- Credential : forensic:forensic
- From : Debian Bookworm Slim.
- Size : Around 900MB.
- Time : Few minutes to build. Depending on your system.
- Trivy : 0 unfixed vulnerabilities.
sudo docker pull mikehorn/dft:latest
git clone https://github.com/MikeHorn-git/docker-forensic-toolbox.git
cd docker-forensic-toolbox
sudo docker-compose up -d
sudo docker build -t "dft" .
- aLEAPP - Android Logs Events And Protobuf Parser.
- Binwalk - Firmware Analysis Tool.
- Exiftool - ExifTool meta information reader/writer.
- Ewf-tools - Library to access the Expert Witness Compression Format.
- Foremost - File carving.
- File - Recognize the type of data in a file using "magic" numbers.
- Hindsights - Web browser forensics for Google Chrome/Chromium.
- iLEAPP - IOS Logs, Events, And Plist Parser.
- Loki - Simple IOC and YARA Scanner.
- Mac-robber - Collects data from allocated files in a mounted file system.
- Mvtt - Conducting forensics of mobile devices in order to find signs of a potential compromise.
- Nano - Small, friendly text editor inspired by Pico.
- Ntfs-3g - Safe Read/Write NTFS Driver.
- Parted - A program for creating, destroying, resizing, checking and copying partitions.
- Python-evt - Pure Python parser for classic Windows Event Log files (.evt).
- Python-ntfs - Open source Python library for NTFS analysis.
- Recuperabit - A tool for forensic file system reconstruction.
- Regripper - RegRipper is an open source forensic software used as a Windows Registry data extraction tool.
- Sleuthkit - Library and collection of command line digital forensics tools.
- Stegoveritas - Yet another Stego Tool.
- Tshark - Dump and analyze network traffic.
- Vim - Vi Improved, a highly configurable, improved version of the vi text editor.
- Volatility3 - Advanced memory forensics framework.
- Xmount - Tool to crossmount between multiple input and output harddisk image files.
- Yara - The pattern matching swiss knife.
- The forensic Docker image is scanned with trivy to improve security.
- Install docker-bench-security for hardening your host.
- Add docker-compose.yml.
- Add new tools (iLEAPP, python-evt, python-ntfs).
- Add security sections and update protobof version for patch vulns [CVE-2021-22570 and CVE-2022-1941] detected with trivy.
- Delete tools.txt.
- Remove miscellaneous tools (htop, john, ssdeep) for a lighter image.