Digital Forensics Framework
 | This article provides insufficient context for those unfamiliar with the subject. (February 2014) |
| Digital Forensics Framework (DFF) | |
|---|---|
| Original authors | Frédéric Baguelin, Solal Jacob, Christophe Malinge, Jérémy Mounier |
| Developers | Frédéric Baguelin, Solal Jacob, Jérémy Mounier |
| Stable release | 1.3.0[1]
/ February 28, 2013 |
| Repository |
|
| Written in | C++, Python, PyQt4 |
| Engine | |
| Operating system | Unix-like, Windows |
| Available in | 7 languages |
| Type | Computer forensics |
| License | GPL |
| Website | www |
Digital Forensics Framework (DFF) is a discontinued computer forensics open-source software package. It is used by professionals and non-experts to collect, preserve and reveal digital evidence without compromising systems and data.[2]
User interfaces
[edit | edit source]Digital Forensics Framework offers a graphical user interface (GUI) developed in PyQt and a classical tree view. Features such as recursive view, tagging, live search and bookmarking are available. Its command line interface allows the user to remotely perform digital investigation. It comes with common shell functions such as completion, task management, globing and keyboard shortcuts. DFF can run batch scripts at startup to automate repetitive tasks. Advanced users and developers can use DFF directly from a Python interpreter to script their investigation.
Distribution methods
[edit | edit source]In addition to the source code package and binary installers for Linux and Windows,[3] Digital Forensics Framework is available in operating system distributions as is typical in free and open-source software (FOSS), including Debian,[4] Fedora and[5] Ubuntu.
Other Digital Forensics Framework methods available are digital forensics oriented distribution and live cd:
- DEFT Linux Live CD[6]
- Kali Linux[7]
Publications
[edit | edit source]- "Scriptez vos analyses forensiques avec Python et DFF" in the French magazine MISC[8]
- Several presentations about DFF in conferences: "Digital Forensics Framework" at ESGI Security Day[9] "An introduction to digital forensics" at RMLL 2013[10]
Published books that mention Digital Forensics Framework are:
- Digital Forensics with Open Source Tools (Syngress, 2011)[11]
- Computer Forensik Hacks (O'Reilly, 2012)[12]
- Malwares - Identification, analyse et éradication (Epsilon, 2013)[13]
- Digital Forensics for Handheld Devices (CRC Press Inc, 2012)[14]
In literature
[edit | edit source]- Saving Rain: The First Novel in The Rain Trilogy[15]
White papers
[edit | edit source]- Selective Imaging Revisited[16]
- A survey of main memory acquisition and analysis techniques for the windows operating system[17]
- Uforia : Universal forensic indexer and analyzer[18]
- Visualizing Indicators of Rootkit Infections in Memory Forensics[19]
- EM-DMKM Case Study Computer and Network Forensics[20]
- OV-chipcard DFF Extension[21]
- L'investigation numérique « libre »[22]
- Malware analysis method based on reverse technology (恶意 口序分析方法 耐)[23]
Prize
[edit | edit source]DFF was used to solve the 2010 Digital Forensic Research Workshop (DFRWS) challenge consisting of the reconstructing a physical dump of a NAND flash memory.[24]
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ [1][dead link]
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).[permanent dead link]
- ^ [2] [dead link]
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).