bulk_extractor

Stream-based forensic tool for extracting artifacts from raw data

brewmacoslinux

Try with needOr install directly

About

Stream-based forensics tool

bulk_extractor

Extract artifacts from a disk image with default scanners$ bulk_extractor -o output_dir disk_image.dd

Extract specific artifact types (emails and credit cards) from raw data$ bulk_extractor -S 'email,ccn' -o results input_file.bin

Process memory dump with multiple threads and verbose output$ bulk_extractor -j 4 -V memory.dump -o forensic_output