TRACE is a digital forensic tool I developed as my final year project. It provides an intuitive interface for analyzing disk images and includes a range of functionalities to assist forensic examiners in extracting and viewing the contents of various image file formats.

• Preview 👀
• Features 🌟
• Screenshots 📸
• Supported Image Formats 💾
• Tested File Systems 🗂️
• Cross-Platform Compatibility 🖥️💻
• Getting Started 🚀
  • Prerequisites 🛠️
  • Configuration ⚙️
  • Running the Tool ▶️
• Built With 🧱
• Work in Progress 🛠️
• Testing & Feedback 🧪
• Contributing 🤝
• Socials 👨‍💻

✅ *Image Mounting: Mount forensic disk images. (Windows only)
✅ Tree Viewer: Navigate through the disk image structure, including partitions and files.
✅ Detailed File Analysis: View file content in different formats, such as HEX, text, and application-specific views.
✅ EXIF Data Extraction: Extract and display EXIF metadata from photos.
✅ Registry Viewer: View and examine Windows registry files.
✅ Basic File Carving: Recover deleted files from disk images.
✅ Virus Total API Integration: Check files for malware using the Virus Total API.
✅ E01 Image Verification: Verify the integrity of E01 disk images.
✅ Convert E01 to Raw: Convert E01 disk images to raw format.
✅ Message Decoding: Decode messages from base64, binary, and other encodings.

Operating System	Screenshot
macOS Sonoma 🍏
Kali Linux 2024 🐧
*WSL2 - Ubuntu 22.04.3 LTS 🐧
Windows 10 🗔

1. Install Python 3.11
   (⚠️ Python 3.12 is not supported)
   👉 Download from python.org

2. Install Microsoft C++ Build Tools
   👉 Download Build Tools

   During setup, ensure the following workloads are selected:

   • ✅ Desktop development with C++
   • ✅ C++ build tools

3. Create and activate a virtual environment

   python -m venv venv venv\Scripts\activate

4. Install dependencies

   pip install -r requirements.txt

5. Run the tool

   python main.py

1. Make the installation script executable:

   chmod +x install_macos_linux_WSL.sh

2. Run the installation script:

   ./install_macos_linux_WSL.sh

   The script will:

   • ✅ Create and activate a Python 3.11 virtual environment
   • ✅ Detect your system (macOS or Linux)
   • ✅ Install required system dependencies (via Homebrew or apt)
   • ✅Install the appropriate Python packages:
     • requirements_macos_silicon.txt → macOS
     • requirements.txt → Linux
   • ✅ After installation, it will automatically activate your virtual environment and notify you that it’s ready to use.

3. Run the Tool

   Once the virtual environment is activated (you’ll see (venv) in your terminal prompt):

   python main.py

API Keys Configuration:The tool integrates with VirusTotal and Veriphone APIs, and you will need to provide your own API keys to use these features. To update the API keys, go to the Options menu and select API Keys submenu.

• pytsk3 - Python bindings for the SleuthKit
• libewf-python - Library to access the Expert Witness Compression Format (EWF)
• PySide6 - Used for the GUI components.
• Arsenal Image Mounter - For mounting forensic disk images.

• Cross-Platform Image Mounting: Image mounting currently works only on Windows using the Arsenal Image Mounter executable. The aim is to make this feature work across all platforms without relying on external executables.
• File Carving: The verification of carved files needs improvement, as it may carve data fragments that are not actual files.
• Color Issues in Dark Mode: The software currently has some colour display issues on Linux and macOS systems when using dark mode. Certain UI elements may not be clearly visible or may appear incorrectly.

I welcome contributions from the community to help improve TRACE! If you're interested in contributing, here’s how you can get involved:

1. Report Issues: If you find any bugs or have suggestions for improvements, please open an issue on GitHub. Provide as much detail as possible to help address the issue effectively.
2. Submit a Pull Request: If you have a fix or feature you’d like to contribute, please fork the repository, make your changes, and submit a pull request. Ensure your code adheres to the coding standards and includes tests where applicable.