DFRWS Supported Projects
Open source community driven projects that grew out of DFRWS Conferences and are actively maintained by members of the DFRWS community:
- Cyber-investigation Analysis Standard Expression (CASE)
CASE began in 2015 with this DFRWS EU 2015 paper to provide a structured (ontology-based) specification for representing information commonly exchanged and analyzed by people and systems during investigations involving digital evidence. Today CASE is a Linux Foundation Community Project, supported by DFRWS.org, and actively maintained by members of the DFRWS Community. - Systematic Objective-based Listing of Various Established Investigation Techniques (SOLVE-IT)
SOLVE-IT grew out of community collaboration at the DFRWS US 2023 Conference to establish a resource and tools for systematic error mitigation for digital evidence. SOLVE-IT was inspired by the MITRE ATT&CK® cybersecurity resource, evolved from an initial digital evidence weakness taxonomy, and is actively maintained by members of the DFRWS Community.
DFRWS Presented Projects
Actively used and maintained community-driven projects that have been presented at DFRWS Conferences:
- Advanced Forensic File Format (AFF4)
Next generation forensic container format supporting features such as storage virtualization, metadata storage, extensible compression and hashing schemes, and throughput scalable to high IO rates. - Artifact Genome Project (AGP)
Online system for uploading and viewing digital forensic artifacts to be searched using keywords or any word that appears as part of the artifact. - DFIR Outil de Recherche de Compromission (DFIR ORC)
Collection of specialized tools for performing forensic analysis of IT security incidents impacting Microsoft Windows systems, dedicated to reliably parse and collect critical artefacts such as the MFT, registry hives or event logs. - DFIR Toolkit (https://github.com/dfir-dd/)
Collection of command line tools for performing forensic analysis of IT security incidents impacting Microsoft Windows systems, dedicated to reliably parse and collect critical artefacts such as the MFT, registry hives or event logs. - Graph-Based Analysis of Network Traffic Data (GRANEF)
Toolkit that enables graph-based analysis of network traffic and linked data (e.g., OSINT, CTI) to support IT security incident investigations. - Hansken (https://www.hansken.org)
Digital Forensics as a Service (DFaaS) platform developed by the Netherlands Forensic Institute (NFI) with components that are maintained by the community. - SDHASH Fuzzy Hashing (sdhash)
Tool that allows two arbitrary blobs of data to be quickly compared for similarity based on common strings of binary data, designed to be fast, scalable, and reliable for use during triage and initial investigation phases. - SSDEEP Fuzzy Hashing (ssdeep)
Tool for identifying almost identical file content using context triggered piecewise hashing (CTPH), also called fuzzy hashes, that find sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. - VICS Safer Viewing Platform (VICSafer)
AI-driven system for analysing large volumes of unknown images and videos that investigators encounter in child sexual abuse investigations, automatically finding features such as age, gender, body parts, and actions with customizable viewer safety controls. - CodeSuite® (CodeSuite)
CodeSuite from SAFE Corporation is a collection of patented computer code analysis tools used for comparing computer source code and executable code to help detect plagiarism, pinpoint copyright infringement, highlight trade secret theft, and measure intellectual property.
Adding a Project
If you presented a project at DFRWS that is being actively maintained and used, and would like to link it here, post the name, URI, and brief description to DFSci mailing list sending an email to one of the addresses detailed below:
subscribe: dfsci+subscribe at dfrws.org
unsubscribe: dfsci+unsubscribe at dfrws.org
post: dfsci at dfrws.org
get help: dfsci+help at dfrws.org