FAMA: Forensic Analysis for Mobile Apps

Frame extreatmentand Android analysis with built-in Autopsy module. Discard easily data user from a device and create robust reports for autopsy or external applications.

Specifications

• Export user application data from an Android device with ADB (root and ADB required).
• Dump user data from a picture Android or a mounted path.
• Easily create sections for a specific Android application.
• Create clear and legible JSON reports.
• Full built-in auto analysis compatibility (data source processor module, absorption module, reference unit, geographical location, communication and schedule support).
• Export HTML report based on the current case.

Prerequisites

• Python (2.7 +)
• Autopsy

Use

At the terminal

usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app Forensics Artefacts Analyzer positional arguments: app Application or package to be analyzed  or 


optional arguments:
  
-h, --help                                     show this help message and exit
  
-d DUMP [DUMP ...], --dump DUMP [DUMP ...]     Analyze specific(s) dump(s) 

At Autopsy

1. Download repository contents (zip).
2. Autopsy -> Tools -> Python Plugins
3. Unzip the previously downloaded zip in the folder python_modules.
4. Restart Autopsy, create a case, and select a module.
5. Set your module options in the Ingest Module window selector.
6. Click 'Generate Report' to generate an HTML report.

Tested on

• Windows (primary)
• Linux
• Mac OS

Application snapshots

You can download the program from here.