Digital Forensics Framework

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Digital Forensics Framework / DFF
Original author(s) Frédéric Baguelin, Solal Jacob, Christophe Malinge, Jérémy Mounier
Developer(s) Frédéric Baguelin, Solal Jacob, Jérémy Mounier
Stable release 1.3.0 [1] / February 28, 2013; 13 months ago (2013-02-28)
Development status Active
Written in C++, Python, PyQt4
Operating system Unix-like, Windows
Available in 7 languages
Type Computer forensics
License GPL
Website http://www.digital-forensic.org/

Digital Forensics Framework (DFF) is a framework which can be used to perform computer analysis and also develop its own tool set through the use of its API. DFF relies on core libraries (API) and lots of modules which are, for example, in charge of reconstructing volumes and filesystems with recovery of deleted items and unallocated area but also to extract metadata contained in different file types. Its internal search engine eases the finding of evidences.

User interfaces[edit]

Digital Forensics Framework offers two user interfaces, a graphical one developed in PyQt and providing classical tree view but also more advanced features such as recursive view, tagging, live search or bookmarking. Its command line interface enables to perform digital investigation remotely and comes with usual functionnalities available in common shell such as completion, tasks management, globing or keyboard shortcuts. DFF can also run batch scripts at startup to automate repetitive tasks. Advanced users and developers can also use DFF directly from a Python interpreter to script their investigation.

Distribution methods[edit]

In addition to the source code package and binary installers for GNU/Linux and Windows,[2] Digital Forensics Framework is also available in several operating system distributions as is typical in FOSS, including Debian,[3] Fedora and maintained by [cert.org],[4] Ubuntu.

Other methods in which Digital Forensics Framework is available are digital forensics oriented distribution and live cd

Publications[edit]

One article is published about DFF in magazines: "Scriptez vos analyses forensiques avec Python et DFF" in the French magazine MISC[7]

Several presentations about DFF in conferences: "Digital Forensics Framework" at ESGI Security Day[8] "An introduction to digital forensics" at RMLL 2013[9]

Published books that mention Digital Forensics Framework are:

  • Digital Forensics with Open Source Tools (Syngress, 2011)[10]
  • Computer Forensik Hacks (O'Reilly, 2012)[11]
  • Malwares - Identification, analyse et éradication (Epsilon, 2013)[12]
  • Digital Forensics for Handheld Devices (CRC Press Inc, 2012)[13]

In literature :

  • Saving Rain: The First Novel in The Rain Trilogy[14]

"Erik gives her another appreciative once over before handing her a laptop and turning all business minded. "We've been using the Digital Forensics Framework, ran various algorithms, including k-means clustering, but we keep coming up empty.” “What about SSH, cryptographic algorithms?” Raina asks ...

White papers :

  • Selective Imaging Revisited [15]
  • A survey of main memory acquisition and analysis techniques for the windows operating system [16]
  • Uforia : Universal forensic indexer and analyzer[17]
  • Visualizing Indicators of Rootkit Infections in Memory Forensics[18]
  • EM-DMKM Case Study Computer and Network Forensics[19]
  • OV-chipcard DFF Extension [20]
  • L'investigation numérique « libre » [21]
  • Malware analysis method based on reverse technology (恶意 口序分析方法 耐)[22]

Prize[edit]

DFF was used to solve the challenge of DFWRS 2010[23] consisting of the reconstruction of a physical dump of a NAND flash memory.

References[edit]

  1. ^ "[dff] Digital Forensics Framework 1.3.0 released". Lists.digital-forensic.org. Retrieved 2014-02-16. 
  2. ^ "Open Source digital forensics & incident response software". Digital-forensic.org. Retrieved 2014-02-16. 
  3. ^ "DFF accepted into Debian - Pollux's blog". Wzdftpd.net. Retrieved 2014-02-16. 
  4. ^ [1][dead link]
  5. ^ "DEFT 8 Roadmap and features | DEFT Linux - Computer Forensics live CD". DEFT Linux. Retrieved 2014-02-16. 
  6. ^ "Packages Summary". Git.kali.org. 2013-02-02. Retrieved 2014-02-16. 
  7. ^ "Misc 70 - LES EDITIONS DIAMOND". Boutique.ed-diamond.com. Retrieved 2014-02-16. 
  8. ^ [2][dead link]
  9. ^ [3][dead link]
  10. ^ "Digital Forensics with Open Source Tools: Cory Altheide, Harlan Carvey: 9781597495868: Amazon.com: Books". Amazon.com. Retrieved 2014-02-16. 
  11. ^ "Computer-Forensik Hacks: Amazon.de: Lorenz Kuhlee, Victor Völzow: Bücher". Amazon.de. 2009-09-09. Retrieved 2014-02-16. 
  12. ^ "Malwares - Identification, analyse et éradication: Amazon.fr: Paul RASCAGNERES: Livres". Amazon.fr. 2009-09-09. Retrieved 2014-02-16. 
  13. ^ "Digital Forensics for Handheld Devices: Amazon.fr: Eamon P. Doherty: Livres anglais et étrangers". Amazon.fr. 2009-09-09. Retrieved 2014-02-16. 
  14. ^ "Saving Rain: The First Novel in The Rain Trilogy eBook: Karen-Anne Stewart: Kindle Store". Amazon.com. Retrieved 2014-02-16. 
  15. ^ "IEEE Xplore Abstract - Selective Imaging Revisited". Ieeexplore.ieee.org. 2013-03-14. doi:10.1109/IMF.2013.16. Retrieved 2014-02-16. 
  16. ^ "A survey of main memory acquisition and analysis techniques for the windows operating system". Sciencedirect.com. 2011-07-31. Retrieved 2014-02-16. 
  17. ^ "Uforia: Universal forensic indexer and analyzer - Springer". Link.springer.com. Retrieved 2014-02-16. 
  18. ^ "IEEE Xplore Abstract - Visualizing Indicators of Rootkit Infections in Memory Forensics". Ieeexplore.ieee.org. 2013-03-14. doi:10.1109/IMF.2013.12. Retrieved 2014-02-16. 
  19. ^ "EM-DMKM Case Study Computer and Network Forensics". Cygalski.pl. Retrieved 2014-02-16. 
  20. ^ [4][dead link]
  21. ^ "L'investigation numerique" (in (French)). Agence-nationale-recherche.fr. Retrieved 2014-02-16. 
  22. ^ "Journal of Computer Applications : Vol.31 No.11". Joca.cn. November 2011. Retrieved 2014-02-16. 
  23. ^ "DFRWS 2010 Forensics Challenge Results". Dfrws.org. Retrieved 2014-02-16. 

External links[edit]