DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
|Tags||Forensics Security Filesystems Recovery Tools framework|
|Operating Systems||Linux BSD Mac OS X Windows|
|Implementation||SWIG C++ Python|
In addition to the new version 0.8 of the Digital Forensics Framework we are proud to announce the release of 3 new websites. The main portal http://www.digital-forensic.org was completely re-lifted. Users can now find documentation on http://wiki.digital-forensic.org. Finally, developers will find the technical documentation of the API on http://wiki.digital-forensic.org/api DFF.
Release Notes: This release adds many new features, bugfixes, and an enhanced graphical interface.
Release Notes: The GUI is now available in Chinese and also fully supports Unicode. An AFF dump connector has been added, based on AFFLib by Simson L. Garfinkel. Another new module allows you to extract mailbox contents from PST, OST, and PAB files, while also recovering deleted, orphaned files, and unallocated clusters, based on Joachim Metz's LibPFF. A new cache system was added for File Mapping and File Descriptor, and new time stamps handling was added. FAT orphaned files scan and attributes have been improved. A bug when adding devices and files on Windows several times has been fixed. FAT and NTFS modules have also been fixed.
Release Notes: This release adds support for the Encase file format. Bookmarking nodes and sorting them by categories is now available. Three views have been added to the hexadecimal viewer: pixel, block, and string. The NTFS module now fully supports alternate data streams (ADS). Devices on Windows can now be live opened. Inline documentation has been directly incorporated. Each process in the task manager now displays time of execution. Translation support has been added, and three languages are managed: English, Spanish, and French.
Release Notes: Ext2/3/4 and NTFS are now supported. The picture viewer now extracts thumbnails and EXIF metadata, and next and previous buttons are available. Linux live analysis is now possible. Browsers were enhanced. Widget management was improved. Menus were cleaned up. Live doc was enhanced by providing more information when calling "help(classname)" from the Python interpreter. The IDE now supports templates for new MFSO from v0.7.0. FAT FS manages recursion on deleted folders. A new statistic module was added, which produces a round chart listing the number of files by data type. A bindiff module was added, showing hex differences between two binary streams.
Release Notes: This release is dedicated to the DFRWS 2010 challenge. The API was rewritten to provide mapped file system objects, allowing data identification from a very low level. Attributes on nodes were improved, so any module can dynamically add its own attributes. Support was added for BSD systems. Many bugs were fixed. Graphical embellishments were made.