BFIP4Griffeye V4 Release

May 24, 2022 admin 0 Comments

Bulk Forensic Image Processer for Griffeye – V4

Release Announcement

It’s been a few months since I release the first public release of BFIP V3.  V3 introduced the first steps in providing some automations and large efficiency gains in creating and importing numerous forensic images/JSONs into a Griffeye case.  It also provided an easy to use front-end for the Griffeye CLI and Griffeye Processing Engine.  In the few months since that release I’ve been hard at work refining the original features, and building a major addition to the tool.  After a lot of refining and internal testing I’m excited to share it with the Griffeye and DFIR community.

Here’s what new!

Breakpoint Processing Engine

New Processing Mode

·         Brand New Breakpoint Processing Engine option that can be used in lieu of Standard or Lace Imports.

o   Supports configurable Multithreaded Carving to handle multiple Forensic images simultaneously.

o   Conducts an intelligent Disk Analysis first and identifies each unique partition and file system type. Then conducts individual carves of each disk/partition.

o   Unallocated Carving Powered by PhotoRec.  Leverages the tried and true open-source PhotoRec, along with some new custom updates, resulting in a powerful file carving solution.

o   Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (i.e. Physical Location, Unallocated Status, etc.)

o   Automatically conducts final imports of carved data in addition to Standard Griffeye Import directly from forensic image, including Flagged Deleted.

o   Includes easy category based options for image, video, document, and archive carving.

o   Ability to optionally unpack image/videos/docs from recovered archives and also import them into Griffeye.

o   Using new Breakpoint Processing Engine, ability to now just conduct a Carve and JSON creation using 'Carve Only' Button.  Does everything except passing final JSON and forensic images to Griffeye.


Major UI Overhaul and New Menus

BFIP4Griffeye Interface
A Big New Look!
Breakpoint Processing Engine Options
Breakpoint Processing Engine Options
New Import Controls

o   Brand New Look and Layout

o   Addition of new 'Griffeye Import Settings' and ‘Lace Options’ menus.  Exposes some of the more common Griffeye and/or Lace settings you may want to adjust, and limits/eliminates prior need to use 'Custom Import Settings' JSON to adjust processing options.

o   Addition of tooltips to many elements in UI.

o   Several New Menus and Settings Options

o   Right-Click Menu Support for Cut, Copy, Paste functions.


BFIP 5 0e220339cfb817242971e8ce1475e45d

User Manual

BFIP V5 - User Manual 6e298d51820f508bfa76623dd0e92305