DFF Package Description
DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.
- Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
- Access to local and remote devices: Disk drives, removable devices, remote file systems
- Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats
- Virtual machine disk reconstruction: VmWare (VMDK) compatible
- Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
- Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags, time-line
- Recover hidden and deleted artifacts: Deleted files / folders, unallocated spaces, carving
- Volatile memory forensics: Processes, local files, binary extraction, network connections
Source: http://www.digital-forensic.org/
DFF Homepage | Kali DFF Repo
- Author: ArxSys S.A.S.
- License: GPLv2
Tools included in the dff package
dff – Digital Forensic Framework
[email protected]:~# dff -h
DFF
Digital Forensic Framework
Usage: /usr/bin/dff [options]
Options:
-v --version display current version
-g --graphical launch graphical interface
-b --batch=FILENAME executes batch contained in FILENAME
-l --language=LANG use LANG as interface language
-h --help display this help message
-d --debug redirect IO to system console
--verbosity=LEVEL set verbosity level when debugging [0-3]
-c --config=FILEPATH use config file from FILEPATH
dff-gui – Digital Forensics Framework GUI
The Digital Forensics Framework – GUI.
dff-gui Usage Example
[email protected]:~# dff-gui
dff Usage Example
[email protected]:~# dff
loading modules in /usr/lib/python2.7/dist-packages/dff/modules
[OK] loading load v1.0.0
[OK] loading link v1.0.0
[OK] loading ls v1.0.0
[OK] loading find v1.2.0
[OK] loading batch v1.0.0
[OK] loading history v1.0.0
[OK] loading fg v1.0.0
[OK] loading jobs v1.0.0
[OK] loading cd v1.0.0
[OK] loading show_db v1.0.0
[OK] loading show_cwd v1.0.0
[OK] loading open v1.0.0
[OK] loading man v1.0.0
[OK] loading info v1.0.0
[OK] loading fileinfo v1.0.0
[OK] loading carverui v1.0.0
[OK] loading CARVER v1.0.0
[OK] loading carvergui v1.0.0
[OK] loading fileschart v1.0.0
[OK] loading volatility v1.0.0
[OK] loading PFF using old style module check
[OK] loading FUSE v1.0.0
[OK] loading extract v1.0.0
[OK] loading DEVICES v1.0.0
[OK] loading LOCAL v1.0.0
[OK] loading EWF v1.0.0
[OK] loading AFF v1.0.0
[OK] loading hash v1.0.0
[OK] loading merge v1.0.0
[OK] loading cut v1.0.0
[OK] loading split v1.0.0
[OK] loading FATFS v1.0.0
[OK] loading spare v1.0.0
[OK] loading NTFS v0.5.1
[OK] loading EXTFS v1.0.0
[OK] loading VMWARE v1.0.0
[OK] loading PARTITION v1.0.0
[OK] loading sqlitedb v1.0.0
[OK] loading imageviewer v1.0.0
[OK] loading textviewer v1.0.0
[OK] loading player v1.0.0
[OK] loading videothumbnailviewer v1.0.0
[OK] loading web v1.0.0
[OK] loading timeline v1.0.0
[OK] loading hexeditor v1.0.0
[OK] loading regedit v1.0.0
[OK] loading binarydiff v1.0.0
[OK] loading lnk v1.0.0
[OK] loading prefetch v1.0.0
[OK] loading compound v1.0.0
[OK] loading metaexif v1.0.0
##########################################
# Welcome on Digital Forensics Framework #
##########################################
dff / >