🧳 The Exhume Toolkit
The Exhume toolkit is a collection of command-line utilities and usable libraries designed to help forensic investigators and analysts inspect, extract, and interpret data from multiple data source. Each tool focuses on a specific stage or aspect of the forensic analysis process, allowing you to move step by step from initial data collection to deeper exploration. The toolkit is currently focused on traditional filesystem forensics and is still in active development. All of the module have to be considered as experimental until validated by many Digital Forensics Examiners. Therefore, your feedback are crutial.
👓 Overview​
To install the full toolsuite you can perform the following actions:
Getting started​
Installing Rust​
The Exhume Toolkit is built with Rust and requires it for development or compilation.
- Linux and MacOs
- Windows
curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh
Visit https://www.rust-lang.org/tools/install to install rustup
You can also use winget to install rustup using the following command in PowerShell:
winget install --id Rustlang.Rustup
Be sure to restart your Terminal (and in some cases your system) for the changes to take affect.
Diving into each module code and documentation.​
You can ask AI about the code and how to use the exhume modules here:
- https://deepwiki.com/forensicxlab/exhume_body
- https://deepwiki.com/forensicxlab/exhume_partitions
- https://deepwiki.com/forensicxlab/exhume_filesystem
- https://deepwiki.com/forensicxlab/exhume_artefacts
- https://deepwiki.com/forensicxlab/exhume_extfs
- https://deepwiki.com/forensicxlab/exhume_ntfs
- https://deepwiki.com/forensicxlab/exhume_exfat
- https://deepwiki.com/forensicxlab/exhume_lvm