Stable release 1.5 / March 21, 2008 Operating system | Written in Bash (shell script) Type Computer forensics | |
Original author(s) License GNU General Public License
GNU Lesser General Public License | ||
Selective File Dumper (SFDumper) is a free open source computer forensics tool, written by Nanni Bassetti and Denis Frati, for Linux systems.
Contents
It is a Bash script which can retrieve all the files of a chosen type (e.g. .doc or .jpg), regardless if they are active, deleted or unallocated. It automatically runs Foremost for carving, and Sleuthkit for deleted files retrieval. It then eliminates duplicated files by comparing the SHA256 hashes of the carved files and the active and deleted files. Thanks to carving, files simply renamed to a different extension will be identified. Also, it is possible to expand the Foremost configuration file inside the script to add new extensions. Finally, it is possible to do a keyword search on the extracted files. The script can work on an image file or directly from a device.
It is free software licensed under the terms of the GNU General Public License (GPL) and GNU Lesser General Public License (LGPL).