{"id":13456156,"url":"https://github.com/IncideDigital/rvt2","last_synced_at":"2025-03-24T09:31:32.261Z","repository":{"id":126141665,"uuid":"245168336","full_name":"IncideDigital/rvt2","owner":"IncideDigital","description":"An open source framework for computer forensics","archived":false,"fork":false,"pushed_at":"2024-06-25T10:54:37.000Z","size":7126,"stargazers_count":52,"open_issues_count":0,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-10-28T23:33:52.171Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://incidedigital.github.io/rvt2-docs","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IncideDigital.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-05T13:19:16.000Z","updated_at":"2024-08-22T19:41:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"9b191c43-969f-4f6f-9956-e9469d42cc67","html_url":"https://github.com/IncideDigital/rvt2","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IncideDigital%2Frvt2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IncideDigital%2Frvt2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IncideDigital%2Frvt2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IncideDigital%2Frvt2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IncideDigital","download_url":"https://codeload.github.com/IncideDigital/rvt2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245243300,"owners_count":20583602,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T08:01:17.013Z","updated_at":"2025-03-24T09:31:30.376Z","avatar_url":"https://github.com/IncideDigital.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Revealer Toolkit 2\n\n![](docs/data/rvt2_logo.png)\n\n## Introduction\n\nRevealer Toolkit 2 (RVT2) is a framework for computer forensics. It is written in Python 3 and internally many open source tools like The Sleuth Kit or regripper.\n\nRVT2 aims to automate rutinary tasks and analysis when managing forensic images, or sources. RVT2 is specially useful in an environment with many cases and many sources.\n\nRVT2 is developed and continously used in [INCIDE](https://www.incide.es/), a Spanish DFIR company sited at the beautiful city of Barcelona.\n\nIt is designed to run on Debian Buster stable version, but can also be installed with `docker` if desired.\n\nThe analyst/user manual for RVT2 is available at [rvt2-docs](https://incidedigital.github.io/rvt2-docs). For a more in depth description of the modules, packages and classes in the RVT2, check the Developers manual [rvt2-devel](https://incidedigital.github.io/rvt2) (soon to be realeased).\n\n## Installation\n\nCurrently, there are two ways of installing and using the RVT2:\n\n* Via Docker\n* Standalone Version\n\n### Docker\n\nRVT2 can be started with `docker` using the build at [rvt2-docker](https://github.com/IncideDigital/rvt2-docker). Follow the instructions described in the repository to run RVT2 `with docker`.\n\n### Standalone\n\nRVT2 is designed to run on Ubuntu Jammy Jellyfish stable version, althought it is possible to install it on other other GNU-Linux flavours.\n\nThese commands will clone the RVT2 source code and install the external dependencies:\n\n```bash\ngit clone https://github.com/IncideDigital/rvt2.git\ncd rvt2\nsudo bash setup.sh run\n```\n\nThe directory where the RVT2 was cloned will be referred as the `$RVT2_HOME` directory in this documentation.\n\nRVT2 manages the Python dependencies or the core plugins internally. The first time the RVT2 is run, it will create a pyenv environment and install these dependecies. As a result, the first run of the RVT2 will be very slow!\n\nIf you prefer a manual installation of the Python dependencies, run these commands from the `$RVT2_HOME` directory.\n\n```bash\npython3 -m pip install --user --force-reinstall pipenv\npipenv --three\npipenv install\n```\n\n### External tools\n\nSome plugins may need additional external tools. For example:\n\n* indexer: The indexer needs Tika and ElasticSearch. An easy installation can be executed with the scripts provided in the `external_tools` folder.\n* ai: Image classification models must be downloaded. Read [INSTALL.md](plugins/ai/INSTALL.ai) for more information.\n\nIn addition, if you download additional plugins, be sure to check their documentation for any additional plugins they might need.\n\n### Permissions\n\nRVT2 uses many system commands (such as mount) that must executed with root privileges. This is not a problem if the analyst is the only user of the machine.\n\nIn a multi-user environment, you might consider adding some extra security to prevent analysts to be root of the machine. Add a rvt user and analysts group to your OS:\n\n```bash\ngroupadd analysts\nuseradd -M -N -s /bin/false -r -G analyst rvt\n```\n\nChange loopdevices permissions to allow members of the analyst group to read from them:\n\n```bash\necho \"for i in $(seq 8 31) ; do mknod -m 660 /dev/loop$i b 7 $i ; done\\nchgrp analysts /dev/loop*\" \u003e /etc/rc.local\n```\n\nEdit /etc/sudoers with visudo and allow the rvt user to run these commands without promping for a password:\n\n```\n%analyst (rvt) NOPASSWD: $RVT2_HOME/rvt2/rvt2\nrvt ALL=(root) NOPASSWD: /bin/mount, /bin/umount, /sbin/losetup, /usr/local/bin/vshadowmount, /usr/bin/bindfs, /usr/local/bin/icat\n```\n\nThen, run rvt2 command as rvt user:\n\n```bash\nsudo -u rvt $RVT2_HOME/rvt2 [options]\n```\n\nFinally, it is recommended that directories storing information about a case must have the user rvt as owner and the group analyst with reading permissions but not writing.\n\n## Basic Usage\n\nMost of the time, you are going to run one of the predefined jobs with the default configuration. For example, to index the content of a disk in ElasticSearch, run:\n\n```bash\nrvt2 \\\n    --client client --casename 112233 --source 01 \\\n    -j allocfiles \\\n    --params option1=1 option2 -- \\\n    path_to_a_directory\n```\n\nThere are dozens of predefined jobs with a default configuration you won't need to change. You can get the list of predefined by running the job show_jobs, which is also the default job:\n\n```bash\nrvt2\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIncideDigital%2Frvt2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FIncideDigital%2Frvt2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIncideDigital%2Frvt2/lists"}