DFF: find and extract needles in the haystack – Part 3: Gimme a module

This post is the final one of the [DFF find and extract needles in the haystack](http://www.arxsys.fr/blog/2013/dff-extract-needle-haystack-part-1-graphical-way/) series. In the first article we described how to graphically create a query and detailed syntax of the search engine. In the second one, how to do the same through the Python interpreter. Now we are going to see […]

Comments Off on DFF: find and extract needles in the haystack – Part 3: Gimme a module Continue Reading →

DFF: find and extract needles in the haystack – Part 2: Let's script again

Yesterday, We published the first post in the DFF find and extract needles in the haystack series. The first post explained the basis of the syntax of the search engine and how to search files by creating a query graphically. In part two of the series, we detail how to script in DFF by customizing […]

Comments Off on DFF: find and extract needles in the haystack – Part 2: Let's script again Continue Reading →

DFF: find and extract needles in the haystack – Part 1: the graphical way

This article is the first one of a fascinating trilogy dedicated to Search, Filter and Extract functionnalities provided in DFF. This series will address: Part 1: The graphical way Part 2: Let’s script again Part 3: Gimme a module Examples presented in the three articles are all based on the dump m57-jean hosted on digitalcorpora.org. which […]

Comments Off on DFF: find and extract needles in the haystack – Part 1: the graphical way Continue Reading →

Virtual Machine disk forensics with DFF

For several years, virtual technologies have become more accessible and are now used in both professional and personal environments. Whatsoever free, Open Source tools or commercial softwares, people can in one click create one or many virtual systems within a physical computer. As a traditional computer these virtual machines can contain evidences of suspicious activities. […]

Time filtering

During a digital analysis, times information can have a major importance. Performing filtering based on timestamps can help reducing the scope of an analysis, and eliminate part of the elements who are not related to the investigation. These temporal data can come from a lot of different sources, such as: File systems timestamps EXIF metadata […]