████████╗██╗ ██╗██████╗ ███████╗ █████╗ ██████╗ ███████╗██╗ ███████╗██╗ ██╗████████╗██╗ ██╗
╚══██╔══╝██║ ██║██╔══██╗██╔════╝██╔══██╗██╔══██╗ ██╔════╝██║ ██╔════╝██║ ██║╚══██╔══╝██║ ██║
██║ ███████║██████╔╝█████╗ ███████║██║ ██║ ███████╗██║ █████╗ ██║ ██║ ██║ ███████║
██║ ██╔══██║██╔══██╗██╔══╝ ██╔══██║██║ ██║ ╚════██║██║ ██╔══╝ ██║ ██║ ██║ ██╔══██║
██║ ██║ ██║██║ ██║███████╗██║ ██║██████╔╝ ███████║███████╗███████╗╚██████╔╝ ██║ ██║ ██║
╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚══════╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
>_ DIGITAL FORENSIC ANALYZER_<
High-Performance Parallel Digital Forensic Analyzer
ThreadSleuth is a high-speed digital forensic analysis tool designed to process massive disk images efficiently. By leveraging a C++ Master-Worker Multithreading Architecture, it drastically reduces analysis time compared to traditional sequential tools. The system features a modern, interactive dashboard built with Streamlit (Python) for real-time progress tracking and reporting.
Instead of processing data bit-by-bit, ThreadSleuth divides the workload into fixed-size chunks and processes them concurrently using a synchronized thread pool, ensuring 100% CPU utilization and stability.
The system follows a Producer-Consumer model to ensure thread safety and scalability:
- Master Thread (Producer): Reads the raw disk image and slices it into manageable "chunks".
- Task Queue: A synchronized, thread-safe queue that holds chunks waiting for analysis.
- Worker Threads (Consumers): A persistent Thread Pool that grabs chunks from the queue and processes them in parallel (hashing, keyword search, etc.).
- Result Aggregator: Uses Mutex locks to safely combine results from multiple workers into a final report without race conditions.
- High Performance: Backend written in C++ for low-level memory management and speed.
- Concurrency: Implements a custom Thread Pool to avoid the overhead of creating/destroying threads.
- Thread Safety: Uses Mutexes and Condition Variables to prevent data corruption (Race Conditions).
- Modern UI: Streamlit frontend provides a clean, web-based dashboard to visualize results instantly.
- Automated Reporting: Generates detailed forensic reports automatically upon completion.
| Component | Technology | Role |
|---|---|---|
| Backend Logic | C++ (std::thread) | Core processing engine, memory management |
| Frontend UI | Python (Streamlit) | User interface, file upload, visualization |
| Synchronization | Mutex, Condition Variables | Ensuring thread safety and data integrity |
| Inter-Process Comm | Subprocess/File I/O | Connecting Python UI with C++ Engine |
- C++ Compiler: MinGW (Windows) or G++ (Linux)
- Python 3.x
- Visual Studio (Optional, recommended for Windows users)
git clone https://github.com/Pickachu19/ThreadSleuth.git
cd ThreadSleuth
On Windows:
# If using MinGW
g++ main.cpp -o backend.exe -pthread
# OR if using Visual Studio
# Open the project in VS, Build Solution, and move the .exe to this folder.
On Linux/Mac:
g++ main.cpp -o backend -pthread
Install the required library and launch the app:
pip install streamlit
streamlit run app.py
The application will open automatically in your browser at http://localhost:8501.
Distributed under the MIT License. See LICENSE for more information.
This project was built by a dedicated team of developers: