Digital Forensics CLI Tool โ Metadata, Steganography, OSINT & Section 65B PDF Reports
Project description
MetaForge ๐
Digital Forensics CLI Tool โ Metadata Extraction ยท Steganography Detection ยท SHA/MD5 Hashing ยท Section 65B PDF Reports
What is MetaForge?
MetaForge is a Python CLI tool built for digital forensics analysts, cybersecurity professionals, and Indian law enforcement. It performs:
- Metadata Extraction โ EXIF, GPS, file timestamps, MIME type from images, audio, and video
- Cryptographic Hashing โ MD5, SHA-1, SHA-256 computation and verification
- Steganography Detection โ LSB entropy analysis, Chi-square statistical test, appended data detection, embedded string extraction
- Section 65B Reports โ Generates PDF forensic reports compliant with Section 65B of the Indian Evidence Act, 1872 โ a legal requirement for submitting electronic evidence in Indian courts
Installation
From PyPI (recommended)
pip install metaforge
From source
git clone https://github.com/tanishsareen/metaforge.git
cd metaforge
pip install -r requirements.txt
pip install -e .
Kali Linux
sudo apt install metaforge
Usage
Full forensic scan (recommended)
metaforge scan evidence.jpg \
--case "FIR-2026-001" \
--examiner "Tanish Sareen" \
--desc "Forensic analysis of photographic evidence"
Metadata only
metaforge meta photo.jpg
metaforge meta audio.mp3 --json
Steganography analysis
metaforge steg suspicious_image.png
Hash computation & verification
metaforge hash evidence.jpg
metaforge hash evidence.jpg --verify abc123... --algo sha256
Example Output
__ __ _ _____
| \/ | ___| |_ __ _| ___|__ _ __ __ _ ___
| |\/| |/ _ \ __/ _` | |_ / _ \| '__/ _` |/ _ \
| | | | __/ || (_| | _| (_) | | | (_| | __/
|_| |_|\___|\__\__,_|_| \___/|_| \__, |\___|
|___/
Digital Forensics CLI Tool v1.0.0
Author: Tanish Sareen | Section 65B Report Generation
โโโโโโโโโโโโโโ Forensic Scan Started โโโโโโโโโโโโโโ
Target: evidence.jpg
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ CLEAN โ
โ Steganography Verdict โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โ Report saved: evidence_metaforge_report.pdf
Section 65B Compliance
Section 65B of the Indian Evidence Act, 1872 mandates that electronic records submitted as evidence must be accompanied by a certificate verifying:
- The computer was in regular use during the relevant period
- The electronic record was produced in the ordinary course of activities
- The computer was functioning properly
- The information in the record is derived from the computer's activities
MetaForge generates this certificate automatically in every PDF report.
Architecture
metaforge/
โโโ __init__.py # Version, author metadata
โโโ extractor.py # Metadata extraction engine (EXIF, AV, file info)
โโโ steg_detector.py # Steganography detection (LSB, chi-square, appended data)
โโโ reporter.py # Section 65B PDF report generator (ReportLab)
โโโ cli.py # Click-based CLI interface
Steganography Detection Methods
| Method | Description |
|---|---|
| LSB Entropy Analysis | Measures entropy of least significant bits per RGB channel. Near-1.0 entropy indicates possible LSB embedding |
| Chi-Square Test | Statistical test on pixel value pair frequencies. Equalised pairs suggest LSB steganography |
| Appended Data Detection | Checks for bytes after JPEG FFD9 / PNG IEND EOF markers |
| String Extraction | Extracts printable ASCII strings from binary content (like Unix strings) |
Requirements
- Python 3.8+
- Linux (Kali, Ubuntu, Debian)
- Dependencies:
click,rich,Pillow,python-magic,mutagen,exifread,reportlab,numpy
Author
Tanish Sareen
- BCA (Cyber Security & Forensics), CT University, Punjab
- Member, Institutional Innovation Cell (IIC)
- GitHub: @tanishsareen
License
MIT License โ see LICENSE
Contributing
Pull requests are welcome. For major changes, open an issue first.
Built for Indian law enforcement and cybersecurity professionals. Submitted to IIC YUKTI Innovation 2025.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file metaforge_forensics-1.0.0.tar.gz.
File metadata
- Download URL: metaforge_forensics-1.0.0.tar.gz
- Upload date:
- Size: 24.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3062833222289a23c09df912babbc74962d33871164639b842252849f4e58a2d
|
|
| MD5 |
9d9b6af38c287c046cbe1c2e584164b5
|
|
| BLAKE2b-256 |
ce432c842b03249a04153f49905c56c2ce69eec2986093b8412e716034d5f026
|
File details
Details for the file metaforge_forensics-1.0.0-py3-none-any.whl.
File metadata
- Download URL: metaforge_forensics-1.0.0-py3-none-any.whl
- Upload date:
- Size: 22.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2f37ed25693821bf24ede8bf21a56941fa90b5c3577be7fa173b604531ab36de
|
|
| MD5 |
a391cb37dda194b1d3aff827a0b82a90
|
|
| BLAKE2b-256 |
1bd7a41b1c0e73654e73d96a3795643796d91753fe12e0d4472f26d328aec0a8
|