Skip to content
This repository was archived by the owner on Aug 28, 2025. It is now read-only.

labcif/FAMA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

227 Commits
dependencies
dependencies
 
 
modules
modules
 
 
package
package
 
 
psy
psy
 
 
template
template
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
autopsy.py
autopsy.py
 
 
start.py
start.py
 
 

Repository files navigation

DEPRECATED: LabCIF - Forensic Analysis for Mobile Apps

Getting Started

Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications.

Functionalities

  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

Report Screenshots

Report Index

Report Sample

Prerequisites

How to use

The script can be used directly in terminal or as Autopsy module.

Running from Terminal

usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app

Forensics Artefacts Analyzer

positional arguments:
  app                                            Application or package to be analyzed <tiktok> or <com.zhiliaoapp.musically>

optional arguments:
  -h, --help                                     show this help message and exit
  -d DUMP [DUMP ...], --dump DUMP [DUMP ...]     Analyze specific(s) dump(s) <20200307_215555 ...>
  -p PATH, --path PATH                           Dump app data in path (mount or folder structure)
  -o OUTPUT, --output OUTPUT                     Report output path folder
  -a, --adb                                      Dump app data directly from device with ADB
  -H, --html                                     Generate HTML report

Running from Autopsy

  1. Download repository contents (zip).
  2. Open Autopsy -> Tools -> Python Plugins
  3. Unzip previously downloaded zip in python_modules folder.
  4. Restart Autopsy, create a case and select the module.
  5. Select your module options in the Ingest Module window selector.
  6. Click "Generate Report" to generate an HTML report of the case.

Build an application module

Do you need a forensics module for a specific Android application? Follow the instructions here and build a module by yourself.

Authors

Mentors

Project developed as final project for Computer Engineering course in Escola Superior de Tecnologia e Gestão de Leiria.

Environments Tested

  • Windows (primary)
  • Linux
  • Mac OS

License

This project is licensed under the terms of the GNU GPL v3 License.

Notes

  • Made with ❤ in Leiria, Portugal

About

Forensic Analysis for Mobile Apps (FAMA) -- module for the Autopsy Forensic Browser

Topics

android python adb forensics autopsy undark

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

151 stars

Watchers

12 watching

Forks

31 forks
Report repository

Releases 2

First release with Zenodo Latest
Jun 24, 2020
+ 1 release

Packages

No packages published

Contributors 3

Languages