Dff (Digital Forensics Framewor) is a simple but powerfull open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc. The source code is written in C++ and Python, allowing performances and great extensibility
Features
API :
Stackable File System (made multi-layer analysis possible)
Environement API for auto-completion and auto generation of Graphical Script
Multi-threaded (possiblity to launch modules in background, so investigator can continue to work on the cases even if they launched modules that do heavy computations)
Hash calculation possible with different algo (MD5, SHA1, SHA256)
File oriented data representation (ex: a zip file can be browse like a normal directory, bypass zip-bomb problem)
MAC Times access
Users :
An user-friendly Graphical Interface, with multi-browser and dockable widget
A console interface
Multi-Platform (Linux, Windowx, futur port on BSD & OS X )
Tagged modules
Gallery view
File type auto-detection (don’t rely on file extension)
Command history
Developers:
API available both in Python and C++
Core API wrote in C++ for enhanced speed
Live Scripting : API available and scriptable in live with a python interpreter
Easy drivers and script developement through our API
Possibility of writing script both in console or in QT for graphical use
IDE, with template available for our different type of modules (graphical, console, drivers...)
Available Drivers and Scripts:
FAT 12/16/32 Drivers
FTL-Reconstruction and CellPhone file system
SMS-Decode
SHM (Shared Memory) and more here
Download地址:http://www.digital-forensic.org/download-en.html
