dfDewey is a digital forensics string extraction, indexing, and searching tool.
.github/workflows | ||
dfdewey | ||
docker | ||
docs | ||
test_data | ||
.gitignore | ||
.pylintrc | ||
.style.yapf | ||
CONTRIBUTING.md | ||
dfvfs_requirements.txt | ||
LICENSE.txt | ||
README.md | ||
requirements.txt | ||
run_tests.py | ||
setup.py |
dfDewey
dfDewey is a digital forensics string extraction, indexing, and searching tool.
Requirements
dfDewey currently requires bulk_extractor for string extraction. bulk_extractor can be downloaded and built from source here: https://github.com/simsong/bulk_extractor
bulk_extractor can also be installed from the GIFT PPA.
sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y bulk-extractor
Elasticsearch and PostgreSQL are also required to store extracted data.
These can be installed separately or started in Docker using docker-compose
.
cd dfdewey/docker
sudo docker-compose up -d
Note: To stop the containers (and purge the stored data) run
sudo docker-compose down
from the dfdewey/docker
directory.
All other requirements are installed with:
python setup.py install
Note: It's recommended to install dfDewey within a virtual environment.