Veritas
Veraciously Effective Renderer In Typical Artifact Structures
About
Tired of always having to look up different versions of file structures & manually mapping the bytes while working with hex?
Veritas is an elementary WIP hex viewer made for forensicators, which automatically identifies different artifacts and applies the correct template. These templates are generated dynamically to accurately highlight data with appropriate color markers.
Last Still(s)
Disclaimer
Veritas is not meant to be an advanced hex viewer with functionalities that a real hex editor might have. It solely aims for one thing, convenience for data validation. It is suggested that this hex viewer be used in accordance with other good hex editors that offer searching and goto functions. Over time, Veritas will support more file structures; but as of now I'm the only one working on this project when I'm able to.
For issues/discussions regarding the project, kindly join the Digital Forensics Discord Server and head over to this thread!
Features
- Dynamic artifact templates.
- Color coded artifact file structure with sub-sections.
Supported Artifacts
| NTOS | Images | Documents | Databases |
|---|---|---|---|
| β Prefetch | π PNG | π PDF | π§ SQLite |
| π§ Registry | π JPG | ||
| π MFT | π BMP | ||
| π GIF |
Requirements
- Python >= 3.10.4
- Kivy >= 2.1.0
- Plyer >= 2.1.0
Installation
Step 1: Create a virtual environment using:
python.exe -m venv veritasStep 2: Depending on your OS, activate the virtual environment using:
- Windows:
.\veritas\Scripts\activate - Linux:
source veritas/Scripts/activate
Step 3: Install Kivy using:
python.exe -m pip install "kivy[base]"Step 4: Install Plyer using:
python.exe -m pip install plyerSpecial Thanks (Check RESOURCES.md for more)
Andrew Rathbun, el3phanten, Gary Kessler, Joachim Metz, Forensics Wiki