Digital Forensics Framework

Digital Forensics Framework / DFF
Original author(s)	Frédéric Baguelin, Solal Jacob, Christophe Malinge, Jérémy Mounier
Developer(s)	Frédéric Baguelin, Solal Jacob, Jérémy Mounier
Stable release	1.3.0 ^[1] / February 28, 2013 (2013-02-28)
Development status	Active
Written in	C++, Python, PyQt4
Operating system	Unix-like, Windows
Available in	7 languages
Type	Computer forensics
License	GPL
Website	http://www.digital-forensic.org/

Digital Forensics Framework (DFF) is an open source computer forensics software. It advertises the ability to be used by both professionals and non-experts to collect, preserve, and reveal digital evidence without compromising systems and data.^[2]

User interfaces

Digital Forensics Framework offers two user interfaces: a graphic one developed in PyQt and a classical tree view. In addition, more advanced features such as recursive view, tagging, live search and bookmarking are notable. Its command line interface allows the user to perform digital investigation remotely. It also comes with the usual functions available in common shell such as completion, tasks management, globing and keyboard shortcuts. DFF can also run batch scripts at start-up to automate repetitive tasks. Advanced users and developers can use DFF directly from a Python interpreter to script their investigation.

Distribution methods

In addition to the source code package and binary installers for GNU/Linux and Windows,^[3] Digital Forensics Framework is available in several operating system distributions as is typical in FOSS, including Debian,^[4] Fedora and maintained by [cert.org],^[5] Ubuntu.

Other Digital Forensics Framework methods available are digital forensics oriented distribution and live cd:

DEFT Linux Live CD^[6]
Kali Linux ^[7]

Publications

One article is published about DFF in magazines: "Scriptez vos analyses forensiques avec Python et DFF" in the French magazine MISC^[8]

Several presentations about DFF in conferences: "Digital Forensics Framework" at ESGI Security Day^[9] "An introduction to digital forensics" at RMLL 2013^[10]

Published books that mention Digital Forensics Framework are:

Digital Forensics with Open Source Tools (Syngress, 2011)^[11]
Computer Forensik Hacks (O'Reilly, 2012)^[12]
Malwares - Identification, analyse et éradication (Epsilon, 2013)^[13]
Digital Forensics for Handheld Devices (CRC Press Inc, 2012)^[14]

In literature :

Saving Rain: The First Novel in The Rain Trilogy^[15]

'Erik gives her another appreciative once over before handing her a laptop and turning all business minded. "We've been using the Digital Forensics Framework, ran various algorithms, including k-means clustering, but we keep coming up empty.” “What about SSH, cryptographic algorithms?” Raina asks ...'

White papers :

Selective Imaging Revisited ^[16]
A survey of main memory acquisition and analysis techniques for the windows operating system ^[17]
Uforia : Universal forensic indexer and analyzer^[18]
Visualizing Indicators of Rootkit Infections in Memory Forensics^[19]
EM-DMKM Case Study Computer and Network Forensics^[20]
OV-chipcard DFF Extension ^[21]
L'investigation numérique « libre » ^[22]
Malware analysis method based on reverse technology (恶意口序分析方法耐)^[23]

Prize

DFF was used to solve the challenge of DFWRS 2010^[24] consisting of the reconstruction of a physical dump of a NAND flash memory.

References

↑ "[dff] Digital Forensics Framework 1.3.0 released". Lists.digital-forensic.org. Retrieved 2014-02-16.
↑ "Digital Forensics Framework Homepage". ArxSys. Retrieved 28 May 2014.
↑ "Open Source digital forensics & incident response software". Digital-forensic.org. Retrieved 2014-02-16.
↑ "DFF accepted into Debian - Pollux's blog". Wzdftpd.net. Retrieved 2014-02-16.
↑
↑ "DEFT 8 Roadmap and features | DEFT Linux - Computer Forensics live CD". DEFT Linux. Retrieved 2014-02-16.
↑ "Packages Summary". Git.kali.org. 2013-02-02. Retrieved 2014-02-16.
↑ "Misc 70 - LES EDITIONS DIAMOND". Boutique.ed-diamond.com. Retrieved 2014-02-16.
↑
↑
↑ "Digital Forensics with Open Source Tools: Cory Altheide, Harlan Carvey: 9781597495868: Amazon.com: Books". Amazon.com. Retrieved 2014-02-16.
↑ "Computer-Forensik Hacks: Amazon.de: Lorenz Kuhlee, Victor Völzow: Bücher". Amazon.de. 2009-09-09. Retrieved 2014-02-16.
↑ "Malwares - Identification, analyse et éradication: Amazon.fr: Paul RASCAGNERES: Livres". Amazon.fr. 2009-09-09. Retrieved 2014-02-16.
↑ "Digital Forensics for Handheld Devices: Amazon.fr: Eamon P. Doherty: Livres anglais et étrangers". Amazon.fr. 2009-09-09. Retrieved 2014-02-16.
↑ "Saving Rain: The First Novel in The Rain Trilogy eBook: Karen-Anne Stewart: Kindle Store". Amazon.com. Retrieved 2014-02-16.
↑ "IEEE Xplore Abstract - Selective Imaging Revisited". Ieeexplore.ieee.org. 2013-03-14. doi:10.1109/IMF.2013.16. Retrieved 2014-02-16.
↑ "A survey of main memory acquisition and analysis techniques for the windows operating system". Sciencedirect.com. 2011-07-31. Retrieved 2014-02-16.
↑ "Uforia: Universal forensic indexer and analyzer - Springer". Link.springer.com. Retrieved 2014-02-16.
↑ "IEEE Xplore Abstract - Visualizing Indicators of Rootkit Infections in Memory Forensics". Ieeexplore.ieee.org. 2013-03-14. doi:10.1109/IMF.2013.12. Retrieved 2014-02-16.
↑ "EM-DMKM Case Study Computer and Network Forensics". Cygalski.pl. Retrieved 2014-02-16.
↑
↑ "L'investigation numerique" (in French). Agence-nationale-recherche.fr. Retrieved 2014-02-16.
↑ "Journal of Computer Applications : Vol.31 No.11". Joca.cn. November 2011. Retrieved 2014-02-16.
↑ "DFRWS 2010 Forensics Challenge Results". Dfrws.org. Retrieved 2014-02-16.