Digital Forensics Framework Explained

Digital Forensics Framework (DFF)
Author:Frédéric Baguelin, Solal Jacob, Christophe Malinge, Jérémy Mounier
Developer:Frédéric Baguelin, Solal Jacob, Jérémy Mounier
Latest Release Version:1.3.0[1]
Programming Language:C++, Python, PyQt4
Operating System:Unix-like, Windows
Language Count:7
Genre:Computer forensics
License:GPL

Digital Forensics Framework (DFF) is a discontinued computer forensics open-source software package. It is used by professionals and non-experts to collect, preserve and reveal digital evidence without compromising systems and data.[2]

User interfaces

Digital Forensics Framework offers a graphical user interface (GUI) developed in PyQt and a classical tree view. Features such as recursive view, tagging, live search and bookmarking are available. Its command line interface allows the user to remotely perform digital investigation. It comes with common shell functions such as completion, task management, globing and keyboard shortcuts. DFF can run batch scripts at startup to automate repetitive tasks. Advanced users and developers can use DFF directly from a Python interpreter to script their investigation.

Distribution methods

In addition to the source code package and binary installers for Linux and Windows,[3] Digital Forensics Framework is available in operating system distributions as is typical in free and open-source software (FOSS), including Debian,[4] Fedora and[5] Ubuntu.

Other Digital Forensics Framework methods available are digital forensics oriented distribution and live cd:

Publications

Published books that mention Digital Forensics Framework are:

In literature

White papers

Prize

DFF was used to solve the 2010 Digital Forensic Research Workshop (DFRWS) challenge consisting of the reconstructing a physical dump of a NAND flash memory.[24]

Notes and References

  1. Web site: [dff] Digital Forensics Framework 1.3.0 released |publisher=Lists.digital-forensic.org |accessdate=2014-02-16 |archive-url=https://web.archive.org/web/20140204020235/http://lists.digital-forensic.org/pipermail/dff/2013-February/000117.html |archive-date=2014-02-04 |url-status=dead ].
  2. Web site: Welcome to S.B. Jain Institute of Technology Management and Research. ArxSys. 28 May 2014.
  3. Web site: Open Source digital forensics & incident response software . Digital-forensic.org . 2014-02-16 . https://web.archive.org/web/20140204020449/http://www.digital-forensic.org/downloads/dff . 2014-02-04 . dead .
  4. Web site: DFF accepted into Debian - Pollux's blog . Wzdftpd.net . 2014-02-16 . https://web.archive.org/web/20140219010156/https://www.wzdftpd.net/blog/index.php?post%2F2011%2F10%2F18%2FDFF-accepted-into-Debian . 2014-02-19 . dead .
  5. Web site: Linux Forensics Tools Repository . January 24, 2014 . dead . https://web.archive.org/web/20131104091132/http://www.cert.org/forensics/tools/ . November 4, 2013 .
  6. Web site: DEFT 8 Roadmap and features | DEFT Linux - Computer Forensics live CD . DEFT Linux . 2014-02-16 . https://web.archive.org/web/20131103155223/http://www.deftlinux.net/2013/02/20/deft-8-roadmap-and-features/ . 2013-11-03 . dead .
  7. Web site: Packages Summary . Git.kali.org . 2013-02-02 . 2014-02-16.
  8. Web site: Misc 70 - LES EDITIONS DIAMOND . Boutique.ed-diamond.com . 2014-02-16.
  9. Web site: Security Day . January 24, 2014 . dead . https://web.archive.org/web/20140202175327/http://www.esgilab-secu.com/fiche.php . February 2, 2014 .
  10. http://schedule2013.rmll.info/programme/technique/securite/article/introduction-a-l-investigation.pdf
  11. Book: Digital Forensics with Open Source Tools: Cory Altheide, Harlan Carvey: 9781597495868: Amazon.com: Books . 2011-04-28. 978-1597495868. Altheide. Cory. Carvey. Harlan.
  12. Book: Computer-Forensik Hacks: Amazon.de: Lorenz Kuhlee, Victor Völzow: Bücher . 2009-09-09 . .
  13. Book: Malwares - Identification, analyse et éradication: Amazon.fr: Paul Rascagneres: Livres . 2009-09-09 . .
  14. Book: Digital Forensics for Handheld Devices: Amazon.fr: Eamon P. Doherty: Livres anglais et étrangers . 2009-09-09 . .
  15. Web site: Saving Rain: The First Novel in The Rain Trilogy eBook: Karen-Anne Stewart: Kindle Store . Amazon . 2014-02-16.
  16. Book: 45–58 . 10.1109/IMF.2013.16 . . 2013-03-14 . Selective Imaging Revisited . Stuttgen . Johannes . Dewald . Andreas . Freiling . Felix C. . 2013 Seventh International Conference on IT Security Incident Management and IT Forensics . 978-1-4673-6307-5 . 17356972 .
  17. A survey of main memory acquisition and analysis techniques for the windows operating system . 2011-07-31 . 2014-02-16 . 10.1016/j.diin.2011.06.002 . 8 . Digital Investigation . 3–22. Vömel . Stefan . Freiling . Felix C. .
  18. Uforia: Universal forensic indexer and analyzer . 10.1007/s11416-013-0177-4 . 9 . 2 . Journal of Computer Virology and Hacking Techniques . 59–63. 2013. Eijkhoudt. Arnim. Suerink . Tristan . 29814904 .
  19. Book: 122–139 . 10.1109/IMF.2013.12 . . 2013-03-14 . Visualizing Indicators of Rootkit Infections in Memory Forensics . Vomel . Stefan . Lenz . Hermann . 2013 Seventh International Conference on IT Security Incident Management and IT Forensics . 978-1-4673-6307-5 . 11765652 .
  20. Web site: EM-DMKM Case Study Computer and Network Forensics . Cygalski.pl . 2014-02-16 .
  21. https://www.os3.nl/_media/2010-2011/students/jochem_van_kerkwijk/cf/cf_report.pdf
  22. Web site: L'investigation numerique . Agence-nationale-recherche.fr . fr . 2014-02-16.
  23. Web site: Journal of Computer Applications : Vol.31 No.11. Joca.cn. November 2011. 2014-02-16.
  24. Web site: DFRWS 2010 Forensics Challenge Results . Dfrws.org . 2014-02-16 . dead . https://web.archive.org/web/20140203144143/http://dfrws.org/2010/challenge/results.shtml . 2014-02-03 .