hashlookup-forensic-analyser Logo

hashlookup-forensic-analyser

0
Free
Visit Website

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service or the Bloom filter from CIRCL hashlookup. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation. The project is a component of the hashlookup.io project. Usage: hashlookup-analyser.py [-h] [-v] [--extended-debug] [--progress] [--disable-progress] [-d DIR] [--report] [--live-linux] [--print-all] [--print-unknown] [--include-stats] [--format FORMAT] [--cache] [--bloomfilters BLOOMFILTERS [BLOOMFILTERS ...]] [--bloomfilter-algorithm BLOOMFILTER_ALGORITHM] [--bloomfilters-lower-case] Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service. Optional arguments: -h, --help show this help message and exit -v, --verbose Verbose output. --extended-debug Debug file processed along with the mode and type. --progress Print progress of the file lookup on stderr. --disable-progress Disable printing progress of the file lookup on stderr. -d DIR, --dir DIR Directory to analyse. --report Generate a report

FEATURES

ALTERNATIVES

GUI-based memory forensic capture tool for cyber forensics and cyber crime investigation.

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

Open Source computer forensics platform with modular design for easy automation and scripting.

XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.

Tool for analyzing Windows Recycle Bin INFO2 file

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

Python script to parse the NTFS USN Change Journal.

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.