DFF 介绍

DFF(数字取证框架)是建立在一个专用的应用程序编程接口(API)之上的自由和开放源码计算机取证软件。

它可以通过专业的和非专业的人才能使用既方便快捷地收集,保存和显示数​​字证据而不影响系统和数据。

资料来源:http://www.digital-forensic.org/
DFF 首页
DFF 源代码版本库

包含在DFF里的工具

DFF - 数字取证框架

:~# dff -h
DFF
Digital Forensic Framework

Usage: /usr/bin/dff [options]
Options:
  -v      --version                  display current version
  -g      --graphical                launch graphical interface
  -b      --batch=FILENAME       executes batch contained in FILENAME
  -l      --language=LANG            use LANG as interface language
  -h      --help                     display this help message
  -d      --debug                    redirect IO to system console
          --verbosity=LEVEL          set verbosity level when debugging [0-3]
  -c      --config=FILEPATH          use config file from FILEPATH

dff-gui - 数字取证框架GUI

数字取证框架 - GUI。

dff-gui 示例

:~# dff-gui

BeEF

dff 示例

:~# dff
loading modules in /usr/lib/python2.7/dist-packages/dff/modules
[OK]    loading load v1.0.0
[OK]    loading link v1.0.0
[OK]    loading ls v1.0.0
[OK]    loading find v1.2.0
[OK]    loading batch v1.0.0
[OK]    loading history v1.0.0
[OK]    loading fg v1.0.0
[OK]    loading jobs v1.0.0
[OK]    loading cd v1.0.0
[OK]    loading show_db v1.0.0
[OK]    loading show_cwd v1.0.0
[OK]    loading open v1.0.0
[OK]    loading man v1.0.0
[OK]    loading info v1.0.0
[OK]    loading fileinfo v1.0.0
[OK]    loading carverui v1.0.0
[OK]    loading CARVER v1.0.0
[OK]    loading carvergui v1.0.0
[OK]    loading fileschart v1.0.0
[OK]    loading volatility v1.0.0
[OK]    loading PFF using old style module check
[OK]    loading FUSE v1.0.0
[OK]    loading extract v1.0.0
[OK]    loading DEVICES v1.0.0
[OK]    loading LOCAL v1.0.0
[OK]    loading EWF v1.0.0
[OK]    loading AFF v1.0.0
[OK]    loading hash v1.0.0
[OK]    loading merge v1.0.0
[OK]    loading cut v1.0.0
[OK]    loading split v1.0.0
[OK]    loading FATFS v1.0.0
[OK]    loading spare v1.0.0
[OK]    loading NTFS v0.5.1
[OK]    loading EXTFS v1.0.0
[OK]    loading VMWARE v1.0.0
[OK]    loading PARTITION v1.0.0
[OK]    loading sqlitedb v1.0.0
[OK]    loading imageviewer v1.0.0
[OK]    loading textviewer v1.0.0
[OK]    loading player v1.0.0
[OK]    loading videothumbnailviewer v1.0.0
[OK]    loading web v1.0.0
[OK]    loading timeline v1.0.0
[OK]    loading hexeditor v1.0.0
[OK]    loading regedit v1.0.0
[OK]    loading binarydiff v1.0.0
[OK]    loading lnk v1.0.0
[OK]    loading prefetch v1.0.0
[OK]    loading compound v1.0.0
[OK]    loading metaexif v1.0.0

##########################################
# Welcome on Digital Forensics Framework #
##########################################

dff / >