FindMeThangs!

An all-in-one n00b friendly command line based digital forensics utility in Ruby.

Image Options [1]

- Create Image

- Wipe Image

Drive Info [2]

- md5sum

- mmls

- mmstat

- fsstat

- blkstat

File Recovery [3]

- Foremost

- Photorec

- Scalpel

File Structure [4]

- fls

Timeline [5]

- fls & mactime

PDF Report [6]

- All of the above in a PDF.

Select Image [7]

- Switch between images.

Help [8]

- Kind of man page

Exit [0]

- Get out of the choppah!

ruby ./findmethangs "optional_image_location.img"

• Linux based environment (SIFT VM preferred)

• Ruby 2.0.0 or higher

• Sleuthkit

• Enscript and ps2pdf - For PDF report

No known bugs.

Clint Bettiga

Lakshya Kapoor

Released under the laws of Master Zeichick (CINS 548) at California State University, Chico.