![Cover image for [Open Source] ๐ TRACE: Toolkit for Retrieval and Analysis of Cyber Evidence ๐](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7q9cdi5bnd0xwht7ezq.png)
๐๐ TRACE is a digital forensic analysis tool I developed for my final year project, designed with a user-friendly interface for investigating disk images. ๐๐
ย
๐ Preview
ย
๐ง Features
- ๐๏ธ *Image Mounting: Mount forensic disk images. (Windows only)
- ๐ณ Tree Viewer: Navigate disk image structures.
- ๐ Detailed File Analysis: View file content in HEX, text, and application-specific formats.
- ๐ธ EXIF Data Extraction: Extract and display EXIF metadata from pictures.
- ๐๏ธ Registry Viewer: Examine Windows registry files.
- ๐ช *Basic File Carving -not fully integrated: Recover deleted files from disk images.
- ๐ฆ Virus Total API Integration: Scan files for malware using Virus Total.
- โ E01 Image Verification & Conversion: Verify integrity and convert E01 images to raw format.
- ๐ฌ Message Decoding: Decode messages from base64, binary, and other encodings.
- And more!
ย
๐ป๐ฅ๏ธ Cross-Platform Compatibility
| Operating System | Screenshot |
|---|---|
| macOS Sonoma ๐ |  |
| Kali Linux 2024 ๐ง |  |
| Windows 10 ๐ |  |
ย
๐พ Supported Image Formats
| Image Format | Extensions |
|---|---|
| EnCaseยฎ Image File (EVF / Expert Witness Format) |
*.E01 *.Ex01
|
| SMART/Expert Witness Image File | *.s01 |
| Single Image Unix / Linux DD / Raw |
*.dd, *.img, *.raw
|
| ISO Image File | *.iso |
| AccessData Image File | *.ad1 |
ย
๐งฑ Built With
- pytsk3 - Python bindings for the SleuthKit
- libewf-python - Library to access the Expert Witness Compression Format (EWF)
- PySide6 - Used for the GUI components.
- Arsenal Image Mounter - For mounting forensic disk images.
ย
๐ Explore TRACE on GitHub:
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit/?abc
ย
Socials ๐จโ๐ป
Top comments (0)