Introducing filighting and the future of DFIR tools, part 3 – more examples

April 11, 2015 in Clustering, Forensic Analysis, Visualisation

I have been toying around with the script trying it on various folders and the results are quite promising.

Here is a bunch of examples – screenshots + interactive demos. Note that some JSON files may take a long time to load so please be patient.

  • Opera 26
    • Quite a nice graph – all files had at least one reference

cluster_opera26

  • Firefox 35
    • Quite a nice graph as well – all files had at least one reference

cluster_firefox

  • Office 15
    • There is so many files that it is not very readable
    • BUT out of 3K+ files, only 17 didn’t have any reference!

cluster_office15

  • Notepad ++
    • Probably the worst case I have seen so far – lots of clusters and orphaned files

cluster_notepadplus

  • VMWare 11
    • Not too bad, lot of files are referenced, just a few stand out

cluster_vmware

Share this :)

Comments are closed.