What is DFI2
DFI2 (Digital Forensics / Incident Investigation) is a framework specilized in digital forensic analysis. The key features are as follows.
- The VM does not require much resources.
- Excellent forensic tools are ready to use.
- Focus on disk image, memory dump, and file analysis.
To try DFI2, you have 2 options.
Option 1. DFI2 VM (recommended)
- VMware: DFI2_2410.1_VMware.7z (2.0 GB)
- VirtualBox: DFI2_2410.1.ova (3.0 GB)
username/password is forensics/forensics
Option 2. DFI2 installation on Debian/Ubuntu
The following script install necessary packages then build several forensic tools.
$ wget -O - https://dfi2.net/DFI2_setup.bash | bashor
$ curl -s https://dfi2.net/DFI2_setup.bash | bashThe script operates with the following distributions and versions on a clean install.
- Debian 11, 12
- Ubuntu 20, 22
Toolkit
The following tools are installed via apt or source build.
- Active@ Disk Editor 24.0
- Autopsy 4.21.0
- Bulk Extractor 2.1.1
- CyberChef v10.19.4
- draw.io v24.7.17
- MemProcFS v5.12.5
- ripgrep 13.0.0
- SARchart 5.1.3
- The Timeline Project 2.9.0
- Wireshark 4.0.11
Change Log
- 2024-10-26: Released 2410.1
- 2024-06-23: Released 2406.1
- 2024-01-03: Released 2401.1
- 2023-08-04: Initial Release