Skip to main content

Digital Forensics CLI Tool โ€” Metadata, Steganography, OSINT & Section 65B PDF Reports

Project description

MetaForge ๐Ÿ”

Digital Forensics CLI Tool โ€” Metadata Extraction ยท Steganography Detection ยท SHA/MD5 Hashing ยท Section 65B PDF Reports

Python License Platform Author


What is MetaForge?

MetaForge is a Python CLI tool built for digital forensics analysts, cybersecurity professionals, and Indian law enforcement. It performs:

  • Metadata Extraction โ€” EXIF, GPS, file timestamps, MIME type from images, audio, and video
  • Cryptographic Hashing โ€” MD5, SHA-1, SHA-256 computation and verification
  • Steganography Detection โ€” LSB entropy analysis, Chi-square statistical test, appended data detection, embedded string extraction
  • Section 65B Reports โ€” Generates PDF forensic reports compliant with Section 65B of the Indian Evidence Act, 1872 โ€” a legal requirement for submitting electronic evidence in Indian courts

Installation

From PyPI (recommended)

pip install metaforge

From source

git clone https://github.com/tanishsareen/metaforge.git
cd metaforge
pip install -r requirements.txt
pip install -e .

Kali Linux

sudo apt install metaforge

Usage

Full forensic scan (recommended)

metaforge scan evidence.jpg \
  --case "FIR-2026-001" \
  --examiner "Tanish Sareen" \
  --desc "Forensic analysis of photographic evidence"

Metadata only

metaforge meta photo.jpg
metaforge meta audio.mp3 --json

Steganography analysis

metaforge steg suspicious_image.png

Hash computation & verification

metaforge hash evidence.jpg
metaforge hash evidence.jpg --verify abc123... --algo sha256

Example Output

  __  __      _        _____
 |  \/  | ___| |_ __ _|  ___|__  _ __ __ _  ___
 | |\/| |/ _ \ __/ _` | |_ / _ \| '__/ _` |/ _ \
 | |  | |  __/ || (_| |  _| (_) | | | (_| |  __/
 |_|  |_|\___|\__\__,_|_|  \___/|_|  \__, |\___|
                                       |___/
  Digital Forensics CLI Tool  v1.0.0
  Author: Tanish Sareen  |  Section 65B Report Generation

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ Forensic Scan Started โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
Target: evidence.jpg

โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚           CLEAN                          โ”‚
โ”‚       Steganography Verdict              โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โœ” Report saved: evidence_metaforge_report.pdf

Section 65B Compliance

Section 65B of the Indian Evidence Act, 1872 mandates that electronic records submitted as evidence must be accompanied by a certificate verifying:

  • The computer was in regular use during the relevant period
  • The electronic record was produced in the ordinary course of activities
  • The computer was functioning properly
  • The information in the record is derived from the computer's activities

MetaForge generates this certificate automatically in every PDF report.


Architecture

metaforge/
โ”œโ”€โ”€ __init__.py        # Version, author metadata
โ”œโ”€โ”€ extractor.py       # Metadata extraction engine (EXIF, AV, file info)
โ”œโ”€โ”€ steg_detector.py   # Steganography detection (LSB, chi-square, appended data)
โ”œโ”€โ”€ reporter.py        # Section 65B PDF report generator (ReportLab)
โ””โ”€โ”€ cli.py             # Click-based CLI interface

Steganography Detection Methods

Method Description
LSB Entropy Analysis Measures entropy of least significant bits per RGB channel. Near-1.0 entropy indicates possible LSB embedding
Chi-Square Test Statistical test on pixel value pair frequencies. Equalised pairs suggest LSB steganography
Appended Data Detection Checks for bytes after JPEG FFD9 / PNG IEND EOF markers
String Extraction Extracts printable ASCII strings from binary content (like Unix strings)

Requirements

  • Python 3.8+
  • Linux (Kali, Ubuntu, Debian)
  • Dependencies: click, rich, Pillow, python-magic, mutagen, exifread, reportlab, numpy

Author

Tanish Sareen

  • BCA (Cyber Security & Forensics), CT University, Punjab
  • Member, Institutional Innovation Cell (IIC)
  • GitHub: @tanishsareen

License

MIT License โ€” see LICENSE


Contributing

Pull requests are welcome. For major changes, open an issue first.


Built for Indian law enforcement and cybersecurity professionals. Submitted to IIC YUKTI Innovation 2025.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

metaforge_forensics-1.0.0.tar.gz (24.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

metaforge_forensics-1.0.0-py3-none-any.whl (22.0 kB view details)

Uploaded Python 3

File details

Details for the file metaforge_forensics-1.0.0.tar.gz.

File metadata

  • Download URL: metaforge_forensics-1.0.0.tar.gz
  • Upload date:
  • Size: 24.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.11

File hashes

Hashes for metaforge_forensics-1.0.0.tar.gz
Algorithm Hash digest
SHA256 3062833222289a23c09df912babbc74962d33871164639b842252849f4e58a2d
MD5 9d9b6af38c287c046cbe1c2e584164b5
BLAKE2b-256 ce432c842b03249a04153f49905c56c2ce69eec2986093b8412e716034d5f026

See more details on using hashes here.

File details

Details for the file metaforge_forensics-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for metaforge_forensics-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2f37ed25693821bf24ede8bf21a56941fa90b5c3577be7fa173b604531ab36de
MD5 a391cb37dda194b1d3aff827a0b82a90
BLAKE2b-256 1bd7a41b1c0e73654e73d96a3795643796d91753fe12e0d4472f26d328aec0a8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page