bulk_extractor is a tool that can be used to scan and extract data from disk images, files, and other devices. The ideal procedure to use is to create a carbon copy of a drive for analysis.

The tool works by performing a bit by bit analysis and searching for patterns. Filters built in to the program determine the patterns that it searches for. There filters work by matching credit cards numbers, email addresses, domain names, and many other things and sort its results into text files for analysis. Additionally, it is incredibly fast and thorough. Ergo it is an efficient way to analyze data from a large drive.

Bulk_extractor is a command line tool, included in forensic boxes. There is also a GUI version known as BEViewer. The previous bulk_extrator tutorial utilizes bulk_extractor 1.2. In this situation, BEViewer 1.3 for Windows will be used on a sample image for analysis. It is important to note that bulk_extractor and BEViewer are available for Windows, Mac, and Linux.

Credit to Moshe Caplan for his work on the bulk_extractor 1.2 module. This tutorial is based on his.

By: Swaad Golam

Sample challenge coming soon!


You must Sign-In to post a comment.