FAMA: Forensic Analysis For Mobile Apps
FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF).
FAMA is an Android extraction and analysis framework, useful for easily dump user data from a device and generate powerful reports for Autopsy or external applications.
The framework is developed and maintained by José Francisco and Ruben Nogueira.
Features
- Extract user application data from an Android device with ADB (root and ADB required).
- Dump user data from an android image or mounted path.
- Easily build modules for a specific Android application.
- Generate clean and readable JSON reports.
- Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
- Export HTML report based on the current case.
The script can be used as Autopsy module or in a terminal, please refers to GitHub [2] repository for usage info.