Mobius Forensic Toolkit

Libmobius

The libmobius is a forensic library written in C++. It features a Python API wrapper layer. It is an independent part of the Mobius Forensic Toolkit and can be used in other projects as well.

What is implemented so far?

Here is a (non-complete) list of the features that are natively implemented in the libmobius:

FeatureCode implemented
Cipher algorithmsAES (128, 192 and 256 bits)
Blowfish
DES
RC2
RC4
ROT-13
Triple-DES (3DES)
Zip
Hash functionsAdler-32
CRC-32
ED2K
MD4
MD5
SHA-1
SHA-2 (224, 256, 384, 512, 512/224 and 512/256 bits)
Zip
Cryptographic functionsHMAC
PBKDF1
PBKDF2/HMAC
Disk objectsImagefile
Physical device
Any other readable object
Image filesdossier: Logicube Dossier imagefiles (.log)
ewf: EWF files (.ewf, .e01)
msr: Samsung's Secret Zone .msr encrypted files
raw: Raw image files (.dd, .raw, ...)
solo: ICS Solo III imagefiles (.txt)
split: Split files (.001, ...)
talon: Logicube Talon imagefiles (.log)
vhd: Microsoft Virtual Disk (.vhd)
Partition systemsPC-DOS
GPT
Apple
FilesystemsExt2, Ext3, Ext4
HFS+, HFSX
ISO-9660
NTFS
VFAT
URL schemasfile:
Utility classesBytearray
Date, time, datetime and timedelta
Charset functions (encode, decode)
I/O classes (file, folder, resource)
Binary data decoder
System devices list
URI parser
Forensics specificWindows DPAPI decryption
Windows Registry (including automatic PSSP, LSA and MSDCC decryption)