This content originally appeared on DEV Community and was authored by RG
TRACE is a digital forensic analysis tool I developed for my final year project, designed with a user-friendly interface for investigating disk images.
ย
Preview
ย
Features
*Image Mounting: Mount forensic disk images. (Windows only)
Tree Viewer: Navigate disk image structures.- Detailed File Analysis: View file content in HEX, text, and application-specific formats.
EXIF Data Extraction: Extract and display EXIF metadata from pictures.- Registry Viewer: Examine Windows registry files.
*Basic File Carving -not fully integrated: Recover deleted files from disk images.
Virus Total API Integration: Scan files for malware using Virus Total.
E01 Image Verification & Conversion: Verify integrity and convert E01 images to raw format.
Message Decoding: Decode messages from base64, binary, and other encodings.- And more!
ย
Cross-Platform Compatibility
| Operating System | Screenshot |
|---|---|
macOS Sonoma  |
 |
Kali Linux 2024  |
 |
| Windows 10 ๐ |  |
ย
Supported Image Formats
| Image Format | Extensions |
|---|---|
| EnCaseยฎ Image File (EVF / Expert Witness Format) |
*.E01 *.Ex01
|
| SMART/Expert Witness Image File | *.s01 |
| Single Image Unix / Linux DD / Raw |
*.dd, *.img, *.raw
|
| ISO Image File | *.iso |
| AccessData Image File | *.ad1 |
ย
Built With
- pytsk3 – Python bindings for the SleuthKit
- libewf-python – Library to access the Expert Witness Compression Format (EWF)
- PySide6 – Used for the GUI components.
- Arsenal Image Mounter – For mounting forensic disk images.
ย
Explore TRACE on GitHub:
https://github.com/Gadzhovski/TRACE-Forensic-Toolkit/?abc
ย
Socials 
This content originally appeared on DEV Community and was authored by RG