Forensic Analysis for Mobile Apps (FAMA) -- module for the Autopsy Forensic Browser

Overview

LabCIF - Forensic Analysis for Mobile Apps

Getting Started

Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications.

Functionalities

  • Extract user application data from an Android device with ADB (root and ADB required).
  • Dump user data from an android image or mounted path.
  • Easily build modules for a specific Android application.
  • Generate clean and readable JSON reports.
  • Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).
  • Export HTML report based on the current case.

Report Screenshots

Report Index

Report Sample

Prerequisites

How to use

The script can be used directly in terminal or as Autopsy module.

Running from Terminal

usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app

Forensics Artefacts Analyzer

positional arguments:
  app                                            Application or package to be analyzed <tiktok> or <com.zhiliaoapp.musically>

optional arguments:
  -h, --help                                     show this help message and exit
  -d DUMP [DUMP ...], --dump DUMP [DUMP ...]     Analyze specific(s) dump(s) <20200307_215555 ...>
  -p PATH, --path PATH                           Dump app data in path (mount or folder structure)
  -o OUTPUT, --output OUTPUT                     Report output path folder
  -a, --adb                                      Dump app data directly from device with ADB
  -H, --html                                     Generate HTML report

Running from Autopsy

  1. Download repository contents (zip).
  2. Open Autopsy -> Tools -> Python Plugins
  3. Unzip previously downloaded zip in python_modules folder.
  4. Restart Autopsy, create a case and select the module.
  5. Select your module options in the Ingest Module window selector.
  6. Click "Generate Report" to generate an HTML report of the case.

Build an application module

Do you need a forensics module for a specific Android application? Follow the instructions here and build a module by yourself.

Authors

Mentors

Project developed as final project for Computer Engineering course in Escola Superior de Tecnologia e Gestão de Leiria.

Environments Tested

  • Windows (primary)
  • Linux
  • Mac OS

License

This project is licensed under the terms of the GNU GPL v3 License.

Notes

  • Made with in Leiria, Portugal
You might also like...
Open Super dApp - Your gateway to the new digital commons. Integrated mobile messenger, Ethereum wallet, and Web 3.0 browser built on open, decentralized, and encrypted protocols.
Open Super dApp - Your gateway to the new digital commons. Integrated mobile messenger, Ethereum wallet, and Web 3.0 browser built on open, decentralized, and encrypted protocols.

A fully open source, open standard, decentralized "super app" including a secure, encrypted Matrix compatible messenger based off of the Element Messenger, and an Ethereum crypto wallet and web3 browser based off of Alpha Wallet.

An Android mobile app for viewing device screen in your web browser
An Android mobile app for viewing device screen in your web browser

Screen Stream over HTTP An Android mobile app for viewing device screen in your web browser. Developed by Dmitriy Krivoruchko · If there are any issue

SimpleCloud-haste-module - SimpleCloud module for uploading the logs of your services to hastebin

SimpleCloud Haste Module A SimpleCloud Module for uploading the current logs of

Xposed module to set the Signature Scheme for Android 30 = to 1. This allows system apps to be modified

SetSignatureSchemeV1 Xposed module to set the Signature Scheme for Android 30+ to 1. This allows system apps to be modified. This module makes the met

Workout Journal is a mobile app based on Multi-Module and Clean Architecture for those who want to track their progress over a workout and a calendar period.
Workout Journal is a mobile app based on Multi-Module and Clean Architecture for those who want to track their progress over a workout and a calendar period.

Workout-Journal Workout Journal is a mobile app for those who want to track their progress over a workout and a calendar period. The app allows you to

Communicating between Wear OS and Android device using the OpWear module and a sample of displaying real-time camera on the watch and sending commands to the mobile by Wear OS.
Communicating between Wear OS and Android device using the OpWear module and a sample of displaying real-time camera on the watch and sending commands to the mobile by Wear OS.

OpWear-Cam Communicating between Wear OS and Android device using the OpWear module and a sample of displaying real-time camera on the watch and sendi

enjarify 8.6 0.0 L5 Python Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.

Note: This repository may be out of date. Future development will occur at https://github.com/Storyyeller/enjarify. Introduction Enjarify is a tool fo

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Androl4b AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from dif

An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.
An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.

Maintained by SEA team, ThoughtWorks Inc. Read this in other languages: English, 简体中文 Table of Contents About the Project Usage How to Compute Contrib

A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

Library that makes debugging, log collection, filtering and analysis easier.
Library that makes debugging, log collection, filtering and analysis easier.

AndroidLogger Android Library that makes debugging, log collection, filtering and analysis easier. Contains 2 modules: Logger: 'com.github.ShiftHackZ.

Veyron - Covid 19 analysis using OWID data

veyron Covid 19 & Vaccine history representation by country. The app was designe

ArchGuard is a architecture governance tool which can analysis architecture in container, component, code level, create architecure fitness functions, and anaysis system dependencies..
ArchGuard is a architecture governance tool which can analysis architecture in container, component, code level, create architecure fitness functions, and anaysis system dependencies..

ArchGuard backend ArchGuard is a architecture governance tool which can analysis architecture in container, component, code level, database, create ar

Mole Analysis Use Case for HMS ML Kit Custom Model
Mole Analysis Use Case for HMS ML Kit Custom Model

Mole Analysis Mole Analysis Use Case for HMS ML Kit Custom Model Introduction What is Melanoma? Melanoma is the most serious among skin cancers becaus

A Program Analysis Toolkit for Android

PATDroid PATDroid is a collection of tools and data structures for analyzing Android applications and the system itself. We intend to build it as a co

Django application that performs SAST and Malware Analysis for Android APKs
Django application that performs SAST and Malware Analysis for Android APKs

Mobile Audit MobileAudit - SAST and Malware Analysis for Android Mobile APKs Components Docker Base images Main features Patterns Integrations Install

Static code analysis plugin for Android project. (Checkstyle, PMD)

Android Check Static code analysis plugin for Android project. Usage Modifications in project_dir/build.gradle: buildscript { repositories { jce

Easy setup of static analysis tools for Android and Java projects.

[DEPRECATED] Gradle static analysis plugin ⚠️ A fork of this project is maintained at https://github.com/GradleUp/static-analysis-plugin/ Please migra

Comments
  • bug: use system adb if available

    bug: use system adb if available

    If ADB is installed in the system, there is a considerable chance that ADB TCP service is already running, so it's preferred to use system ADB.

    Check if it's already in the system before making adb devices.

    Points of attention: maintain cross-OS compatibility.

    opened by rubnogueira 0
Releases(v0.2)
Owner
LabCIF
Lab of Cybersecurity and Digital Forensics at IPLeiria
LabCIF
Gradle plugin which helps you analyze the size of your Android apps.

Ruler Ruler is a Gradle plugin which helps you analyze the size of your Android apps. Motivation App size is an important metric which directly correl

Spotify 913 Dec 28, 2022
Candroid Browser is a replacement web browser for Candroid. It is designed to replace the AOSP browser, but not Google Chrome. It will be based on a privacy friendly WebKit engine fork.

Candroid Browser Candroid Browser is a replacement web browser for Candroid. It is designed to replace the AOSP browser, but not Google Chrome. It wil

Sean P. Myrick V19.1.7.2 3 Dec 22, 2022
Android Resource Manager application to manage and analysis your app resources with many features like image resize, Color, Dimens and code Analysis

Android Resource Manager application to manage and analysis your app resources with many features like image resize, Color, Dimens and code Analysis

Amr Hesham 26 Nov 16, 2022
A basic application demonstrating IPFS for collaborative data analysis, from the perspective of a Data Analysis Provider.

Spacebox A basic application demonstrating IPFS for collaborative data analysis, from the perspective of a Data Analysis Provider. Description This pr

null 0 Jan 15, 2022
📱 Andriller - is software utility with a collection of forensic tools for smartphones

Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel formats.

Denis Sazonov 980 Dec 27, 2022
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

Inspeckage - Android Package Inspector Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to function

acpm 2.5k Jan 8, 2023
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

___ ___ / | \ ____ __ __ ______ ____ / ~ \/ _ \| | \/ ___// __ \ \ Y ( <_> )

NCC Group Plc 1.2k Dec 21, 2022
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

StaCoAn Not maintained anymore! Will be archived soon. StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers pe

Vincent Cox 769 Dec 31, 2022
Proof of concept of custom widgets and apps running on the Z Flip3 cover screen. Adds a widget to Z Flip3 cover screen that lets you launch a web browser-like app on the cover.

SubUI-browser Proof of concept of custom widgets and apps running on the Z Flip3 cover screen. Adds a widget to Z Flip3 cover screen that lets you lau

null 35 Dec 24, 2022
Framework for Mobile test automation (Native app and Browser) on Android and IOS devices

Appium Mobile Automation Framework Framework for Mobile test automation (Native app and Browser) on Android and IOS devices ?? ?? Quick Start - Appium

Thangaraj 40 Nov 18, 2022