Fama : Forensic Analysis For Mobile Apps

Fama is a tool for android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications.

Functionalities

  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

Report Screenshots

Prerequisites

How to use?

The script can be used directly in terminal or as Autopsy module.

Running From Terminal

usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app

Forensics Artefacts Analyzer

positional arguments:
  app                                            Application or package to be analyzed <tiktok> or <com.zhiliaoapp.musically>

optional arguments:
  -h, --help                                     show this help message and exit
  -d DUMP [DUMP ...], --dump DUMP [DUMP ...]     Analyze specific(s) dump(s) <20200307_215555 ...>
  -p PATH, --path PATH                           Dump app data in path (mount or folder structure)
  -o OUTPUT, --output OUTPUT                     Report output path folder
  -a, --adb                                      Dump app data directly from device with ADB
  -H, --html                                     Generate HTML report

Running From Autopsy

  • Download repository contents (zip).
  • Open Autopsy -> Tools -> Python Plugins
  • Unzip previously downloaded zip in python_modules folder.
  • Restart Autopsy, create a case and select the module.
  • Select your module options in the Ingest Module window selector.
  • Click “Generate Report” to generate an HTML report of the case.

Build An Application Module

Do you need a forensics module for a specific Android application? Follow the instructions here and build a module by yourself.

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

14 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago