Skip to content
/ Redstone Public

Redstone is a tool that speeds up the forensic process of disk extraction by completing it within a few minutes.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AnuragRSimha/Redstone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

design.txt

design.txt

 
 

extract_linux.py

extract_linux.py

 
 

extract_windows.py

extract_windows.py

 
 

redstone.py

redstone.py

 
 

Repository files navigation

logo

Introduction

Image Evidences & Digital Forensics

Cybercrime has become an inexorable threat nowadays. With the advancement of technology, cybercriminals employ vivid techniques to triumph their satanic goals. To thwart these (cyber) ruffians, cyber investigators come into play. A cyber police/investigator obtains a piece of evidence, technically termed a disk image, that can be burnt onto any disk attached to the detective's PC. A couple of popular disk image extensions are .IMG, .ISO and .E01.

About Redstone

Redstone is a tool that functions to a similar degree as FTK imager or Autopsy of The Sleuth Kit (TSK) does. A detective can supply an evidence file (disk image) to the tool and provide Redstone with a couple of seconds to extract all the contents of it into a folder. It's rudimentarily a disk image extractor which aids the investigator in digging deeper into the case. With files of enormous size, Redstone could stretch for a while to complete the extraction into a directory.

Execution

I. For Linux

A. Disk image files (.img)

  1. Guarantee that you have installed Python.
  2. Consider a sample disk file named NTFS.img

To extract it's contents, type: python3 redstone.py NTFS.img or, python redstone.py NTFS.img

B. Encase image files (.E01)

  1. Run the program as mentioned previously.
  2. When you are prompted for an input, a space delimitered sequence is accepted. Format: file_system offset

a) The first argument is the file system of a partition in the image file (Select a single partition). This is noted by looking into the "Description" from the table displayed before you.

b) The second argument, being an offset value, only a number is accepted. This is noted from the "Start" column of the desired partition. Enter only those digits succeeding the consecutive zeros.

II. For Windows

(Encase files are not supported)

  1. Install 7-Zip from https://7-zip.org/download.html (Important: Remember the path you provide during the installation.)
  2. Decide the destination to store all the contents of your disk image.
  3. Copy the path to the source file (img file).
  4. Run the command as below, replacing the image file and destination (folder) name: python3 redstone.py NTFS.img extracted
  5. You would be prompted to provide the path to the directory of 7-Zip. Enter the path that you had noted in step 1 of this process.

Additional Information

  1. Developed in Karnataka, South India.
  2. Programmed in python.

Notice

Redstone currently functions on not any other OS but Windows and Linux.

About

Redstone is a tool that speeds up the forensic process of disk extraction by completing it within a few minutes.

Topics

forensics digital-forensics forensics-tools disk-extraction

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages