frn
file carving, timeline analysis, metadata extraction.
Load with: use frn
Quick example
use frn
result = foren("./example", 10)
prn(result)Functions
File carving
foren(file_path, signatures)
Encodes. Takes file_path, signatures.
foren1(file_path)
Performs the operation. Takes file_path.
foren2()
Performs the operation.
Timeline analysis
foren3(file_paths)
Performs the operation. Takes file_paths.
foren4(file_path)
Performs the operation. Takes file_path.
Deleted file recovery
foren5(disk_path, fs_type)
Performs the operation. Takes disk_path, fs_type.
Memory dump analysis
foren6(mem_dump, min_len)
Performs the operation. Takes mem_dump, min_len.
foren7(mem_dump, pattern)
Performs the operation. Takes mem_dump, pattern.
Log analysis
foren8(log_path, pattern)
Performs the operation. Takes log_path, pattern.
foren9(log_path)
Performs the operation. Takes log_path.
EXIF/metadata extraction
foren10(file_path)
Performs the operation. Takes file_path.
foren11(file_path)
Performs the operation. Takes file_path.
Hash verification
foren12(file_path, expected_hash)
Performs the operation. Takes file_path, expected_hash.
Evidence collection
foren13(source_paths, output_dir)
Performs the operation. Takes source_paths, output_dir.
Binary diff forensics
foren14(file_a, file_b)
Performs the operation. Takes file_a, file_b.
Notes
- Foreign key / relational helpers for in-memory data.