dfdewey/README.md

# dfDewey
dfDewey is a digital forensics string extraction, indexing, and searching tool.

<img src="https://user-images.githubusercontent.com/52063018/101560727-fc827900-3a17-11eb-93a1-f2a0589b6b6b.png" width="240" />

[Usage](docs/usage.md)

## Requirements
### bulk_extractor
dfDewey currently requires bulk_extractor for string extraction.

bulk_extractor can be installed from the GIFT PPA.

```shell
sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y bulk-extractor
```

bulk_extractor can also be downloaded and built from source here:
https://github.com/simsong/bulk_extractor

Note: bulk_extractor v2.0.3 or greater is required.

### dfVFS
[dfVFS](https://github.com/log2timeline/dfvfs) is required for image parsing. It
can be installed from the GIFT PPA.

```shell
sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y python3-dfvfs
```

It can also be installed using pip:

```shell
pip install -r dfvfs_requirements.txt
```

### Datastores
OpenSearch and PostgreSQL are also required to store extracted data.
These can be installed separately or started in Docker using `docker-compose`.

```shell
cd docker
sudo docker-compose up -d
```

Note: To stop the containers (and purge the stored data) run
`sudo docker-compose down` from the `docker` directory.

dfDewey will try to connect to datastores on localhost by default. If running
datastores on separate servers, copy the config file template
`dfdewey/config/config_template.py` to `~/.dfdeweyrc` and adjust the server
connection settings in the file. You can also specify a different config file
location on the command line using `-c`.

## Installation

```shell
python setup.py install
```

Note: It's recommended to install dfDewey within a virtual environment.
Add usage doc 2020-04-15 16:58:28 +10:00			`# dfDewey`
Update readme 2020-03-27 11:04:00 +11:00			`dfDewey is a digital forensics string extraction, indexing, and searching tool.`
Readme 2019-09-25 15:36:17 +10:00
Logo 2020-12-09 12:14:09 +11:00			`<img src="https://user-images.githubusercontent.com/52063018/101560727-fc827900-3a17-11eb-93a1-f2a0589b6b6b.png" width="240" />`
Logo 2020-12-09 10:51:08 +11:00
Add usage doc 2020-04-15 16:58:28 +10:00			`[Usage](docs/usage.md)`

			`## Requirements`
Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`### bulk_extractor`
Update readme 2020-03-30 11:28:54 +11:00			`dfDewey currently requires bulk_extractor for string extraction.`
Update readme 2020-07-17 11:26:19 +10:00
Add image reparse and deletion functions (#31) * Update readme for bulk_extractor v2.0.0 * Update docker image to Ubuntu 20.04 * Parse filesystem before string extraction * Refactor postgres datastore code * Add reparse option * Add option to delete image data * Update usage * Update version 2022-06-03 15:35:43 +10:00			`bulk_extractor can be installed from the GIFT PPA.`
Update readme 2020-07-17 11:26:19 +10:00
			```shell
			`sudo add-apt-repository ppa:gift/stable`
			`sudo apt update`
			`sudo apt install -y bulk-extractor`
			```
Update readme 2020-03-30 11:28:54 +11:00
Add image reparse and deletion functions (#31) * Update readme for bulk_extractor v2.0.0 * Update docker image to Ubuntu 20.04 * Parse filesystem before string extraction * Refactor postgres datastore code * Add reparse option * Add option to delete image data * Update usage * Update version 2022-06-03 15:35:43 +10:00			`bulk_extractor can also be downloaded and built from source here:`
			`https://github.com/simsong/bulk_extractor`

Updates for bulk_extractor v2.0.3 (#33) Slight change to command line arguments for bulk_extractor v2 2023-10-16 11:29:26 +11:00			`Note: bulk_extractor v2.0.3 or greater is required.`
Add image reparse and deletion functions (#31) * Update readme for bulk_extractor v2.0.0 * Update docker image to Ubuntu 20.04 * Parse filesystem before string extraction * Refactor postgres datastore code * Add reparse option * Add option to delete image data * Update usage * Update version 2022-06-03 15:35:43 +10:00
Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`### dfVFS`
typo in readme 2022-02-07 14:00:34 +01:00			`[dfVFS](https://github.com/log2timeline/dfvfs) is required for image parsing. It`
Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`can be installed from the GIFT PPA.`

			```shell
			`sudo add-apt-repository ppa:gift/stable`
			`sudo apt update`
			`sudo apt install -y python3-dfvfs`
			```

			`It can also be installed using pip:`

			```shell
			`pip install -r dfvfs_requirements.txt`
			```

			`### Datastores`
Migrate to OpenSearch (#27) * Migrate to OpenSearch * Minor fixes to support Python 3.6 2021-12-20 11:08:29 +11:00			`OpenSearch and PostgreSQL are also required to store extracted data.`
Update readme 2020-07-17 11:26:19 +10:00			These can be installed separately or started in Docker using `docker-compose`.

			```shell
Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`cd docker`
Update readme 2020-07-17 11:26:19 +10:00			`sudo docker-compose up -d`
			```

			`Note: To stop the containers (and purge the stored data) run`
Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`sudo docker-compose down` from the `docker` directory.
Update readme 2020-03-30 11:28:54 +11:00
Add documentation for datastore config 2021-10-15 09:42:03 +11:00			`dfDewey will try to connect to datastores on localhost by default. If running`
			`datastores on separate servers, copy the config file template`
			`dfdewey/config/config_template.py` to `~/.dfdeweyrc` and adjust the server
			`connection settings in the file. You can also specify a different config file`
			location on the command line using `-c`.

Docker changes for k8s deployment 2021-09-08 14:35:57 +10:00			`## Installation`

			```shell
			`python setup.py install`
			```
Update readme 2020-11-26 14:09:35 +11:00
			`Note: It's recommended to install dfDewey within a virtual environment.`