Bulk Forensic Image Processor

Sticky Post July 25, 2024 admin 0 Comments

Latest Release: 5.31 — 12/19/2024

Download: BFIP 5.31

  • Read Full Release Changelog Here
  • *Important Compatibility Notice:

    Version 5.2 of BFIP requires Magnet Griffeye version 24.3.x or newer for full Griffeye integration/functionality.  Due to various path changes, prior versions such as 24.2.x or earlier will no longer be support starting with BFIP 5.2.  If you are using one of these legacy Griffeye versions, you may continue to the ‘Carve Only’ functionality that skips automated Griffeye imports, or use BFIP 5.1, which will remain available to download on breakpointforensics.com for legacy users.

BFIP is a powerful addition to your digital forensic toolbelt. Evolving significantly from its initial release, BFIP provides a number of features:

Automate case creation with the ability to bulk select multiple evidence sources and have it automatically locate sources, generate names, and process in one step. 
Includes exclusive Breakpoint Processing Engine. This provides additional forensic image processing options such as:
    • Multithreaded Parallel Carving of Forensic Images.
    • Support for extraction of allocated and unallocated files from common file-systems.
    • Additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
    • Simple, intuitive controls.
Provides streamlined GUI access to Griffeye Analyze and Griffeye Processing Engine CLI functionality.
  • GUI-based mode selection and settings, for either Standard Process (allocated files only), LACE Carver Processing, or Breakpoint Processing Engine.
  • GUI-Integrated console output window with logging and processing feedback.

Breakpoint Processing Engine: A Closer Look

  • Breakpoint Processing Engine can be used in lieu of, or combined with Standard or Lace Imports.
  • HyperCarve – Supports configurable Multithreaded Carving to handle multiple Forensic images simultaneously.
  • Conducts an intelligent Disk Analysis first and identifies each unique partition and file system type. Then conducts individual carves of each disk/partition.
  • New! Automated native extraction of Allocated and Flagged Deleted Files using Breakpoint Processing Engine.
  • New! Direct API Integration with Griffeye Operations/Enterprise Collaboration Server
    • Unallocated Carving Powered by PhotoRec. Leverages the tried-and-true open-source PhotoRec, along with some new custom updates, resulting in a powerful file carving solution.
    • Includes additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
    • New Automated carving of APFS Snapshots for additional recovery of historic or deleted data.
    • Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (i.e., Physical Location, Unallocated Status, etc.)
    • Directly integrates with Griffeye Analyze DI Pro, and automatically conducts case creation, and final import of carved data in.
    • Includes easy category-based options for image, video, document, and archive carving.
    • Ability to optionally unpack image/videos/docs from recovered archives and also import them into Griffeye.
    • Using Breakpoint Processing Engine, ability to conduct a stand-alone Carve and JSON creation using ‘Carve Only’ Button. Does everything except passing final JSON and forensic images to Griffeye.

    Download:

    BFIP 5.31

    MD5:943925f200ac50765311b039078c654e

    BFIP V5 – User Manual

    Legacy Download:
    (For Griffeye 24.2.x or earlier)

    BFIP 5.1

    MD5:0e220339cfb817242971e8ce1475e45d