DFIR Tools - Breakpoint Forensics

BFIP (Bulk Forensic Image Processor)

Exclusive Breakpoint Processing Engine for automated carving, extraction, and VICS package generation of allocated, deleted, and unallocated media files.
Automate the processing of your media-based examinations at breakneck speeds!
GUI-based mode selection for either Standard Process (allocated files only), LACE Carver Processing, or Breakpoint Processing Engine.
Bulk ingestion of all forensic images/JSONs simply by designating the parent folder that contains them.
GUI-Integrated console output window with logging and processing feedback.
Multithreaded Parallel Carving of Forensic Images.
Includes additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.
Option Mode for Griffeye Processing Engine (GPE) providing GUI-based interface to GPE, eliminating complex CLI commands.

GK Password Parser

PackNHash Auto Archiver

GUI driven for easy configuration.
Generates unique logs for each case folder containing:
- Full directory listing
- File integrity verifications logs
- Hashing of generated archives

VICS JSON Builder

GUI driven for easy use.
Opensource

Support Request

Tools

Exclusive Breakpoint Processing Engine for automated carving, extraction, and VICS package generation of allocated, deleted, and unallocated media files.

Automate the processing of your media-based examinations at breakneck speeds!

GUI-based mode selection for either Standard Process (allocated files only), LACE Carver Processing, or Breakpoint Processing Engine.

Bulk ingestion of all forensic images/JSONs simply by designating the parent folder that contains them.

GUI-Integrated console output window with logging and processing feedback.

Multithreaded Parallel Carving of Forensic Images.

Includes additional support for parsing forensic images containing APFS(Apple File System), with automated extraction of media files and import into Griffeye with no additional addon plugins required.

Option Mode for Griffeye Processing Engine (GPE) providing GUI-based interface to GPE, eliminating complex CLI commands.

Current Release:Version 4.4.111/04/2023

Download:

MD5:246772bb7867d4cfc7cc89d7717e39e6

Simple MD5 file hashing utility.

Drop the executable in a directory of files and/or folders you want to process and then simply run FastHash.

It will recursively process the hash value of all files in the same directory and any subdirectories.

Results are then saved to a simple text file.

Current Release:Version 1.011/06/2023

Download:

MD5:

23b16f9536493a1ba09b5e0e32969d8e

FileSifter is a digital forensics live-triage collection tool designed for deployment across multiple OS platforms including Windows, MacOS, and Linux.

Primary Features

-Live File Collection to either ZIP or TAR packages, and/or VICS JSON Packages.

-Keyword Filtering function. Allows import of custom keyword dictionary file that when enabled will only collect files with match in keyword list.

-Easy targeting of files/folders to be collected using simple user interface and case setup.

-Support for targeted collection of Image, Video, Archives, and/or Documents and packaging into VICS JSON evidence package for easy import and review into tools such as Griffeye Analyze.

-Automatically generates CSV report for all files collected storing original metadata such as MAC times, paths, etc.

-Forensically sound. When FileSifter is executed from a forensic collection drive, program data, reports, and other generated data is only saved to the examiners connected drive.

Current Release:Version 1.3.71/2/2023

Download:

MD5:78baa6e97681d927073d555d0ad85c11

MD5:3e43c535fec3d68ffedca4f15ec6ba15

MD5:35653d2453875033b5fd398d46813723

MD5:4f3240337b90b1adfd954f5a5e0a65e4

Simple utility that parses either the passwords text file, or PC History file, generated from IOS Graykey dumps.

Password List:

The passwords file is parsed based on user selectable minimum/maximum password size, and a simple trimmed and sorted list of passwords is generated.

Quickly pair down what can be a very large list of data, filled with long complex tokens, and identify the clear-text passwords immediately.

Passcode History:

Ingests the Passcode History file generated from Graykey Full Filesystem extractions and automates the ability to brute-force the historic 4/6 digit pin-codes using an integrated version of Hashcat.

Current Release:

Version 1.3 — 04/23/2023

Download:

MD5:dadc16a997df4ef8d34595ee5b899499

Auto Archiving Utility to bulk archive, validate, hash, and prep complex project folder structures to individual archives.

GUI driven for easy configuration.

Generates unique logs for each case folder containing:

Full directory listing

File integrity verifications logs

Hashing of generated archives

Provides a standalone version of the VICS JSON Utility from BFIP4Griffeye.

Ingests standard output from BFIP and/or PhotoRec and builds a VICS compliant JSON for import into tools such as Griffeye.

Can be used independently from BFIP4Griffeye to manually generate a VICS compliant JSON from contents of folder.

Includes Universal VICS JSON Format Cleaning tool. Corrects JSON file formatting by adding missing line-breaks and indentation for easier viewing.

GUI driven for easy use.

Opensource

Current Release:
Version 4.4.1
11/04/2023

Current Release:
Version 1.0
11/06/2023

Current Release:
Version 1.3.7
1/2/2023