DISKOVERY: Disk Forensics Tool for Data Categorization & Keyword Filtering
Project description
๐งช DISKOVERY: Disk Forensics Tool for Data Categorization & Keyword Filtering
DISKOVERY is a Python-based digital forensics tool designed to analyze disk images. It performs a multi-stage forensic analysis including imaging, partition parsing, file categorization, keyword-based filtering, and automatic PDF reporting. The tool supports both complete and filtered analysis outputs and provides investigators with a concise overview of disk contents. It is a command-line interface (CLI) tool that works well on Ubuntu and Debian-based systems.
โ๏ธ Features
- Disk Image Support (
.img,.E01,.dd) - Partition Parsing using
mmls - File Categorization:
- Deleted
- Encrypted
- Current
- Hidden
- File Type Filtering (e.g.,
.pdf,.docx) - Keyword Search in extracted text-based files
- Visual Summary via pie charts
- PDF Report Generation with listings, and visualizations
Steps to use
- Insert pendrive.
- To check the location at which it's inserted: sudo fdisk -l
- Go to script folder and run main.py: sudo python3 main.py
๐ Project Structure
DISKOVERY/
โโโ stages/
โ โโโ __init__.py
โ โโโ stage1_disk_imaging.py
โ โโโ stage2_extraction.py
โ โโโ stage3_categorization.py
โ โโโ stage4_filtering.py
โ โโโ stage4_2_keyword.py
โ โโโ stage5_reporting.py
โโโ utils/
โ โโโ __init__.py
โ โโโ run_command.py
โโโ main.py
โโโ LICENSE
โโโ README.md
โโโ requirements.txt
โโโ setup.py
โโโ MANIFEST.in
โโโ pyproject.toml
๐ Quick Start
1. Clone the Repository
git clone https://github.com/simmithapad/DISKOVERY.git
cd DISKOVERY
2. Run Setup (Installs Tools + Python Packages)
pip install -r requirements.txt
3. Start the Tool
python3 -m venv .venv
source .venv/bin/activate
python3 main.py
๐ ๏ธ Dependencies
System Tools (Installed via setup.sh)
dcflddsleuthkit(formmls,fls,fsstat)binwalkgrepandpdfgrep
Python Packages
fpdfelasticsearchdocx2txtre
๐ Output
- Disk images saved in
./output_files/ - PDF reports saved in
./output_files/reports/ - Extracted files saved in
./output_files/extracted_files/
๐ฌ Future Work
- GPU Acceleration
- Memory Forensics Integration
๐ค Author
Simmi Thapad
Vrinda Abrol
License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Disclaimer
[!Important] This tool is intended for educational and lawful forensic analysis only. Use responsibly.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file diskovery-0.1.1.tar.gz.
File metadata
- Download URL: diskovery-0.1.1.tar.gz
- Upload date:
- Size: 4.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3e6abffaf97edf0d8c4d328ef417205a6b63a0db3e9e0086065a1fdb2b9b4a7
|
|
| MD5 |
2d6e2fa36a2ac8fd51d5b89e51e3af8a
|
|
| BLAKE2b-256 |
95cf74dc522ddf04a79e921d28761cd9673181af2e6c0604d300b9b449922ac9
|
File details
Details for the file diskovery-0.1.1-py3-none-any.whl.
File metadata
- Download URL: diskovery-0.1.1-py3-none-any.whl
- Upload date:
- Size: 4.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f920cecb62fbf0dd55733993cb06f16fcb8b81d92b20f111c55703ad95ca24fa
|
|
| MD5 |
4c30cd42f36eb0c0428c8d933399c336
|
|
| BLAKE2b-256 |
feddbdebf28531e99124c586bf2b74436593e42a00e90721bfd662ddf95da0c0
|
