Topic : Digital Forensics Framework Tutorial for Beginners 2021
Cyber-security is the main concern for many companies, as it protects them and their customers from any form of digital intrusion. It includes protection, detection, response and investigation.
Cyber-attack investigation is a crucial step in the process of mitigating damages and preventing future attacks. Today, cyber-attack investigators use intelligent tools and digital forensics processes to better track and understand these incidents.
Digital forensic processes cannot provide in-depth support to cyber-attack investigations. The reason being that there are insufficient details in the examination and analysis phases of the process, which is where the actual investigation takes place.
Digital Forensics has changed a lot in the past 25 years. In the age of early computers, digital evidence was mainly found in computers or servers. Nowadays, digital evidence is found on smartphones and storage devices as well.
The digital forensic process is difficult and time-consuming. It must be done correctly to get the most evidence possible.
Digital forensics tools can be categorised into many different types, such as database forensics, data and disk capturing, email analysis, file analysis, file viewers, internet analysis, mobile device analysis and network forensics.
It’s important to make sure you’re using the right tool for the job, and most tools do more than one thing. A recent trend in digital forensics tools are “wrappers” that package hundreds of specific technologies with different functionalities into one overarching toolkit.
What is Digital Forensics Framework?
Digital Forensics Framework is a computer forensics software built on top of a dedicated API and is available for free to download. It has all the tools you need to investigate computers, recover deleted files, find hidden data and more!
Digital Forensics Framework is a GUI program that provides a classical tree view and a set of features such as recursive view and live search. This allows you to remotely perform digital investigations.
It is also a command-line tool that includes many common shell functions, such as completion, task management, globing and keyboard shortcuts. Advanced users and developers can use DFF directly from a Python interpreter to script their investigation.
It uses a Python API framework and provides an easy-to-use interface for the analysis of forensic artifacts, which can be tailored to your needs.
It is designed to be used by both professionals and non-experts, so you can quickly collect, preserve, and reveal digital evidence without compromising your system.
Features of Digital Forensics Framework
- It preserves the digital chain of custody.
- It can access local and remote devices.
- It can read standard digital forensics file formats.
- Virtual machine disk reconstruction.
- It can be used for Windows and Linux Forensics.
- It can quickly triage and search for meta-data.
- It can recover hidden and deleted files and folders.
- Used for volatile memory forensics.
Download Digital Forensics Framework
To carry out investigations using DFF, we first require the Kali Linux 2016.1ISO image. I’ve chosen to use the 64-bit version and also have it running as a virtual host within VMware.
You can download kali Linux 2016.1 here.
- Once Kali 2016.1 is installed as a virtual host, we can use the “uname -a” command to view the version details:
- To start installing Digital Forensics Framework, first, we need to let’s update the sources.list with the repository that is used in Kali Sana. We need to execute this command :
sudo echo "deb http://old.kali.org/kali sana main non-free contrib" > /etc/apt/sources.list- Next, we update Kali by typing:
Command: sudo apt-get update- Now, we install the Advanced Forensics Format Library by typing:
Command: sudo apt-get install libafflib0
- Once the library has been successfully installed, we can install DFF by typing the following:
Command: sudo apt-get install dff 
Type ‘y’ to proceed with the Digital Forensics Framework Installation.
At this point, our digital forensics framework package is installed in our Kali Linux.
Digital Forensics Framework GUI
Now that we have DFF installed, we can first verify the version of DFF and also view some of the commands within DFF, using the CLI:
- To check the version of Digital Forensics Framework we can type this command :
Command: dff -v- Type this command to see available options :
Command: dff -h
- To launch the GUI mode of Digital Forensics Framework, we can type this command:
Command: dff -g
As you can see this is the simple GUI interface of Digital Forensics Framework and we can use it as per our need.
How to use Digital Forensics Framework?
Using this tool is not very much complicated for the sake of this tutorial. I’m attaching a very good video tutorial by Cyber Secrets YouTube channel.
This practical video will be very helpful for you to understand this Digital Forensics Framework tool very easily.
Conclusion
So guys, in this article we’ve covered all the basics things you need to know about the digital forensics framework. This tool is very helpful for those who want to do any kind of digital forensics activity like deleted files recovering, analysing files, metadata, memory etc. I hope you’ve found this article useful.
If you have any question or suggestion then feel free to tell me in the comments I’ll be very happy to help you out.
Also Read: Email Spoofing Tutorial 2021 – Detect & Prevent Email Spoofing Attacks
I'm an Ethical Hacker, Penetration Tester, Content Creator, Technology Lover, Passionate Learner & The Founder of Spinning Security. For Any Inquiry Contact Us Here :- contect.spinningtech@gmail.com
- How to Become a Professional Gambler - March 29, 2024
- X Premium Subscribers to Gain Access to Grok AI Chatbot: A Strategic Move by Elon Musk - March 28, 2024
- Google Introduces AI Travel Assistant for Seamless Vacation Planning - March 28, 2024
Digital forensic framework is not install
Sudo apt – get install dff
E: does not locate dff
Kindly follow the instructions properly.