2012-08-11 20:20:42 +02:00
|
|
|
bulk_extractor is a C++ program that scans a disk image, a file, or a directory
|
|
|
|
of files and extracts useful information without parsing the file system or
|
|
|
|
file system structures. The results are stored in feature files that can be
|
|
|
|
easily inspected, parsed, or processed with automated tools. bulk_extractor
|
|
|
|
also creates histograms of features that it finds, as features that are more
|
|
|
|
common tend to be more important.
|
|
|
|
|
2014-11-14 03:20:58 +01:00
|
|
|
bulk_extractor is distinguished from other forensic tools by its speed and
|
|
|
|
thoroughness.
|
2012-08-11 20:20:42 +02:00
|
|
|
|
2014-11-14 03:20:58 +01:00
|
|
|
Optional dependancies include libewf (recognized if installed), afflib
|
|
|
|
(recognized if installed), and liblightgrep.
|
|
|
|
|
|
|
|
To add optional liblightgrep support:
|
|
|
|
|
|
|
|
LIGHTGREP_ENABLE=yes ./bulk_extractor.SlackBuild
|
|
|
|
|
|
|
|
NOTE:
|
|
|
|
When running bulk_extractor with lightgrep, use
|
|
|
|
"-x find -e lightgrep -F findlist.txt" in addition to regular options.
|