As a cybersecurity student, I spend a lot of time working with tools like Binwalk, ExifTool, file, strings, and YARA.
They're powerful, but the workflow is fragmented.
Analyzing a suspicious file often means bouncing between multiple tools, different output formats, and various dependencies.
So I started building Filo-Go.
What is Filo-Go?
Filo-Go (Forensic Intelligence & Learning Operator) is a Go-based digital forensics and file intelligence toolkit.
The goal is simple:
Provide a single, fast, cross-platform binary for common forensic analysis tasks.
Current capabilities include:
- File identification and analysis
- Entropy visualization
- Metadata extraction
- String extraction
- Firmware analysis
- Executable analysis (PE, ELF, Mach-O)
- YARA scanning
- PCAP analysis
- SQLite inspection
- Plugin support
- MCP integration for AI-assisted workflows
Why Go?
I wanted something that is:
- Fast
- Easy to distribute
- Cross-platform
- Dependency-light
Go checked every box.
Why Am I Building It?
Partly because I need it.
Partly because I want to better understand how forensic tools work internally.
And partly because building systems like this is one of the best ways to learn software engineering, cybersecurity, reverse engineering, and digital forensics.
What's Next?
I'll be sharing architecture decisions, implementation details, performance benchmarks, and lessons learned as the project evolves.
Repository: filo-go
Feedback, ideas, and contributions are welcome.
Top comments (0)