Bulk Forensic Image Processer for Griffeye – V4
It’s been a few months since I release the first public release of BFIP V3. V3 introduced the first steps in providing some automations and large efficiency gains in creating and importing numerous forensic images/JSONs into a Griffeye case. It also provided an easy to use front-end for the Griffeye CLI and Griffeye Processing Engine. In the few months since that release I’ve been hard at work refining the original features, and building a major addition to the tool. After a lot of refining and internal testing I’m excited to share it with the Griffeye and DFIR community.
Here’s what new!
Breakpoint Processing Engine
· Brand New Breakpoint Processing Engine option that can be used in lieu of Standard or Lace Imports.
o Supports configurable Multithreaded Carving to handle multiple Forensic images simultaneously.
o Conducts an intelligent Disk Analysis first and identifies each unique partition and file system type. Then conducts individual carves of each disk/partition.
o Unallocated Carving Powered by PhotoRec. Leverages the tried and true open-source PhotoRec, along with some new custom updates, resulting in a powerful file carving solution.
o Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (i.e. Physical Location, Unallocated Status, etc.)
o Automatically conducts final imports of carved data in addition to Standard Griffeye Import directly from forensic image, including Flagged Deleted.
o Includes easy category based options for image, video, document, and archive carving.
o Ability to optionally unpack image/videos/docs from recovered archives and also import them into Griffeye.
o Using new Breakpoint Processing Engine, ability to now just conduct a Carve and JSON creation using 'Carve Only' Button. Does everything except passing final JSON and forensic images to Griffeye.
Major UI Overhaul and New Menus
o Brand New Look and Layout
o Addition of new 'Griffeye Import Settings' and ‘Lace Options’ menus. Exposes some of the more common Griffeye and/or Lace settings you may want to adjust, and limits/eliminates prior need to use 'Custom Import Settings' JSON to adjust processing options.
o Addition of tooltips to many elements in UI.
o Several New Menus and Settings Options
o Right-Click Menu Support for Cut, Copy, Paste functions.