{"id":13698260,"url":"https://github.com/arxsys/dff","last_synced_at":"2025-05-04T03:31:10.472Z","repository":{"id":43730869,"uuid":"42932665","full_name":"arxsys/dff","owner":"arxsys","description":"DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.","archived":false,"fork":false,"pushed_at":"2020-02-13T14:34:38.000Z","size":312,"stargazers_count":244,"open_issues_count":21,"forks_count":60,"subscribers_count":28,"default_branch":"develop","last_synced_at":"2024-02-14T18:33:51.938Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://www.digital-forensic.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arxsys.png","metadata":{"files":{"readme":"README","changelog":"CHANGES","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-22T12:36:14.000Z","updated_at":"2024-01-31T12:39:35.000Z","dependencies_parsed_at":"2022-09-17T17:00:57.690Z","dependency_job_id":null,"html_url":"https://github.com/arxsys/dff","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arxsys%2Fdff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arxsys%2Fdff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arxsys%2Fdff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arxsys%2Fdff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arxsys","download_url":"https://codeload.github.com/arxsys/dff/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252283591,"owners_count":21723504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T19:00:42.604Z","updated_at":"2025-05-04T03:31:09.336Z","avatar_url":"https://github.com/arxsys.png","language":"Python","readme":"Digital Forensics Framework\r\n\r\n1. Introduction\r\n\r\n2. Installation\r\n 2.1 Windows\r\n 2.2 Linux\r\n3. Usage\r\n4. Support\r\n\r\n1. Introduction\r\n\r\nDFF is a simple but powerfull open source tool with a flexible module system\r\nwhich will help you in your digital forensics works, including files recovery\r\ndue to error or crash, evidence research and analysis, etc. The source code is\r\nwritten in C++ and Python, allowing performances and great extensibility.\r\n\r\nAlthough dff is quite young, it already provides a robust architecture and\r\nsome handy modules. You could download and try it via the Dowload page. Source\r\ncode, Debian packages and even windows setup are available. Any contribution,\r\nsuggestion or remark is welcome ! (see 4. Support)\r\n\r\nNowadays computer forensic analysis tools are mainly large proprietary software\r\ndeveloped by some well-known companies.\r\n\r\nFew free and open source tools offers the same type of fully integrated\r\nsoftware, most of them are implemented as stand alone tools. Although some\r\nframework exists, they are not very user or developer friendly. That is why we\r\ndecided to develop this tool as a free and open source and multi-platform\r\nframework.\r\n\r\nThis project follows three main goals :\r\n\r\n- Modularity. In contrary to the monolithic model, the modular model is based on\r\n  an a host and many modules. This modular conception presents two advantages :\r\n  it permits to improve rapidly the software and to split easily tasks for\r\n  developers\r\n\r\n- Scriptability, it is obvious that the ability to be scripted gives more\r\n  flexibility to a tool, but it enables automation and gives the possibility to\r\n  extend features\r\n\r\n- Genericity, the project tries to remain OS independent. We want to help people\r\n  where they are ! Letting them choose any Operating System to use this\r\n  software.\r\n\r\n\r\n2. Installation\r\n\r\n2.1 Windows\r\n\r\nPython and Python QT have to be installed first.\r\n\r\nTwo packages are provided for Windows, one with those two dependencies add to DFF installer and an other with DFF installer alone.\r\n\r\nWeb-page where Python should be downloaded :\r\nhttp://www.python.org/download/releases/2.7.1/.\r\nWeb-page where Python QT should be downloaded :\r\nhttp://www.riverbankcomputing.co.uk/software/pyqt/download\r\n\r\nDFF is provided with a Nullsoft installer. Users just have to launch it and\r\nfollow instructions to install DFF.\r\n\r\n\r\n2.2 Linux\r\n\r\nUsing distribution package :\r\n\r\nRPM and DEB packages are provided on http://www.digital-forensic.org. Graphical\r\nhelper from window manager can be used when double clicking on the package.\r\n\r\nDEB installation from terminal :\r\n#\u003e dpkg -i dff-\u003cversion\u003e.deb\r\n\r\nRPM installation from terminal \r\n#\u003e rpm -i dff-\u003cversion\u003e.rpm\r\n\r\nCompiling from sources :\r\n\r\nA GZipped tarball is also provided.\r\nCmake and latest version of swig are needed (http://www.swig.org, developer have\r\nto compile and install the latest version himself).\r\nIn the top-source tree type :\r\n$\u003e cmake -DINSTALL=TRUE .\r\nIt creates make files.\r\nTo build type :\r\n$\u003e make\r\nInstall :\r\n#\u003e make install\r\nConsole Run :\r\n$\u003e dff.py\r\nGraphical Run :\r\n$\u003e dff.py -g\r\n\r\n3. Usage\r\n\r\nDFF reads a disk dump (for example from GNU 'dd' utils). Two user interfaces are\r\nprovided ; graphical and console. Command-line console also sits in graphical as\r\nwell.\r\n\r\nGraphical :\r\nClick on the 'File(s)' menu and select 'Open evidence file(s)', then add your\r\ndisk dump.\r\nRight-click on the dump, in the 'Browser' tab, select 'Open with' and apply a\r\nfilesystem module ; select 'file system' and 'fat' for example.\r\nFiles appears in the 'Virtual File System' tab.\r\nMany informations are provided under 'Task Manager', 'Output' and 'Errors' tabs.\r\n\r\n\r\nConsole :\r\nOpening a local folder :\r\ndff / \u003e local --path /home/user/dumps --parent /\r\n\r\n--path is the directory to open\r\n--parent is a virtual node, first specify the root one : /\r\n\r\nApplying fat module on a dump :\r\ndff / \u003e fat dumps/test.fat.dd\r\n\r\nListing nodes :\r\ndff / \u003e ls\r\n\r\nCompletion is provided using the \u003cTab\u003e key. User can obtain help using :\r\ndff / \u003e man \u003ccommand\u003e\r\n\r\n\r\n4. Support\r\n\r\nOnline chat is on an IRC channel : #digital-forensic on irc.freenode.net\r\nnetwork.\r\n\r\nMain website : http://www.digital-forensic.org .\r\n\r\n3 mailing lists are provided :\r\n- User discussions about DFF : dff@digital-forensic.org, registration and\r\n  posting freely available.\r\n- Developers discussions about DFF : dff-devel@digital-forensic.org,\r\n  registration and posting freely available.\r\n- News about DFF releases and event : dff-announce@digital-forensic.org,\r\n  registration freely available, low level traffic.\r\n\r\nArchives of this mailing lists : http://lists.digital-forensic.org\r\n\r\nA project manager exists at https://tracker.digital-forensic.org , ideas and\r\nbug submited by e-mail will be reported on it.\r\n\r\nDocumentation sits on http://wiki.digital-forensic.org.\r\n\r\n","funding_links":[],"categories":["Tools","Challenges","Python","Python (1887)","\u003ca id=\"ecb63dfb62722feb6d43a9506515b4e3\"\u003e\u003c/a\u003e新添加"],"sub_categories":["Frameworks"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farxsys%2Fdff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farxsys%2Fdff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farxsys%2Fdff/lists"}