dfDewey is a digital forensics string extraction, indexing, and searching tool.
| .github/workflows | ||
| dfdewey | ||
| docker | ||
| docs | ||
| test_data | ||
| .gitignore | ||
| .pylintrc | ||
| .style.yapf | ||
| CONTRIBUTING.md | ||
| dfvfs_requirements.txt | ||
| LICENSE.txt | ||
| README.md | ||
| requirements.txt | ||
| run_tests.py | ||
| setup.py | ||
dfDewey
dfDewey is a digital forensics string extraction, indexing, and searching tool.
Requirements
dfDewey currently requires bulk_extractor for string extraction. bulk_extractor can be downloaded and built from source here: https://github.com/simsong/bulk_extractor
bulk_extractor can also be installed from the GIFT PPA.
sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y bulk-extractor
Elasticsearch and PostgreSQL are also required to store extracted data.
These can be installed separately or started in Docker using docker-compose.
cd dfdewey/docker
sudo docker-compose up -d
Note: To stop the containers (and purge the stored data) run
sudo docker-compose down from the dfdewey/docker directory.
All other requirements are installed with:
python setup.py install
Note: It's recommended to install dfDewey within a virtual environment.