There are many tools on the market today for conducting computer forensics. Many can cost you several thousand dollars, and then you have to pay a renewal fee to get updates.
I am a firm believer in not re-inventing the wheel. If there are options out there to get the job done and it is free, then why not use it. The catch to doing computer forensics is the art of collecting information without altering the data. There are tools for this also but we will talk about those later.
DFF is designed to be a great open source tool with a backend of Python and C++ programing languages. You can design your own scripts to be used by DFF or you can hire the developers to do it for you. Either way, this is a great tool for computer forensics and should be in your arsenal.
I am quoting below from DFF web site…
Computer forensics analysis
Read local drivers or disk images (raw, ewf, aff); reconstruct classical or virtual volumes; mount file systems (FAT 12/16/32, NTFS with ADS support, EXTFS 2/3/4); perform system analysis (Microsoft Windows registry, Mailboxes, etc.); metadata extraction (file system structures, accessed/modified/created times, pictures, etc.)
DFF integrates the Volatility Memory Framework. So you can easily list processes, open connation’s and files, loaded libraries, etc.
Recover deleted, hidden or damage data from FAT, NTFS and EXTFS file systems. Highlight slack and unused spaces so you won't miss any piece of information. DFF also provides a graphical and customizable carving engine based on file signatures.
Advanced search engine
Quickly reveal clues thanks to the powerful search engine based on lucen library. You can search and filter by keywords and dictionaries, regular expressions, fuzzy matching, mime types, extensions and deep filter metadata.
Preview data (hexadecimal, images, documents, videos, etc.); browse file and directory content; preview file content in a gallery; use a dynamic window system; tag and bookmarks elements; use an interface with your mother tongue (fr, us, br, de, etc.); use a command line interface.
API and development platform
Create your own modules and scripts: Object Oriented Programming libraries (both Python and C++); search library; Virtual File System library; easily reconstruct and reorder memory blocks; task manager; Integrated Development Environment; attributes management.
Oh boy! Do you see all this free program does? You could not ask for a better open source tool to have in your toolbox. I am not putting any images because the DFF web site has some great screen shots. You can find videos over at YouTube that others have posted like this one here http://www.youtube.com/watch?v=23fcif6hz6A
You can find many more videos if you Google “DFF Forensics YouTube” minus the quotes or click the link provided here. We will be bringing you more great open source tools to your attention as we move forward in this digital dependent growing age.
Let me take a few seconds to add a plug for a new DVD that we are currently working on. It is called UFO and it is based on tools that are readily available via the internet and Linux. There are many disks out there for download with some tools in it and what we wanted to do is build one with all tools. Be on the lookout for UFO (Ultimate Forensics Outflow). Tim and a few others are privy to this disk, so if you have questions or thoughts please post them.
Thank you for stopping by, we look forward to hearing from you. So please leave us your thoughts and requests.
Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people, this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!
Tim is the Oldcommguy and Chief Technical Editor of Lovemytool.com and working as a volunteer for the Georgia POST helping to train Georgia's Law Enforcement community in sound techniques for recognition, protection and acquisition of lawful cyber evidence.