BFIP is a powerful addition to your digital forensic toolbelt. Evolving significantly from its initial release, BFIP provides a number of features:
Provides streamlined GUI access to Griffeye Analyze and Griffeye Processing Engine CLI functionality.
- GUI-based mode selection and settings, for either Standard Process (allocated files only), LACE Carver Processing, or Breakpoint Processing Engine.
- GUI-Integrated console output window with logging and processing feedback.
Automate case creation with the ability to bulk select multiple evidence sources and have it automatically located sources, generate names, and process in one step.
Includes exclusive Breakpoint Processing Engine. This provides additional forensic image processing options such as:
Multithreaded Parallel Carving of Forensic Images.
Additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
Simple, intuitive controls.
Breakpoint Processing Engine: A Closer Look
- Breakpoint Processing Engine can be used in lieu of Standard or Lace Imports.
- HyperCarve – Supports configurable Multithreaded Carving to handle multiple Forensic images simultaneously.
- Conducts an intelligent Disk Analysis first and identifies each unique partition and file system type. Then conducts individual carves of each disk/partition.
- Unallocated Carving Powered by PhotoRec. Leverages the tried and true open-source PhotoRec, along with some new custom updates, resulting in a powerful file carving solution.
- Includes additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
- Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (i.e., Physical Location, Unallocated Status, etc.)
- Automatically conducts final imports of carved data in addition to Standard Griffeye Import directly from forensic image, including Flagged Deleted.
- Includes easy category-based options for image, video, document, and archive carving.
- Ability to optionally unpack image/videos/docs from recovered archives and also import them into Griffeye.
- Using Breakpoint Processing Engine, ability to conduct a stand-alone Carve and JSON creation using ‘Carve Only’ Button. Does everything except passing final JSON and forensic images to Griffeye.
Categories: