Digital Forensics Framework v0.5 released

DFF (Digital Forensics Framework) is a simple but powerfull open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc. The source code is written in C++ and Python, allowing performances and great extensibility

This project follows three main goals:

  • Modularity. In contrary to the monolithic model, the modular model is based on an a host and many modules. This modular conception presents two advantages: it permits to improve rapidly the software and to split easily tasks for developers
  • Scriptability, it is obvious that the ability to be scripted gives more flexibility to a tool, but it enables automation and gives the possibility to extend features
  • Genericity, the project tries to remain OS independent. We want to help people where they are ! Letting them choose any Operating System to use this software

API:

  • Stackable File System (made multi-layer analysis possible)
  • Environement API for auto-completion and auto generation of Graphical Script
  • Multi-threaded (possiblity to launch modules in background, so investigator can continue to work on the cases even if they launched modules that do heavy computations)
  • Hash calculation possible with different algo (MD5, SHA1, SHA256)
  • File oriented data representation (ex: a zip file can be browse like a normal directory, bypass zip-bomb problem)
  • MAC Times access

Users:

  • An user-friendly Graphical Interface, with multi-browser and dockable widget
  • A console interface
  • Multi-Platform (Linux, Windowx, futur port on BSD & OS X )
  • Tagged modules
  • Gallery view
  • File type auto-detection (don’t rely on file extension)
  • Command history

Developers:

  • API available both in Python and C++
  • Core API wrote in C++ for enhanced speed
  • Live Scripting : API available and scriptable in live with a python interpreter
  • Easy drivers and script developement through our API
  • Possibility of writing script both in console or in QT for graphical use
  • IDE, with template available for our different type of modules (graphical, console, drivers...)

Available Drivers and Scripts:

  • FAT 12/16/32 Drivers
  • FTL-Reconstruction and CellPhone file system
  • SMS-Decode
  • SHM (Shared Memory)
    and more here

More information: here

Thank you to Solal Jacob, for sharing this tool with us.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Comments

Related Articles

Digital Forensics Framework
Forensics
Local auditing