Local

From Digital Forensics Framework

Jump to: navigation, search
  • Synopsis : local --path path --parent parent
    • path : the path to the local file you want to load into DFF.
    • parent : the path to parent's node in which the new node will be created.

Local is used to load one or several local files into DFF virtual file system. This command is transparently used when you graphically add a dump into the framework. It should be always be the first module used after launching DFF.

In the GUI, there are two ways to use local

Using the application menu

Dumps can be added through the File -> Open evidence file(s) of the application menu or by clicking on the Open evidence file(s) button of the Application tool-bar. Add dump.png

When local is launched, the following dialog-box, called Select evidence type, will be opened :

Open dump.png

You can chose between Raw or Ewf files format. If you have, .ewf files select the corresponding check box, otherwise let the default RAW format.

In the combo box on the right two options are available :

  • File
  • Directory

The last allows you to load in one click the entire content of a directory into the virtual file system.

Once those few points are configured, you can click on the + (plus) button, circled in red on the previous screen-shot. A file dialog box will be opened, where you can chose which file(s) or directory you want to load :

Select multi files.png

You can select several files at once by holding the Ctrl button of your keyboard while selecting files. Once this is done, click on the Open button. The dialog box will be closed and the focus given back to the Select evidence type, now filled up with the file(s) you are about to load.

About to add dump.png

If you wish to add other files, click on the + button again and select the new files you want to add. If you want to remove a file, select it in the list and click on the '-' (minus) button. The file won't be loaded be DFF.

Once you have selected the files you want to load, you just have to click on the OK button. The different dumps you just added will then be accessible through the node browser, in the /Logical files directory :

Just added dumps.png

Using the module menu

Bulb.png

If you want to load ewf files, do not use this method. Follow the steps described in the previous method or use the menu Modules -> connectors -> EWF.

This method allows user to chose the parent node. Go into the Module -> Connectors -> local. The following dialog box, called Apply local module, will be opened :

Module local.png

Here you can configure the local parameters. Two of them are available for local :

  • parent
  • path

Click on the one you want to configure.

  • Parent configuration (see previous screen-shot) : this option allow you to chose in which node you will load your local files. If you click on the Folder.png... button a new dialog box will be opened :

Chose node.png

Browse in the VFS to the node you want to set as parent (here Logical devices) and then click on OK. The dialog box will be closed and the focus given back to the Apply module local dialog, where the node name will be visible in the combo box at the left of the Browse button.

  • Path configuration : this option is used to select the path to the local file(s) you wish to load. Once selected, the appearance of the dialog box will change :

Chose path.png

As for the first method, you can chose to add files or directories. Then click on the + button . A file dialog box will be opened, where you can chose which file(s) or directory you want to load :

Select multi files.png

You can select several files at once by holding the Ctrl button of your keyboard while selecting files. Once this is done, click on the Open button. The dialog box will be closed and the focus given back to the Apply local modules, now filled up with the file(s) you are about to load.

About to load.png

To load the file(s) click on the OK button and they will be loaded as sons of the node you selected as parent (here, /Local devices).

Added in local device.png