DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
It can be used both by professional and non-expert in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.
- Read local drivers or disk images (raw, ewf, aff); reconstruct classical or virtual volumes; mount file systems (FAT 12/16/32, NTFS with ADS support, EXTFS 2/3/4); perform system analysis (Microsoft Windows registry, Mailboxes, etc.); metadata extraction (file system structures, accessed/modified/created times, pictures, etc.)
- DFF integrates the Volatility Memory Framework. So you can easyly list processes, open connexions and files, loaded libraries, etc.
- Recover deleted, hidden or damage data from FAT, NTFS and EXTFS file systems. Highlight slack and unused spaces so you won’t miss any piece of information. DFF also provides a graphical and customizable carving engine based on file signatures.
- Quickly reveal clues thanks to the powerful search engine based on lucen library. You can search and filter by keywords and dictionnaries, regular expressions, fuzzy matching, mime types, extensions and deep filter metadata.
- Preview data (hexadecimal, images, documents, videos, etc.); browse file and directory content; preview file content in a gallery; use a dynamic window system; tag and bookmarks elements; use an interface with your mother tongue (fr, us, br, de, etc.); use a command line interface.
- Create your own modules and scripts: Object Oriented Programming libraries (both Python and C++); search library; Virtual File System library; easyly reconstruct and reorder memory blocks; task manager; Integrated Development Environment; attributes management.
Windows 7 , Vista , XP
Linux Debian , Ubuntu