Computers are complicated, and diving into its depth in order to trace a crime or illegal activited done through them is definetly a more complicated issue, especially with the significant rise in digital crimes in the past two decades. That’s why forensical tools are crucial to any forensics analysts, they provide a precise and reliable information that is extracted from the questioned computer that participated in an illegal activity, these extracted information are used in court to identify and prosecute digital criminals. Therefore, these tools must be reliable and verified as their output will shape the life of uncountable number of people, either they are criminals or innocent and their families. Forensics tools fields are near endless, that’s why these tools are often targetted towards specific forensic function, but some tools have a general-purpose function of collecting the most used functions into one program, and the tool in this project lies under this category. Mini forensics tool is a simple tool that provides basic functionalities for finding files’ indoes, finding files by inodes, tracing network packets, reading network trace files, and performing a bit-by-bit backup files (extra functionality).
- Find the inode number of a file
- Find the file the belongs to specific inode
- Take a bit-by-bit image for a drive (possibly a flash disk)
- Read a network trace file
- Make a packet capture from network device
Note: This code only supports Linux distributions.
- Download the Project as ZIP file from GitHub
- Extract the ZIP file
- In the project directory, open the terminal and run the following code
python3 main.py