Nytro Posted November 29, 2016 Report Share Posted November 29, 2016 DFF is an Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigation and perform incident response. DFF follows three main goals : Modularity In contrary to the monolithic model, the modular model is based on a core and many modules. This modular conception presents two advantages : it permits to improve rapidly the software and to split easily tasks for developers. Scriptability It is obvious that the ability to be scripted gives more flexibility to a tool, but it also enables automation and gives the possibility to extend features Genericity the project tries to remain Operating System agnostic. We want to help people where they are ! Letting them choose any Operating System to use DFF. Amongst supported features of DFF : Automated analysis Mount partitions, file systems and extract files metadata and other usefull information in an automated way. Generate an HTML report with System & User activity Direct devices reading support Supported forensic image file formats AFF, E01, Ex01, L01, Lx01, dd, raw, bin, img Supported volumes & File systems with unallocated space, deleted items, slack space, ... DOS, GPT, VMDK, Volume Shadow Copy, NTFS, HFS+, HFSX, EXT2, EXT3, EXT4, FAT12, FAT16, FAT32 Embeded viewers for videos, images, pdf, text, office documents, registry, evt, evtx, sqlite, ... Outlook and Echange mailboxes (PAB, PST, OST) Metadata extraction Compound files (Word, Excel, Powerpoint, MSI, ...) Windows Prefetch Exif information LNK Browser history Firefox, Chrome, Opera System & Users activity connected devices, user accounts, recent documents, installed software, network, ... Volatile memory analysis with graphical interface to Volatility Videos thumbnails generation Support for Sqlite, Windows Registry, Evt and Evtx Full Skype analysis (Sqlite and old DDB format) Timeline based on all gathered timestamps (file systems and metadata) Hashset supports with automatic "known bad", "known good" tagging Mount functionnality to access recovered files and folders from your local system In place carving ... Sursa: https://github.com/arxsys/dff 2 Quote Link to comment Share on other sites More sharing options...
