Tools

BFIP (Bulk Forensic Image Processor)

BFIP (Bulk Forensic Image Processor) is a free forensic workflow tool designed to simplify large-scale media processing, evidence ingestion, and VICS-compatible package creation.

 

BFIP helps examiners process forensic images, existing VICS JSON packages, and mobile filesystem extraction ZIPs through a streamlined visual interface. It can automate source queueing, file extraction, carving, metadata preservation, VICS JSON generation, and Griffeye case workflows without requiring scripting or command-line work.

 

At the center of BFIP is the Breakpoint Processing Engine (BPE), which supports extraction and carving from allocated, deleted, and unallocated space, including APFS support, embedded media recovery, archive expansion, and automated VICS-compatible output.

 

BFIP V6 also adds the Breakpoint Mobile Processing Engine, allowing supported mobile extraction ZIPs to be processed into review-ready VICS packages while preserving available paths, filenames, timestamps, hashes, and file sizes.

 

BFIP can run standalone in Carve Only mode or integrate Griffeye CLI/APIs with:

  • Griffeye Advanced 
  • Griffeye Processing Engine
  • Griffeye Operations/Enterprise Collaboration Server

 

Read More…

  • **BFIP 6 or newer requires Griffeye Magnet 24.3.x or newer for full Griffeye integration.

 

Current Release:
Version 6.0
6/23/2026
Download:
BFIP 6.0
MD5:
10237d82ad81ebb73aa4a7631cbd951b

Changelog

 

 

 
Legacy Release:
  • **For Griffeye Analyze DI 24.2.x or earlier.
Version 5.1
2/29/2024
Download:
BFIP 5.1
MD5:0e220339cfb817242971e8ce1475e45d

 

 

Browser Password Scraper
Browser Password Scraper – A portable Windows utility that extracts saved credentials from Chrome (v10/v20), Edge, Brave, Vivaldi, Opera, and Firefox without requiring user passwords.
Ideal for live triage or post-acquisition analysis when access to a logged-in user profile is available.

Read More…

 

Current Release:
Version 1.3
06/26/2025
Download:
Browser Password Scraper
MD5:
560df3119039e2e87691a54dbea3e31e

Changelog

FastHash

Simple multithreaded MD5 file hashing utility.

 

3 Different Processing Options:
1.Drop the executable in a directory of files and/or folders you want to process and then simply run FastHash. It will recursively process the hash values of all files in the same directory and any subdirectories. 
2.Drag and drop a folder containing any files you want to hash onto the FastHash executable, and it will recursively hash all files in the folder/subfolders.
3.Drag and drop a single file onto the FastHash executable, and it will hash just that file.
 
Results are then saved to both simple text file and more detailed CSV.
Current Release:
Version 1.2
2/22/2024
Download:
FastHash
MD5:
f76f0b86cbd5eebef9c84ffa6441e2ec
FileSifter
FileSifter is a digital forensics live-triage collection tool designed for deployment across multiple OS platforms including Windows, MacOS, and Linux.

Primary Features

-Live File Collection to either ZIP or TAR packages, and/or VICS JSON Packages.
-Keyword Filtering function.  Allows import of custom keyword dictionary file that when enabled will only collect files with match in keyword list.
-Easy targeting of files/folders to be collected using simple user interface and case setup.
-Support for targeted collection of Image, Video, Archives, and/or Documents and packaging into VICS JSON evidence package for easy import and review into tools such as Griffeye Analyze.
-Automatically generates CSV report for all files collected storing original metadata such as MAC times, paths, etc.
-Forensically sound. When FileSifter is executed from a forensic collection drive, program data, reports, and other generated data is only saved to the examiners connected drive.
Current Release:
Version 1.3.7
1/2/2023
Description

Changelog

Download:
FileSifter(Windows)
MD5: 7718934bab41dd0172bae67c9ced4fb4
FileSifter(MacOS)
MD5:3e43c535fec3d68ffedca4f15ec6ba15
FileSifter(Linux)
MD5:35653d2453875033b5fd398d46813723
FileSifter – User Manual
MD5:4f3240337b90b1adfd954f5a5e0a65e4
GK Password Parser
Simple utility that parses either the passwords text file, or PC History file, generated from IOS Graykey dumps. 
Password List:
The passwords file is parsed based on user selectable minimum/maximum password size, and a simple trimmed and sorted list of passwords is generated.
Quickly pair down what can be a very large list of data, filled with long complex tokens, and identify the clear-text passwords immediately.     
Passcode History:
Ingests the Passcode History file generated from Graykey Full Filesystem extractions and automates the ability to brute-force the historic 4/6 digit pin-codes using an integrated version of Hashcat.
Current Release:
Version 1.6 — 09/03/2025 
Download:
GK Password Parser
MD5:
f4171ac280cc99ebcaaa2a2debfb9cf3
1.6 Changelog

 

NSRL RDSv3 Hash Converter

Breakpoint NSRL Converter

Supporting all NSRL hash distribution sizes (full, minimal, or delta)
Breakpoint NSRL Converter is a modern rewrite of the original NSRLConvert utility first introduced by AskClees, purpose-built to streamline forensic workflows by extracting usable hash sets from the massive SQLite-based NIST NSRL databases. Instead of forcing forensic tools to parse the full 120GB+ SQLite files—often resulting in long delays or outright import failures—Breakpoint NSRL Converter pulls just the essential hash values (MD5 or SHA1) and exports them in lightweight .txt or Project VIC-style .json formats.
Provided in an easy-to-use executable package, as well as open-sourced Python code.

🔍 Why use Breakpoint NSRL Converter?

  • Reduces hash file size drastically for faster, more reliable importing into tools like Griffeye, Autopsy, AXIOM, and others.
  • Eliminates import failures caused by unsupported or oversized SQLite hash sets.
  • 🔄 Supports both MD5 and SHA1 extraction, with user-selectable formats.
  • 📦 Supports NSRL delta releases, allowing investigators to process incremental updates without re-processing the full database.
  • 🧠 Automatically detects NSRL format (full, minimal, or delta) and adapts processing accordingly—even correcting common input mistakes.
  • 📦 JSON export supports Project VIC structure, for maximum flexibility.

Whether you’re filtering out known-good system files or preparing targeted hash sets, Breakpoint NSRL Converter ensures compatibility, efficiency, and results you can count on.

Current Release:
Version 1.3
1/9/2026
Changelog
Downloads:
NIST NSRL Hash Converter
MD5: afd33a77ef801fdffcff7419419a06c5

Source Code

Command Syntax:
BreakpointNSRLConverter.exe [input database] [outputFilePath] [hash_type] [output_format]
hash_type is optional; use 'md5' (default) or 'sha1'
output_format is optional; use 'text' (default) or 'json' (Project VIC)
PackNHash Auto Archiver
Auto Archiving Utility to bulk archive, validate, hash, and prep complex project folder structures to individual archives.
  • GUI driven for easy configuration.
  • Generates unique logs for each case folder containing:
    • Full directory listing
    • File integrity verifications logs
    • Hashing of generated archives
Current Release:
Version 4.5
5/7/2025
Downloads:
PacknHash Auto Archiver
MD5:
33e25051108da087117dc4e634bf3599
PackNHash 4 User Guide

Changelog

More Information

Samsung Secure Health Data Parser
The Samsung Secure Health Data Parser is a forensic tool designed to extract and analyze data from Samsung Health databases. With the increasing importance of health-related data in digital forensics, this tool simplifies the process of extracting critical information, such as exercise data, step counts, and live activity tracking, stored in Samsung Health databases.

The tool offers both a GUI and command-line interface, making the secure Samsung Health database listed below, accessible to forensic investigators.
/data/data/com.sec.android.app.shealth/databases/SecureHealthData.db

GUI driven for easy use.

  • +Opensource

  • +GUI or CLI

  • +Polished HTML and Excel Reports

SHealthDBParser.exe

Source Code

MD5 Verification: f5195cc46b42200543ca4593369cecae

Read More

VICS JSON Builder
Provides a standalone version of the VICS JSON Utility from BFIP4Griffeye.
Ingests standard output from BFIP and/or PhotoRec and builds a VICS compliant JSON for import into tools such as Griffeye. 
Can be used independently from BFIP4Griffeye to manually generate a VICS compliant JSON from contents of folder.
Includes Universal VICS JSON Format Cleaning tool.  Corrects JSON file formatting by adding missing line-breaks and indentation for easier viewing. 
  • GUI driven for easy use.
  • Opensource

jsonbuilder3.exe

Source Code

MD5 Verification: c91472f17f2d5343a6f1ce20ab02edf7

VICS JSON Splitter
Simple utility to automate splitting Project VIC style JSON’s into smaller segments.
  • GUI driven for easy use.

vics_splitter_0.3.exe

 

MD5 Verification: f8b52a056e7da82c02a88622938de724

Support Request