Tools

Tools: built a forensics documentation tool because my university course drove me crazy I

2026-04-06 0 views admin
Tools: built a forensics documentation tool because my university course drove me crazy I

I'm not a professional forensics investigator, just a security student who had a university course on digital forensics last summer and got increasingly frustrated with one specific part of it: not the investigation, but the documentation. Every tool, every command, every hash, manually noted. Timestamps written essentially by hand. Chain of custody as an afterthought. My colleagues felt the same way. So we built something to fix it. forensic-log-tracker wraps your forensic commands, whatever you can do in a shell, and automatically produces timestamped, SHA256-hashed, GPG-signed investigation logs. One command at the end generates a complete case report in Markdown. It also provides explanations, as report readers are hardly ever experts, so for your commands you get structures like: Explanations and configs can be adjusted to your needs in YAML files that come along with your install. I'd love if you checked it out and gave me feedback. One thing might be a PDF report option? All it can do can be found in the README :D. To provide a bit of context, I wrote a beginner forensics guide around it, dd, Foremost, Scalpel, strings, the works. There's a pre-built practice image to download and work through, and three interactive quizzes embedded in the post. Full guide with interactive exercises And if you use a forensic tool that's not in the explanations.yaml yet, PRs are very welcome. ⭐ github.com/mev0lent/forensic-log-tracker Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to ? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command
[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:" style="background: linear-gradient(135deg, #6a5acd 0%, #5a4abd 100%); color: #fff; border: none; padding: 6px 12px; border-radius: 8px; cursor: pointer; font-size: 12px; font-weight: 600; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); display: flex; align-items: center; gap: 8px; box-shadow: 0 4px 12px rgba(106, 90, 205, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.1); position: relative; overflow: hidden;">

Copy

$ ---

[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:

[+] Legal Context for `sha256sum working_copy.img` **Analyst:** Niklas Heringer

**Timestamp:** 2026-04-06T12:50:04.899436+00:00 The `sha256sum` command calculates a SHA-256 cryptographic hash of a file. ---

Command
[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:" style="background: linear-gradient(135deg, #6a5acd 0%, #5a4abd 100%); color: #fff; border: none; padding: 6px 12px; border-radius: 8px; cursor: pointer; font-size: 12px; font-weight: 600; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); display: flex; align-items: center; gap: 8px; box-shadow: 0 4px 12px rgba(106, 90, 205, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.1); position: relative; overflow: hidden;">

Copy

$ ---

[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:

[+] Legal Context for `sha256sum working_copy.img` **Analyst:** Niklas Heringer

**Timestamp:** 2026-04-06T12:50:04.899436+00:00 The `sha256sum` command calculates a SHA-256 cryptographic hash of a file. ---

Command
[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:" style="background: linear-gradient(135deg, #6a5acd 0%, #5a4abd 100%); color: #fff; border: none; padding: 6px 12px; border-radius: 8px; cursor: pointer; font-size: 12px; font-weight: 600; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); display: flex; align-items: center; gap: 8px; box-shadow: 0 4px 12px rgba(106, 90, 205, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.1); position: relative; overflow: hidden;">

Copy

$ ---

[+] Command: `sha256sum working_copy.img` - Timestamp: `2026-04-06T09-08-28-524115+00-00` - GPG-signature: [+] Valid - SHA256: `92cebec98bfd99f06db56bd758d5977b62abc27513805ca24a72cdb7ed0f5756` #### Output: [STDOUT] 08f8672e957e4f7f08ac9a7f2797c34bdffe51d35a7e04f60c1be256a82cc0ff working_copy.img [STDERR] #### Context:

[+] Legal Context for `sha256sum working_copy.img` **Analyst:** Niklas Heringer

**Timestamp:** 2026-04-06T12:50:04.899436+00:00 The `sha256sum` command calculates a SHA-256 cryptographic hash of a file. ---

Command

Copy

$ -weight: 500;">pip -weight: 500;">install forensic-log-tracker flt setup # to setup a GPG key for the projects flt new-case MY_CASE_NAME --description "Investigating suspicious image" flt run "dd if=evidence.img of=working_copy.img bs=4M conv=noerror,sync" -c MY_CASE_NAME flt run "foremost -i working_copy.img -o output/ -v" -c MY_CASE_NAME flt report -c mycase -weight: 500;">pip -weight: 500;">install forensic-log-tracker flt setup # to setup a GPG key for the projects flt new-case MY_CASE_NAME --description "Investigating suspicious image" flt run "dd if=evidence.img of=working_copy.img bs=4M conv=noerror,sync" -c MY_CASE_NAME flt run "foremost -i working_copy.img -o output/ -v" -c MY_CASE_NAME flt report -c mycase -weight: 500;">pip -weight: 500;">install forensic-log-tracker flt setup # to setup a GPG key for the projects flt new-case MY_CASE_NAME --description "Investigating suspicious image" flt run "dd if=evidence.img of=working_copy.img bs=4M conv=noerror,sync" -c MY_CASE_NAME flt run "foremost -i working_copy.img -o output/ -v" -c MY_CASE_NAME flt report -c mycase explanations.yaml

🏷️ Tags

toolsutilitiessecurity toolsbuiltforensicsdocumentationbecauseuniversitycoursedrove

More from Tools

Tools: Professional Essay Writing Service (2026)

Tools: Professional Essay Writing Service (2026)

2026-04-06 0
Tools: Ransomware Prevention for Small Businesses: Practical Steps Without Enterprise Budgets (2026)

Tools: Ransomware Prevention for Small Businesses: Practical Steps Without Enterprise Budgets (2026)

2026-04-06 0
Tools: QIS Outcome Routing with Qdrant: Scaling to a Distributed Multi-Node Backend

Tools: QIS Outcome Routing with Qdrant: Scaling to a Distributed Multi-Node Backend

2026-04-06 0
Tools: Update: Why I Open-Sourced My Hardened *arr Stack (and What Most Compose Files Get Wrong)

Tools: Update: Why I Open-Sourced My Hardened *arr Stack (and What Most Compose Files Get Wrong)

2026-04-06 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views