image or mounted path.
- Easily build modules for a specific Android application.
- Generate clean and readable JSON reports.
- Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
- Export HTML report based on the current case.
Report Screenshots
Prerequisites
- Python (2.7+)
- Autopsy (optional)
How to use
The script can be used directly in terminal or as Autopsy module.
Running from Terminal
usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app
Forensics Artefacts Analyzer
positional arguments:
app Application or package to be analyzed <tiktok> or <com.zhiliaoapp.musically>
optional arguments:
-h, --help show this help message and exit
-d DUMP [DUMP ...], --dump DUMP [DUMP ...] Analyze specific(s) dump(s) <20200307_215555 ...>
-p PATH, --path PATH Dump app data in path (mount or folder structure)
-o OUTPUT, --output OUTPUT Report output path folder
-a, --adb Dump app data directly from device with ADB
-H, --html Generate HTML report
Running from Autopsy
- Download repository contents (zip).
- Open Autopsy -> Tools -> Python Plugins
- Unzip previously downloaded zip in
python_modules
folder. - Restart Autopsy, create a case and select the module.
- Select your module options in the Ingest Module window selector.
- Click “Generate Report” to generate an HTML report of the case.
Build an application module
Do you need a forensics module for a specific Android application? Follow the instructions here and build a module by yourself.
Authors
- José Francisco – GitHub
- Ruben Nogueira – GitHub
Mentors
- Miguel Frade – GitHub
- Patrício Domingues – GitHub
Project developed as final project for Computer Engineering course in Escola Superior de Tecnologia e Gestão de Leiria.
Environments Tested
- Windows (primary)
- Linux
- Mac OS
License
This project is licensed under the terms of the GNU GPL v3 License.
- ADB – Android Software Development Kit License Agreement
- Base64 – GNU GPL v2 License
- Bootstrap – MIT License
- feather – MIT License
- Freepic Icons
- jQuery – MIT License
- jQuery.lazy – MIT License
- leaflet – BSD 2-Clause “Simplified” License
- pdfmake – MIT License
- SQLite-Deleted-Records-Parser – GNU GPL v3 License
- Undark – BSD License 2.0
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.