Selective file dumper

Infobox Software
name = Selective File Dumper



caption =
collapsible =
author = Nanni Bassetti and Denis Frati
developer =
released =
latest release version = 1.5
latest release date = March 21, 2008
latest preview version =
latest preview date =
frequently updated =
programming language = Bash (shell script)
operating system = Linux
platform =
size =
language =
status =
genre = Computer forensics
license = GNU General Public License
GNU Lesser General Public License
website = http://sfdumper.sourceforge.net/

Selective File Dumper (SFDumper) is a free open source computer forensics tool, written by Nanni Bassetti and Denis Frati, for Linux systems.

It is a Bash script which can retrieve all the files of a chosen type (eg. .doc or .jpg), regardless if they are active, deleted or unallocated. It automatically runs Foremost for carving, and Sleuthkit for deleted files retrieval. It then eliminates duplicated files by comparing the SHA256 hashes of the carved files and the active and deleted files. Thanks to carving, files simply renamed to a different extension will be identified. Also, it is possible to expand the Foremost configuration file inside the script to add new extensions. Finally, it is possible to do a keyword search on the extracted files. The script can work on an image file or directly from a device.

It is free software licensed under the terms of the GNU General Public License (GPL) and GNU Lesser General Public License (LGPL).

SFDumper has been included into [http://www.caine-live.net/Caratteristiche.html CAINE] a new Linux Live Distribution for the Digital Forensics developed by the Modena University (Italy).

Requirements

*Linux OS
*Sleuthkit
*Foremost
*Sha256deep
*grep
*awk
*sed
*dd

Requirements for the GUI version

*Zenity

External links

*http://sfdumper.sourceforge.net/
*http://www.caine-live.net