revealertoolkit - Project Hosting on Google Code

Code license:	GNU General Public License v2
Labels:	computerforensics

Show all Featured downloads:
RVT-userGuide.pdf RVT_v0.2.1.zip

Blogs:	RVT blog
Feeds:	Project feeds
Groups:	RVT newsletter

People details

Project owners:
	dervitx
Project committers:
	elp...@gmail.com, saritar, brajan, egarciaalmazan, gisela.bilialova

the Revealer Toolkit is a framework and simple scripts for computer forensics. It uses Brian Carrier's The Sleuth Kit as the backbone, as well as other free tools.

The aim of the Revealer Toolkit is to automate rutinary tasks and to manage sources and results from another perspective than the usual forensic frameworks. It will be specially useful in cases with several computers and digitals forensic sources.

RVT is developed and actively tested by computer forensic investigators working at INCIDE, spanish company sited at the beautiful city of Barcelona (see www.incide.es for more details)

You can find additional information, packages and all the source code at http://code.google.com/p/revealertoolkit

Introduction to version 0.2.1

The current state of the project can be described as a proof of concept, that is, RVT version 0.2 proofs that the objectives we are looking for are reachable, but further work is necessary in order to have a stable version.

Therefore, RVT v0.2 can be used to automate computer forensic tasks on a group of several digital forensic images, but the code is still buggy, some tasks have to be run manually, and the interface has to be improved. RVT code and documentation can be downloaded from:

http://revealertoolkit.googlecode.com/files/RVT_v0.2.1.zip
svn checkout http://revealertoolkit.googlecode.com/svn/tags/RVT-v0.2.1 RVT-v0.2.1-read-only

Also, a virtual machine (VMWare) with a functional RVT v0.2 system is available at Sourceforge at this link .

The objective of next version (0.3) will be to clean the code, solve bugs and ease the interaction. At the same time, more scripts and modules will be developed. For version 0.3, a RVT Developer Manual is planned, as well as a automated reporting engine.

For any questions, help or comments, please, do not hesitate to drop an message in our newsletter (http://groups.google.com/group/revealertoolkit).

Acknowledgements

Manu Ginés aka xkulio, creator of the original Chanchullos Revealer
People that have collaborated to (and suffered) the project: Jose Navarro, Luis Gómez, Sara Rincón, Abraham Pasamar, Julián Sotos, Helena Fuentes, Emili García, Harlan Carvey, ...
We want to specially thank Harlan Carvey, author of the well-known Windows Incident Response blog, for kindly providing us with brilliant Perl code to parse Windows event files (EVT extension): evtparse.pl and evtrpt.pl