bulk-extractor: computer forensics tool
bulk_extractor is a program that extracts functions such as e-mail addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic survey tool that can be used for many tasks such as malware and intrusion surveys, identity surveys and web surveys, as well as image analysis and password cracking. The program provides several unusual features:
- Discover other tools that can not be found, such as e-mail addresses, URLs, and credit card numbers, as it can handle compressed data (such as ZIP, PDF, and GZIP files) as well as incomplete or partially corrupted data. It can extract JPEG files, office documents and other types of files from fragments of compressed data, and can automatically detect and extract encrypted RAR files.
- Build a list of words based on all the words found in the data, or even data in compressed files that are not allocated space. These word lists can be used for password cracking.
- multithreaded; fast time
- After the analysis, create a histogram that displays the e-mail address, URL, domain name, search keywords, and other types of information.
bulk_extractor can analyze disk images, files, or file directories and extract useful information without analyzing the file system or file system structure. The input is split into pages and processed by one or more scanners. The results are stored in the feature file and can be easily checked, parsed, or processed using other automation tools. bulk_extractor also creates a histogram of the features it finds. This is useful because functions such as email addresses and web search keywords are often common and important.
In addition to the above features, bulk_extractor also includes the following features:
- Bulk Extractor Viewer with the functions stored in the browsing feature file and the graphical user interface that started the bulk_extractor scan
- A small number of Python programs for extra analysis of feature files