BFIP 4.3 is here! There’s several big changes and improvements to cover.
Here’s some of the biggest improvements!
Formally referred to BFIP4Griffeye, the evolution of the tool called for a minor rethink and rebrand of the tool.
But as BFIP has evolved from originally just front-end automation tool for the Analyze CLI, to having a full-blown standalone Forensic Image Processor and Carver, the branding needed some updates to reflect the current and future features.
Now referred to as simply, BFIP, the tool still includes all the same integrations and support for Griffeye Analyze and the Griffeye Processing Engine as before!
New Advanced Source Processing Menu/Workflow
Allows for highly granular control of Source ID names and the use of various Processing Modes all in a single run. For example, say you have 3 forensics images but want to do different levels of processing on them. Now you can use Lace for Item 1, use Breakpoint Processing Engine for Item 2, and just do a Standard Import for Item 3, or any combination of these.
Using the new Advanced Source Process Queue is very easy!
- Enable Advanced Source Setup Checkbox:
Checking this box disables the basic Processing Mode Radial buttons and overrides the single processing mode workflow. Three new buttons are added to manage to build and manage the Advanced Source Setup Queue (‘Scan Source Folder”, “Edit Queue”, and “Reset Queue”).
- Forensic Images/JSON Source Folder:
Select the parent folder for where your specific cases forensic images and/or JSON packages are stored.
- Scan Source Folder
BFIP will intelligently search the specified folder and all subfolders for supported forensic images, as well as JSON packages. Any located forensic images/JSONs will then be displayed in a new window that will be automatically generated and filled with the located, supported sources.
A Tour of the Advanced Source Queue Configuration Window
This new window will have 4 primary fields available to customize for each located source:
Import Checkbox: Place a checkbox next to any source you want to be included in the carving/import process. Any item that is unchecked will be completely removed from the current queue and no further processes will be conducted on it.
Processing Mode: Select the preferred processing mode/engine you’d like to use for the specific forensic image. A mix of Processing modes/engines can be utilized and different sources can use different/unique processing engines depending on the needs of the examiner level of processing required.
Source ID: Source ID’s for each forensic image will be initially auto-generated based on the forensic image’s filename with the extension stripped, however they can now be individually edited and customized.
Source Path: The unique source path for each file will be shown in this field automatically.
Add to Queue
After customizing processing mode selections, Source ID selection, etc., select ‘Add to Queue’, and the New Advanced Source Queue Status Bar will update to reflect the added sources.
Adding additional files to queue (Optional):
The examiner may repeat this workflow adding a different ‘Source Folder’ to scan, pressing ‘Scan Source Folder’, and adding files to the queue multiple times. This allows for stacking multiple sources scattered amongst several different folder locations to a single queue.
Refreshed UI and reorganization to several UI elements for better user experience.
- You’ll also notice several UI changes, from the organization of several elements, to refreshed graphics.
- The UI changes include a big improvement to processing status. There’s a Brand new per thread status section in UI providing detailed per source status when conducting Hyper-Carves of several sources.
- There’s several other minor improvements and fixes. The full changelog and release notes are available here, and also noted in the updated User Manual.
BFIP V4 a3f75fd0b11ec9635fd2af97171029b4
BFIP V4 - User Manual 3763591672008c5954c8aedab9514a72