BFIP is a powerful addition to your digital forensic toolbelt. Evolving significantly from its initial release, BFIP provides a number of features:
Automate case creation with the ability to bulk select multiple evidence sources and have it automatically locate sources, generate names, and process in one step.
Includes exclusive Breakpoint Processing Engine. This provides additional forensic image processing options such as:
-
-
Multithreaded Parallel Carving of Forensic Images.
-
Support for extraction of allocated and unallocated files from common file-systems.
-
Additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
-
Simple, intuitive controls.
-
Provides streamlined GUI access to Griffeye Analyze and Griffeye Processing Engine CLI functionality.
- GUI-based mode selection and settings, for either Standard Process (allocated files only), LACE Carver Processing, or Breakpoint Processing Engine.
- GUI-Integrated console output window with logging and processing feedback.
Breakpoint Processing Engine: A Closer Look
- Breakpoint Processing Engine can be used in lieu of, or combined with Standard or Lace Imports.
- HyperCarve – Supports configurable Multithreaded Carving to handle multiple Forensic images simultaneously.
- Conducts an intelligent Disk Analysis first and identifies each unique partition and file system type. Then conducts individual carves of each disk/partition.
- New! Automated native extraction of Allocated and Flagged Deleted Files using Breakpoint Processing Engine.
- Unallocated Carving Powered by PhotoRec. Leverages the tried-and-true open-source PhotoRec, along with some new custom updates, resulting in a powerful file carving solution.
- Includes additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
- New Automated carving of APFS Snapshots for additional recovery of historic or deleted data.
- Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (i.e., Physical Location, Unallocated Status, etc.)
- Directly integrates with Griffeye Analyze DI Pro, and automatically conducts case creation, and final import of carved data in.
- Includes easy category-based options for image, video, document, and archive carving.
- Ability to optionally unpack image/videos/docs from recovered archives and also import them into Griffeye.
- Using Breakpoint Processing Engine, ability to conduct a stand-alone Carve and JSON creation using ‘Carve Only’ Button. Does everything except passing final JSON and forensic images to Griffeye.
Categories: