Mobius Forensic Toolkit

Help Wanted

The Mobius Forensics Toolkit is a part-time development project (in fact it is a weekend project). As so, there are many things I would like to implement, to improve and to fix, but because of my narrow schedule I have to stick to a rigid priority list of implementation.

Above all, it is a community project. I hope to engage developers, forensic experts, designers and everyone interested in developing forensic tools to create and improve tools that will benefit everyone.

How can you help?

  • Native english persons: Improve this homepage and the Mobius Tutorial.
  • Graphics designers: Design more specific and suitable icons for the framework.
  • Windows registry experts: Develop new reports. You can send me the registry keys and values, and their meaning, by e-mail or if you program in python, you can even open the Hive Report extension and see how easily it is to incorporate new reports to the Hive extension.
  • Forensic experts: Develop new extensions based upon the extant ones. Send to me file formats and papers about P2P applications, browser's log files, cloud-based evidences, O.S. artifacts such as Windows event files, file links, the recycler bin.
  • Everyone: Any feedback is always welcome. You can suggest new features and modifications. Submit bug reports. Or even send an e-mail telling which extensions you are using or how you are using them.

Specific Help

  • Registry: How to associate Disk ID and offset at mounted devices with a device name.
  • Registry: SUPPORT_388945a0 user password location.