Ghiro - Automated Digital Image Forensics Tool

Ghiro Forensics Tool

Ghiro is an open source software for digital photo and digital image forensics. The forensic analysis is fully automated, report data can be searched or aggregated in different perspectives.

It is designed to assist you in the process of analyzing a massive amount of images, it could become an essential tool in your forensic lab.

Since all the analysis tasks are automated, all you have to do is, upload your images and let Ghiro do the work.

Ghiro is a multi user environment, different permissions can be assigned to each user. Cases allow you to group image analyses by topic, you can choose which user allow to see your case with a permission schema. Every team in your forensic lab could work in their own cases with privileges separation.

Main features:

  • Metadata Extraction
  • GPS Localization
  • MIME Information
  • Error Level Analysis
  • Thumbnail Extraction
  • Thumbnail Consistency
  • Signature Engine
  • Hash Matching

Supported image types:

  • Windows bitmap .bmp
  • Raw Canon .cr2
  • Raw Canon .crw
  • Encapsulated PostScript .eps
  • Graphics Interchange Format .gif
  • JPEG File Interchange Format .jpg or .jpeg
  • Raw Minolta .mrw
  • Raw Olympus .orf
  • Portable Network Graphics .png
  • Raw Photoshop .psd
  • Raw Fujifilm .raf
  • Raw Panasonic .rw2
  • Raw TARGA .tga
  • Tagged Image File Format .tiff

Requirements:

  • MongoDB: you need to run a MongoDB database (at least release 2.0)
  • Python (only Python 2.x, at least release 2.7)
  • Python-magic: for MIME extraction
  • Python 2.x bindings for gobject-introspection libraries, required by Gexiv2
  • Gexiv2: for metadata extraction (at least release 0.6.1)
  • Pillow (Python Imaging library - PIL fork): for image manipulation
  • Python-dateutil: for datetime manipulation
  • Pymongo: driver for MongoDB (at least release 2.5)
  • Django: for web interface (at least release 1.5, suggested django 1.6.x)
  • Chardet: for text encoding detection
  • Pdfkit: used for PDF report generation (at least release 0.4)
  • Wkhtmltopdf: used by pdfkit

If you choose MySQL or PostgrSQL as database you have to install their additional drivers.

Note: The faster way to start playing with Ghiro is to download the Ghiro Virtual Appliance. In few minutes you will have a fully functional Ghiro setup to start to analyze your images. The ZIP contains an OVA file, you have to import in your virtualization software (like VirtualBox or VMWare) and configure it.

No comments

Powered by Blogger.