Batch scripting

One of the new feature of DFF 1.2 is batch scripting. Batch scripts are files contaning DFF shell commands. These files can be directly provided when invoking dff by setting the '-b' argument on the command line :

 dff.py -b <local file>

The following example describes how to extract all jpeg images contained in a fat dump called 'sd_card.bin' located in /home/case directory. A file called 'extract-image.dfb' is created and used at launch time using dff -b extract-image.dfb. The file itself contains the following commands :

#Sample file to extract all file of type image in a fat dump
local /home/case/sd_card.bin
fatfs --meta_carve sd_card.bin
#carverui sd-card.bin --application/images jpg,bmp
find /sd_card.bin --filter_name images --recursive --save_result --expression 'mime\ in\ ["image"]'
extract --recursive --files Searched\ items/images --syspath /home/case/results/

Lines starting with the # character are comment lines. They are not interpreted but will be printed. on the console. Instead of searching all files in the mounted file system, it is possible to enable carving of jpeg and bmp in the raw dump by uncommenting line 4 and commenting line 5.