Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/arxsys/dff
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
https://github.com/arxsys/dff
Last synced: 2 months ago
JSON representation
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
- Host: GitHub
- URL: https://github.com/arxsys/dff
- Owner: arxsys
- License: gpl-2.0
- Created: 2015-09-22T12:36:14.000Z (over 9 years ago)
- Default Branch: develop
- Last Pushed: 2020-02-13T14:34:38.000Z (almost 5 years ago)
- Last Synced: 2024-02-14T18:33:51.938Z (12 months ago)
- Language: Python
- Homepage: http://www.digital-forensic.org
- Size: 305 KB
- Stars: 244
- Watchers: 28
- Forks: 60
- Open Issues: 21
-
Metadata Files:
- Readme: README
- Changelog: CHANGES
- License: LICENSE
Awesome Lists containing this project
- ForensicsTools - dff - Forensic framework (Challenges / Frameworks)
- awesome-forensics - dff - Forensic framework (Tools / Frameworks)
- Awesome-Forensics - dff - Forensic framework (Tools / Frameworks)
- awesome-hacking-lists - arxsys/dff - DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about us (Python)
README
Digital Forensics Framework
1. Introduction
2. Installation
2.1 Windows
2.2 Linux
3. Usage
4. Support1. Introduction
DFF is a simple but powerfull open source tool with a flexible module system
which will help you in your digital forensics works, including files recovery
due to error or crash, evidence research and analysis, etc. The source code is
written in C++ and Python, allowing performances and great extensibility.Although dff is quite young, it already provides a robust architecture and
some handy modules. You could download and try it via the Dowload page. Source
code, Debian packages and even windows setup are available. Any contribution,
suggestion or remark is welcome ! (see 4. Support)Nowadays computer forensic analysis tools are mainly large proprietary software
developed by some well-known companies.Few free and open source tools offers the same type of fully integrated
software, most of them are implemented as stand alone tools. Although some
framework exists, they are not very user or developer friendly. That is why we
decided to develop this tool as a free and open source and multi-platform
framework.This project follows three main goals :
- Modularity. In contrary to the monolithic model, the modular model is based on
an a host and many modules. This modular conception presents two advantages :
it permits to improve rapidly the software and to split easily tasks for
developers- Scriptability, it is obvious that the ability to be scripted gives more
flexibility to a tool, but it enables automation and gives the possibility to
extend features- Genericity, the project tries to remain OS independent. We want to help people
where they are ! Letting them choose any Operating System to use this
software.2. Installation
2.1 Windows
Python and Python QT have to be installed first.
Two packages are provided for Windows, one with those two dependencies add to DFF installer and an other with DFF installer alone.
Web-page where Python should be downloaded :
http://www.python.org/download/releases/2.7.1/.
Web-page where Python QT should be downloaded :
http://www.riverbankcomputing.co.uk/software/pyqt/downloadDFF is provided with a Nullsoft installer. Users just have to launch it and
follow instructions to install DFF.2.2 Linux
Using distribution package :
RPM and DEB packages are provided on http://www.digital-forensic.org. Graphical
helper from window manager can be used when double clicking on the package.DEB installation from terminal :
#> dpkg -i dff-.debRPM installation from terminal
#> rpm -i dff-.rpmCompiling from sources :
A GZipped tarball is also provided.
Cmake and latest version of swig are needed (http://www.swig.org, developer have
to compile and install the latest version himself).
In the top-source tree type :
$> cmake -DINSTALL=TRUE .
It creates make files.
To build type :
$> make
Install :
#> make install
Console Run :
$> dff.py
Graphical Run :
$> dff.py -g3. Usage
DFF reads a disk dump (for example from GNU 'dd' utils). Two user interfaces are
provided ; graphical and console. Command-line console also sits in graphical as
well.Graphical :
Click on the 'File(s)' menu and select 'Open evidence file(s)', then add your
disk dump.
Right-click on the dump, in the 'Browser' tab, select 'Open with' and apply a
filesystem module ; select 'file system' and 'fat' for example.
Files appears in the 'Virtual File System' tab.
Many informations are provided under 'Task Manager', 'Output' and 'Errors' tabs.Console :
Opening a local folder :
dff / > local --path /home/user/dumps --parent /--path is the directory to open
--parent is a virtual node, first specify the root one : /Applying fat module on a dump :
dff / > fat dumps/test.fat.ddListing nodes :
dff / > lsCompletion is provided using the key. User can obtain help using :
dff / > man4. Support
Online chat is on an IRC channel : #digital-forensic on irc.freenode.net
network.Main website : http://www.digital-forensic.org .
3 mailing lists are provided :
- User discussions about DFF : [email protected], registration and
posting freely available.
- Developers discussions about DFF : [email protected],
registration and posting freely available.
- News about DFF releases and event : [email protected],
registration freely available, low level traffic.Archives of this mailing lists : http://lists.digital-forensic.org
A project manager exists at https://tracker.digital-forensic.org , ideas and
bug submited by e-mail will be reported on it.Documentation sits on http://wiki.digital-forensic.org.