Skip to content

kkoha/fragmented-data-forensics

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
bin
bin
 
 
frag_insight
frag_insight
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
frag_insight.sln
frag_insight.sln
 
 
frag_insight.suo
frag_insight.suo
 
 

Repository files navigation

frag_insight

by Jungheum Park

frag_insight is a tool for fragmented data forensics.

Supported platforms

  • Windows (VS 2010 project, written in C++ and MFC)

Quick start

Clone the git repo https://github.com/jungheum/fragmented-data-forensics.git or download it

Execute frag_insight to analyze an image file

frag_insight  'target image'  'pagesize'  'output path'

Examples of usage

frag_insight  c:\\image1.dd   2048   c:\\output1
frag_insight  imageUnlloca    4096   outputPath

Features

Target

  • Flash memory image (fragmented pages)
  • Unallocated area of file system

Features

  • Page classification

    • hash-based classification (deduplication)
    • meta page classification
      • it supports the YAFFS and EXT4 file system
    • statistical classification
    • file format classification
      • it supports file formats such as SQLite, XML, HTML, TEXT, etc.

  • Page analysis

    • format-based data analysis
      • this tool analyzes SQLite header / record

License

DFRC@KU

Feedback

Please submit feedback via the frag_insight tracker

Author: Jungheum Park ([email protected])

About

fragmented-data-forensics

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C++ 83.5%
  • C 16.5%