Linux / Unix compilation

Getting the source of DFF
There are two ways to obtain sources of DFF. Either you download the latest available g-zipped tarball on this page or you can get the sources from the GIT repository by using the following git command (required git to be installed):

git clone git://git.digital-forensic.org/dff.git
Compilation requirements

  • g++ compiler
  • Cmake (>= 2.8)
  • SWIG (>= 1.3.38)
  • Qt4 : libqtcore, libqtgui and qt4-dev-tools packages on Ubuntu (version 4 of Qt, do not use qt3 packages).
  • Python (>= 2.6) development libraries (depends on your operating system), 3.0 not supported for now (python-dev package on Ubuntu)
  • Python Qt4 bindings
  • PyQt development tools : pyqt4-dev-tools and python-qt4-dev packages (on Ubuntu)
  • optional :
    • fuse
    • libbfio separate installation required to have libpff working
    • libpff without shipped libbfio, install it after libbfio
    • libewf
    • afflib
    • Flex
    • Bison
Most of these packages can be installed through your distribution package manager. Please refer to their respective documentation.
Some distributions do not provide the required version of swig in their repository. If it is the case, you just have to download SWIG source code and then compile it: 

> tar zxf swig-1.3.40.tar.gz
> cd swig-1.3.40
> ./configure
[... this step can take some time ...]
> make
[... this step can take some time ...]
> sudo make install
[... this step can take some time ...]

Process of compilation

Based on the actual dff-X-src.tar.gz 

> tar zxf dff-src-X.tar.gz
> cd dff-X
> cmake .   //Do not forget the dot
[... this step can take some time ...]
> make
[... this step can take some time ...] 
> sudo make install
[... this step can take some time ...]

  • Based on the MASTER branch of the GIT repository

If you are going to compile DFF from the sources based on the GIT repository, you have the possibility to use another way to compile the project. It permits to distinguish build files from source files. 

> git clone git://git.digital-forensic.org/dff.git dff
> cd dff
> mkdir build
> cd build
> cmake -DINSTALL=1 ..   //Do not forget the dotdot
[... this step can take some time ...]
> make
[... this step can take some time ...] 
> sudo make install
[... this step can take some time ...]

Run requirements
  • hal package for local devices (Ubuntu 10.10)
Posted by Admin at 7:39 PM 0 comments
Labels:

DFF Installation in Windows

The installation of DFF on Microsoft Windows XP/Vista/7 32 and 64 bits
There are two packages for windows :
  • The first one contains all required dependencies (Python 2.7 and PyQt). It can be downloaded from here (about 52MiB big).
  • The second one (9MiB big), which can be downloaded from here, does not contain Python and PyQt, so you will need to install the two following dependencies before launching DFF installation :
    The form on DFF download page is OPTIONAL . If you do not wish to send any information, just leave it empty and directly click on the Download button.  
 Install DFF
  • Once you have download one of the installer, you can run it by double-clicking on it. The following window will be opened : 
Click on the Next button (or Cancel if you wish to cancel the installation).
  • On the next screen, you will be asked to accept the license terms.
 
If you disagree, click on Cancel to quit the installation, otherwise click on I agree.
  • Then select in which directory you want to install DFF (by default in C:\Program files\DFF)

Click on the Browse... button if you wish to change the installation directory (optional). Once you are done, click on the Next button.
  • You will be asked for the name of the shortcut you want to create in your Start -> programs menu (by default, Digital Forensics Framework).
 

You can rename it or chose an existing directory in the list. You can also check the Do not create shortcuts check-box to avoid creating shortcuts on your desktop.
  • Click on the Install button.
If you have chosen the installer with Python dependencies, read the following part Install Python and PyQT. Otherwise you can directly switch to the finish install part.

Install Python and PyQt 

  • You will be asked if you want to install Python.

  
Python 2.7 AND PyQt 4.8 (or superior) are required to run DFF, so click Yes if do not have already installed those dependencies. Otherwise you can click No and directly go to the finish install part.  


Click Yes on the pop-up, and then Next of the wizard.
  • PyQt wizard will be launched. 
 
Click next.
  • One more time, you will be asked to accept the license terms of PyQT. 

Click on I Agree if you agree with those terms. Otherwise, click Cancel to quit the installation.
  • Select which PyQt components you wish to install. 
 
 Note : Even though every components are selected on the screen-shot, the only ones which are required are Extensions modules (checked by default) and Qt runtime. Among the others, select the ones you are interested in. 
Then you can click next.
  • You will have to select in which directory you want ton install Python (C:\Python27 by default).
 
If you wish to change this directory, click on the Browse... button and select the new location. Once you are done you can click on Install.
  • Once this installation is finished, you can click on Finish.
 
Then you can chose to install the Microsoft DLL dependencies (required to run DFF).


Click on Yes if you want to install them. Wait during the installation.

Finish install DFF

Once the installation is finished, you can click on the Finish button.


You can now start using DFF (Digital Forensic Framework)
Posted by Admin at 3:20 AM 1 comments
Labels:

Install DFF on Gentoo Without ebuild

In order to compile and run DFF you will need to install some dependencies :
Use the following commands to get all these dependencies :
#> emerge -av cmake
#> echo ">=dev-lang/swig-1.3.38" >> /etc/portage/package.keywords
#> emerge -av swig
#> echo ">=dev-python/PyQt4-4.6" >> /etc/portage/package.keywords
#> emerge -av PyQt4
#> emerge -av app-forensics/libewf
#> emerge -av sys-fs/fuse
Posted by Admin at 9:42 AM 0 comments
Labels: ,

Install DFF on Gentoo

Install DFF on Gentoo Using ebuild
You can use layman to add the pentoo overlay which contain the ebuild, thanks to ikelos and pentoo team providing it ! Have a look at their trac for latest DFF version supported and changes comments.
If you don't have layman installed:

#> emerge layman
#> echo "source /var/lib/layman/make.conf" >> /etc/make.conf

Then add the pentoo overlay :

#> layman -a pentoo

Then you can emerge DFF and it's dependencies. DFF ebuild is masked for some architecture so, for example on x86 don't forget to unmask :

ACCEPT_KEYWORDS="~x86" emerge dff

or on an amd64 compatible architecture :

ACCEPT_KEYWORDS="~amd64" emerge dff
Posted by Admin at 9:14 AM 0 comments
Labels: ,

DFF Packaged Version

Windows

  • DFF 1.2.0 installer for Python 2.7
    dff-1.2.0.exe
    MD5: f27364643685a97b9b58aa9939c722f0
    Size: 9.91 MB
  • DFF 1.2.0 with Python and PyQt installers included
    dff-with-dependencies-1.2.0.exe
    MD5: 3b2f6981e9ecfd4b63b0ba0832ebed58
    Size: 56.26 MB

Linux

  • DFF 1.2.0 Ubuntu 64bits package for Python 2.6
    dff-1.2.0_amd64.deb
    MD5: e2c542b274496159e228ba6cc5ed5a49
    Size: 11.14 MB
  • DFF 1.2.0 Ubuntu 32bits package for Python 2.6
    dff-1.2.0_i386.deb
    MD5: 08087c511fd0cda95d6aa5d413a61e43
    Size: 11.09 MB

Sources

  • DFF 1.2.0 compressed sources tarball
    dff-src-1.2.0.tar.gz
    MD5: 5dffe5726041694add0084424f9e7480
    Size: 9.47 MB
  • DFF 1.2.0 zipped sources
    dff-src-1.2.0.zip
    MD5: eb93d8c133df148d69f78c05c515d5cf
    Size: 10.07 MB
Posted by Admin at 8:44 AM 0 comments
Labels:

Debian-based distribution

Debian, Ubuntu, Kbuntu, etc.
There are two different packages for Debian, depending on your architecture : 32 or 64 bits.
For 32 bits, download dff-1.2.0_i386.deb
For 64 bits, download dff-1.2.0_amd64.deb
If you do not wish to receive news about DFF just leave the form empty and directly click on the Download button.
You can install DFF using the command dpkg in a shell; or use the synaptic graphical (GUI) package helper and installer.
To install using synaptic, double click on the .deb package and synaptic will check your system for the required dependencies and install them, if required, prior to installing DFF.
 
To install via the command line (shell) with dpkg, you must first install the required dependencies before installing DFF. To install the dependencies via the command line (shell), use the following command:
#> aptitude -y install python-qscintilla2 python-qt4 python-magic python-qt4-phonon
Now you can use this command to install DFF, depending on your architecture :
#> if [ $(uname -m | grep '64') ]; then dpkg -i dff-1.2.0_amd64.deb; else dpkg -i dff-1.2.0_i386.deb; f
Posted by Admin at 8:39 AM 0 comments
Labels: ,

What is DFF ?

The Digital Forensics Framework (DFF) is each a digital investigation tool and a development platform. The framework is employed by system directors, law enforcement examinors, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it completely uses Open supply technologies.
DFF combines an intuitive user interface with a modular and cross-platform design.

What will it do ?
DFF consists of tools, libraries, modules, and user interfaces. the essential operate of the framework is to agregate data and methodologicaly analyze volumes, file systems, user and applications knowledge, whereas extracting metadata, deleted and hidden things. data are processed into virtual read-only containers, therefore preserving the integrity and authenticity of information.

Key DFF features
User Interface : File browser, bookmarks, dockable windows, Integrated Development Environment and interpreter (Python), command line, multilanguage, task manager.
  • Viewers : Images, videos, text, web, file systems statistics
  • Timeline analysis : Graphical view, virtual extraction and reduction, metadata filters
  • Hexadecimal viewer : Large files support, page navigation, pixel navigation and view, search ...
  • Volumes : Partitions, VMDK (Vmware)
  • Manipulation de fichiers : Cut, merge, extraction, spares reduction
  • Metadata : EXIF, datetime, data structures, etc.
  • Volatile memory : Windows XP (volatility)
  • File systems : FAT 12/16/32, NTFS, EXTFS 2/3/4  
  • Data recovery :   File systems algorithms, file carving 
  • Windows registry: Reconstruction and analysis
  • Other: Local devices, hash  (md5, sha*), zip, unxor
Posted by Admin at 8:16 AM 0 comments
Labels:
 
Copyright © 2011 DFF (Digital Forensics Framework) | High CTR Blogspot Themes designed by Ali Munandar | Powered by Blogger.Com.