franckferman/DataDetective

🕵️‍♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.

🕵️‍♂️ DataDetective

Unlock the story hidden in data.
Your digital investigation partner.

📘 Explore the full documentation · 🐞 Report Bug · 🛠️ Request Feature

📖 About

DataDetective: Advanced forensic analysis.

DataDetective, a Python tool designed to extract pertinent files for forensic analysis from EWF disk images, represents a pivotal advancement in digital investigation.

In a landscape where the extraction of valuable data from complex disk images is paramount, DataDetective emerges as a beacon of efficiency and precision. As traditional methods falter in the face of evolving forensic challenges, DataDetective stands ready to navigate the intricate labyrinth of digital evidence, offering investigators a reliable means to uncover crucial insights and facilitate comprehensive analysis.

🚀 Installation

Before diving into the installation process, ensure you meet the following prerequisites.

Prerequisites

1. Python 3: Ensure Python 3 is installed on your system before initiating the installation process.

2. SluthKit : DataDetective incorporates essential tools like SluthKit.

3. Regripper : DataDetective relies on crucial tools such as Regripper.

Installation

git clone https://github.com/franckferman/DataDetective.git

List of command

❔ Get Help:

python3 DataDetective.py -h

⚖️ Check Image Integrity:

python3 DataDetective.py -i image.ewf --check-image

📋 List Image Partitions:

python3 DataDetective.py -i image.ewf --show-partitions

📁 List Partitions Files:

python3 DataDetective.py -i image.ewf --show-files
python3 DataDetective.py -i image.ewf --show-files -r # For recursivity

🗂️ Show a specific directory:

python3 DataDetective.py -i image.ewf --show-dir DIR_NAME

🔎 Extract data:

python3 DataDetective.py -i image.ewf -e ALL -o /path/for/output