Difference between pages "Selective file dumper" and "Tapeworm"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = SFDumper |
+
   name = TAPEWORM |
   maintainer = Nanni Bassetti, Denis Frati |
+
   maintainer = [[Douglas Koster]] |
   os = {{Linux}} |
+
   os = [[Linux]] |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
   license = Artistic License, {{GPL}}, {{Public Domain}} |
+
   license = unknown |
   website = [http://sfdumper.sourceforge.net/ sfdumper.sourceforge.net] |
+
   website = [http://feedthetapeworm.com/ feedthetapeworm.com/] |
 
}}
 
}}
  
'''Selective File Dumper''' (SFDumper) is a tool written in [[Bash]] Script for [[Linux]] systems.
+
From the [http://feedthetapeworm.com/ project site]:
  
It's fast and selective, it can retrieve all the files of the file type you choose with only one tool referenced, deleted and unallocated in very fast way.
+
TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.
  
The [[Bash]] script '''SFDUMPER.SH''' can recover active, deleted and unallocated files automatically and then it can delete the carved duplicate files of the deleted and active files retrieved by the [[Sleuthkit]], thanks to the comparison of the [[SHA256]] [[hash]] codes.
+
TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:
 +
* [[log2timeline]]
 +
* bulk_extractor
 +
* regripper
 +
* exiftool
 +
* volatility
 +
* Anti-Virus Scanning
 +
* Find Files of Interest
  
It's possible to recognize the renamed files by the data carving and it's possible to expand the [[Foremost]] configuration file inside the script, for adding new extensions.
+
== Tools ==
  
Finally, it is possible to do a [[keywords]] search on the set of files extracted by the [[Sleuthkit]] and [[Foremost]].
+
== History ==
  
The script can work on the partition chosen from an image file or directly from the device (eg. /dev/sdb).
+
== External Links ==
  
== Actions ==
+
* [http://feedthetapeworm.com/ Project site]
 
+
<blockquote>
+
1) Choosing the partition to analyze from an image file or a device;<br />
+
2) Choosing the file type by the extension you need to have;<br />
+
3) Extracting all referenced files by their extension;<br />
+
4) Extracting all the deleted files by their extension;<br />
+
5) Carving all the partitions chosen and, automatically, the script will<br />
+
    delete the duplicate files leaving only the carved files whose are not<br />
+
    into the referenced or delete set of files;<br />
+
6) Executing a keyword search on all the retrieved files;<br />
+
7) Reporting all with the investigator name, date and time.<br />
+
</blockquote>
+
 
+
== Requirements ==
+
 
+
* [[Linux]]
+
* [[Sleuthkit]]
+
* [[Foremost]]
+
* [[md5deep]] (sha256deep)
+
* [[grep]]
+
* [[awk]]
+
* [[sed]]
+
* [[dd]]
+
 
+
== Requirements for the GUI version ==
+
 
+
* [[Zenity]]
+
 
+
== Usage ==
+
 
+
''sudo sh sfdumper.sh''
+
 
+
or
+
 
+
''chmod +x sfdumper.sh''
+
 
+
''./sfdumper.sh''
+
 
+
== Official web site ==
+
 
+
* http://sfdumper.sourceforge.net
+
 
+
== External links ==
+
 
+
* http://freshmeat.net/projects/zenity
+
 
+
[[Category:Linux]]
+

Revision as of 00:41, 17 September 2012

TAPEWORM
Maintainer: Douglas Koster
OS: Linux
Genre: Analysis
License: unknown
Website: feedthetapeworm.com/

From the project site:

TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.

TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:

  • log2timeline
  • bulk_extractor
  • regripper
  • exiftool
  • volatility
  • Anti-Virus Scanning
  • Find Files of Interest

Tools

History

External Links