This content originally appeared on DEV Community and was authored by RG
๐๐ TRACE is a digital forensic analysis tool I developed for my final year project, designed with a user-friendly interface for investigating disk images. ๐๐
ย
๐ Preview
ย
๐ง Features
- ๐๏ธ *Image Mounting: Mount forensic disk images. (Windows only)
- ๐ณ Tree Viewer: Navigate disk image structures.
- ๐ Detailed File Analysis: View file content in HEX, text, and application-specific formats.
- ๐ธ EXIF Data Extraction: Extract and display EXIF metadata from pictures.
- ๐๏ธ Registry Viewer: Examine Windows registry files.
- ๐ช *Basic File Carving -not fully integrated: Recover deleted files from disk images.
- ๐ฆ Virus Total API Integration: Scan files for malware using Virus Total.
- โ E01 Image Verification & Conversion: Verify integrity and convert E01 images to raw format.
- ๐ฌ Message Decoding: Decode messages from base64, binary, and other encodings.
- And more!
ย
๐ป๐ฅ๏ธ Cross-Platform Compatibility
ย
๐พ Supported Image Formats
Image Format | Extensions |
---|---|
EnCaseยฎ Image File (EVF / Expert Witness Format) |
*.E01 *.Ex01
|
SMART/Expert Witness Image File | *.s01 |
Single Image Unix / Linux DD / Raw |
*.dd , *.img , *.raw
|
ISO Image File | *.iso |
AccessData Image File | *.ad1 |
ย
๐งฑ Built With
- pytsk3 - Python bindings for the SleuthKit
- libewf-python - Library to access the Expert Witness Compression Format (EWF)
- PySide6 - Used for the GUI components.
- Arsenal Image Mounter - For mounting forensic disk images.
ย
๐ Explore TRACE on GitHub:
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit/?abc
ย
Socials ๐จโ๐ป
This content originally appeared on DEV Community and was authored by RG
RG | Sciencx (2024-08-30T18:05:50+00:00) [Open Source] ๐ TRACE: Toolkit for Retrieval and Analysis of Cyber Evidence ๐. Retrieved from https://www.scien.cx/2024/08/30/open-source-%f0%9f%9a%80-trace-toolkit-for-retrieval-and-analysis-of-cyber-evidence-%f0%9f%9a%80/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.