FAMA – Forensic Analysis For Mobile Apps

LabCIF – Forensic Evaluation for Cell Applications

Acquiring Begun

Android extraction and evaluation framework with an built-in Autopsy Module. Dump quickly person information from a product and create strong studies for Autopsy or external programs.

Functionalities

• Extract user software details from an Android device with ADB (root and ADB demanded).
• Dump user information from an android image or mounted path.
• Very easily construct modules for a precise Android software.
• Produce clean and readable JSON reviews.
• Comprehensive built-in Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, interaction and timeline support).
• Export HTML report based mostly on the recent situation.

Report Screenshots

Stipulations

• Python (2.7+)
• Autopsy (optional)

How to use

The script can be utilised directly in terminal or as Autopsy module.

Managing from Terminal

utilization: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] application

Forensics Artefacts Analyzer

positional arguments:
  application                                            Software or deal to be analyzed  or 

optional arguments:
  -h, --support                                     demonstrate this help concept and exit
  -d DUMP [DUMP ...], --dump DUMP [DUMP ...]     Review precise(s) dump(s) 
  -p Route, --route Path                           Dump app facts in path (mount or folder construction)
  -o OUTPUT, --output OUTPUT                     Report output route folder
  -a, --adb                                      Dump app details specifically from system with ADB
  -H, --html                                     Generate HTML report

Working from Autopsy

1. Down load repository contents (zip).
2. Open Autopsy -> Tools -> Python Plugins
3. Unzip beforehand downloaded zip in python_modules folder.
4. Restart Autopsy, generate a scenario and choose the module.
5. Decide on your module options in the Ingest Module window selector.
6. Click “Produce Report” to deliver an HTML report of the scenario.

Construct an software module

Do you need a forensics module for a unique Android software? Comply with the recommendations here and create a module by by yourself.

Authors

• José Francisco – GitHub
• Ruben Nogueira – GitHub

Mentors

• Miguel Frade – GitHub
• Patrício Domingues – GitHub

Job formulated as ultimate job for Pc Engineering study course in Escola Excellent de Tecnologia e Gestão de Leiria.

Environments Examined

• Home windows (most important)
• Linux
• Mac OS

License

This undertaking is accredited under the conditions of the GNU GPL v3 License.

• ADB – Android Software package Progress Package License Arrangement
• Base64 – GNU GPL v2 License
• Bootstrap – MIT License
• feather – MIT License
• Freepic Icons
• jQuery – MIT License
• jQuery.lazy – MIT License
• leaflet – BSD 2-Clause “Simplified” License
• pdfmake – MIT License
• SQLite-Deleted-Data-Parser – GNU GPL v3 License
• Undark – BSD License 2.

Image and Article Source connection

Study Extra on Pentesting Tools