Projects / Digital Forensics Framework

Digital Forensics Framework

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Tags
Licenses
Operating Systems
Implementation

Last announcement

New websites, new wiki and documentation ! 28 Oct 2010 10:31

In addition to the new version 0.8 of the Digital Forensics Framework we are proud to announce the release of 3 new websites. The main portal http://www.digital-forensic.org was completely re-lifted. Users can now find documentation on http://wiki.digital-forensic.org. Finally, developers will find the technical documentation of the API on http://wiki.digital-forensic.org/api DFF.

Recent releases

  •  01 Mar 2013 10:17

    Release Notes: This release adds many new features, bugfixes, and an enhanced graphical interface.

    •  24 May 2011 09:59

      Release Notes: The GUI is now available in Chinese and also fully supports Unicode. An AFF dump connector has been added, based on AFFLib by Simson L. Garfinkel. Another new module allows you to extract mailbox contents from PST, OST, and PAB files, while also recovering deleted, orphaned files, and unallocated clusters, based on Joachim Metz's LibPFF. A new cache system was added for File Mapping and File Descriptor, and new time stamps handling was added. FAT orphaned files scan and attributes have been improved. A bug when adding devices and files on Windows several times has been fixed. FAT and NTFS modules have also been fixed.

      •  12 Jan 2011 11:16

        Release Notes: This release adds support for the Encase file format. Bookmarking nodes and sorting them by categories is now available. Three views have been added to the hexadecimal viewer: pixel, block, and string. The NTFS module now fully supports alternate data streams (ADS). Devices on Windows can now be live opened. Inline documentation has been directly incorporated. Each process in the task manager now displays time of execution. Translation support has been added, and three languages are managed: English, Spanish, and French.

        •  28 Oct 2010 10:30

          Release Notes: Ext2/3/4 and NTFS are now supported. The picture viewer now extracts thumbnails and EXIF metadata, and next and previous buttons are available. Linux live analysis is now possible. Browsers were enhanced. Widget management was improved. Menus were cleaned up. Live doc was enhanced by providing more information when calling "help(classname)" from the Python interpreter. The IDE now supports templates for new MFSO from v0.7.0. FAT FS manages recursion on deleted folders. A new statistic module was added, which produces a round chart listing the number of files by data type. A bindiff module was added, showing hex differences between two binary streams.

          •  25 Jul 2010 00:49

            Release Notes: This release is dedicated to the DFRWS 2010 challenge. The API was rewritten to provide mapped file system objects, allowing data identification from a very low level. Attributes on nodes were improved, so any module can dynamically add its own attributes. Support was added for BSD systems. Many bugs were fixed. Graphical embellishments were made.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.