![Cover image for [Open Source] 🚀 TRACE: Toolkit for Retrieval and Analysis of Cyber Evidence 🚀](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7q9cdi5bnd0xwht7ezq.png)
📂🔍 TRACE is a digital forensic analysis tool I developed for my final year project, designed with a user-friendly interface for investigating disk images. 📂🔍
👀 Preview
🔧 Features
- 🗂️ *Image Mounting: Mount forensic disk images. (Windows only)
- 🌳 Tree Viewer: Navigate disk image structures.
- 🔍 Detailed File Analysis: View file content in HEX, text, and application-specific formats.
- 📸 EXIF Data Extraction: Extract and display EXIF metadata from pictures.
- 🗂️ Registry Viewer: Examine Windows registry files.
- 🔪 *Basic File Carving -not fully integrated: Recover deleted files from disk images.
- 🦠 Virus Total API Integration: Scan files for malware using Virus Total.
- ✅ E01 Image Verification & Conversion: Verify integrity and convert E01 images to raw format.
- 💬 Message Decoding: Decode messages from base64, binary, and other encodings.
- And more!
💻🖥️ Cross-Platform Compatibility
| Operating System | Screenshot |
|---|---|
| macOS Sonoma 🍏 |  |
| Kali Linux 2024 🐧 |  |
| Windows 10 🗔 |  |
💾 Supported Image Formats
| Image Format | Extensions |
|---|---|
| EnCase® Image File (EVF / Expert Witness Format) |
*.E01 *.Ex01
|
| SMART/Expert Witness Image File | *.s01 |
| Single Image Unix / Linux DD / Raw |
*.dd, *.img, *.raw
|
| ISO Image File | *.iso |
| AccessData Image File | *.ad1 |
🧱 Built With
- pytsk3 - Python bindings for the SleuthKit
- libewf-python - Library to access the Expert Witness Compression Format (EWF)
- PySide6 - Used for the GUI components.
- Arsenal Image Mounter - For mounting forensic disk images.
🔗 Explore TRACE on GitHub:
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit/?abc
Socials 👨💻
Top comments (0)