Saturday, February 2, 2013

Backtrack Forensics: Digital Forensic Framework (DFF)

Menu: Forensics -> Forensic Suites
Directory: various
Official Website:
License: GNU GLP v2

DFF is a free and open source forensic tool, which can perform the most common forensic tasks, like image and file system analysis, file carving, memory analysis, etc...

For the example here I picked up image #11 from
I used the GUI version, and once it's started, we can select "File -> Open evidence"

Once the image is added we will see its details on the right. In the middle we can right click on the image name, and select "Open with", which will do an analysis / task with one of the modules.

Here I choose "Search -> carvergui" which will do file carving on the disk, based on file header signatures. I selected everything, and hit "Start".

Once, it's done, the results will appear in the left tree, and we can browse through.

I played around with a few tools, but I think the other individual tools, for specific tasks, are much better then this. It's not bad, but there are better stuff.

No comments: