Imago Forensics – Imago Is A Python Tool That Extract Digital Evidences From Images

0
14
Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images

Imago is a python software that extract digital evidences from pictures recursively. This software is beneficial all through a digital forensic investigation. If that you must extract digital evidences and you’ve got numerous pictures, via this software it is possible for you to to check them simply. Imago permits to extract the evidences right into a CSV file or in a sqlite database. If in a JPEG exif are current GPS coordinates, Imago can extract the longitude and latitude and it will possibly convert them to levels and to retrieve related data like metropolis, nation, zip code… Imago gives additionally the likelihood to calculate Error Level Analysis, and to detect nudity these functionalities are in BETA.


Setup

Setup through pip

  1. Install imago:
  1. Once put in, one new binary must be out there: :

And then it ought to output the imago’s banner

Requirements:

python 2.7
exifread 2.1.2
python-magic 0.4.15
argparse 1.4.0
pillow 5.2.0
nudepy 0.4
imagehash 4.0
geopy 1.16.0

Usage

utilization: imago.py [-h] -i INPUT [-x] [-g] [-e] [-n] [-d {md5,sha256,sha512,all}]
                [-p {ahash,phash,dhash,whash,all}] [-o OUTPUT] [-s]
                [-t {jpeg,tiff}]

non-obligatory arguments:
  -h, --help            present this assist message and exit
  -i INPUT, --input INPUT
                        Input listing path
  -x, --exif            Extract exif metadata
  -g, --gps             Extract, parse and convert to coordinates, GPS exif
                        metadata from pictures (if any)It works solely with JPEG.
  -e, --ela             Extract, Error Level Analysis picture,It works solely with
                        JPEG. *BETA*
  -n, --nude            Detect Nudity, It works solely with JPEG, *BETA*
  -d {md5,sha256,sha512,all}, --digest {md5,sha256,sha512,all}
                        Calculate perceptual picture hashing
  -p {ahash,phash,dhash,whash,all}, --percentualhash {ahash,phash,dhash,whash,all}
                        Calculate hash digest
  -o OUTPUT, --output OUTPUT
                        Output listing path
  -s, --sqli            Keep SQLite file after the computation
  -t {jpeg,tiff}, --type {jpeg,tiff}
                        Select the picture, this flag will be JPEG or TIFF, if
                        this argument it's not supplied, imago will course of
                        all of the picture sorts(i.e. JPEG, TIFF)


The solely required argument is -i which is the bottom listing from which imago will begin to seek for picture file. You also needs to present at the least one kind of extraction (i.e. exif, information, gps, digest).

Example:

$ imago -i /residence/solvent/instances/c23/DCIM/ -o /residence/solvent/instances/c23/ -x -s -t jpeg -d all

Where:

  • -i path: is the bottom listing, the place imago will seek for file
  • -o path: the output listing the place imago will save the CSV file, with the extracted metadata
  • -x : imago will extract EXIF metadata.
  • -s: the short-term SQLite database is not going to be deleted after the processing.
  • -t jpeg: imago will search just for jpeg pictures.
  • -d all: imago will calculate md5, sha256, sha512 for the jpeg pictures.

Features:

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.