Uforia: Universal forensic indexer and analyzer
Uforia is a simple, flexible and extensible framework for analysis and parsing of file metadata. It has been written in Python and is available under the GPLv2. Uforia traverses a file-system and triggers a configurable set of modules for every file it encounters. Out-of-the-box, Uforia conforms to the NIST standard for forensic hashing by storing the currently most common three cryptographic hashes for each file: the MD5, SHA-1 and SHA-256 hash. Uforia strives for optimal scaling of the metadata-analysis by offering an easily configurable threading model of both its Producers and Consumers. Additionally, the interface is written and intended to be as loosely coupled as possible, as to easily reduce, replace or increase the Producer’s and Consumer’s functionalities to match the specific needs of the user. Uforia also attempts to reduce database redundancy to a minimum in the same way, by only loosely coupling database tables and delegating the relevant parts of the data-model to be handled by the individual modules. Each of these modules will perform its tasks asynchronously of Uforia and is automatically detected, registered and called to handle its specific filetypes. Uforia does not yet come with a front-end interface for viewing the information stored in the database, but the database contents stored could theoretically already be applied to a wide variety of situations, such as searching for specific metadata or information during a forensic investigation, for filesystem-level deduplication or even for creating custom known file hash tables. The interface for creating new database handlers and modules has been simplified as much as possible, allowing for easy extensibility and tailoring to each use-case’s specific requirements.
KeywordsDatabase Table Configuration Setting Digital Forensic File Metadata Database Module
We would like to acknowledge and thank the following people for their contributions to Uforia: Drs. G.F. de Boer, E. Hoeksema and A. Verstegen for their feedback on the program and database model. C. Baijens, J. Molenaar and C. Goedhart for their development of the initial version. B. van der Wal for his contributions in cleanups, rewrites and documentation of the initial version’s code-base.
- 1.The Electronic Discovery Reference Model (EDRM)EDRM Stages Explained, Mar 30th 2012Google Scholar
- 2.Digital Forensics Framework, http://www.digital-forensic.org/, (2012) Retrieved on Oct 25 2012
- 3.AccessData FTK, http://accessdata.com/products/digital-forensics/ftk,(2012) Retrieved on Oct 24 2012
- 4.Guidance Software Encase, http://www.guidancesoftware.com/, (2012) Retrieved on Oct 24 2012
- 5.National Institute of Standards and Technology (NIST): Secure Hashing, Approved Algorithms, Mar 6 2012Google Scholar