Digler: A Powerful Tool for Forensic Disk Analysis and File Recovery
Summary
Digler is an open-source tool built in Go, designed for comprehensive forensic disk analysis and file recovery. It empowers users to unearth lost or deleted data from various disk images and raw devices. Offering both a powerful command-line interface and a user-friendly desktop application, Digler provides a flexible and efficient solution for digital forensics, leveraging a plugin-based architecture for extensibility.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
Digler is an open-source tool built in Go, designed for comprehensive forensic disk analysis and file recovery. It empowers users to unearth lost or deleted data from various disk images and raw devices. With both a powerful command-line interface and a user-friendly desktop application, Digler offers a flexible and efficient solution for digital forensics professionals and casual users alike, leveraging a plugin-based architecture for extensibility.
Why Use Digler
While many data recovery tools exist, few offer the combination of simplicity, flexibility, and modern design with deep disk analysis and effective file carving. Digler was created to fill this gap by providing a streamlined, plugin-extensible tool for data recovery that’s both powerful and easy to use. It offers both a command-line interface and a user-friendly desktop application, making it accessible for professionals and casual users alike. Whether you prefer the speed and scriptability of the CLI or the convenience of a visual interface, Digler adapts to your workflow without the complexity of heavyweight GUIs or fragmented tools. Built in Go, Digler leverages the language’s strengths in performance, cross-platform support, and maintainability to deliver a fast and dependable solution for today’s data recovery challenges.
Installation
Digler can be installed in a few straightforward ways.
From Source:
git clone https://github.com/ostafen/digler.git
cd digler
make build
From Precompiled Binaries:
Precompiled binaries for Linux, macOS, and Windows are available on the Releases page.
Examples
Digler follows a simple yet powerful workflow: scan first, recover later. This approach allows for thorough analysis before file extraction.
1. Scan a Disk Image or Device
digler scan dfrws-2006-challenge.raw
Or to scan an entire disk partition:
digler scan /dev/nvme0n1 # or C: on Windows
You can optionally specify a dump directory to recover files immediately during scanning:
digler scan <image_or_device> --dump <path/to/dump/dir>
2. Mount Scan Results as a Filesystem (Linux only)
digler mount dfrws-2006-challenge.raw report.xml --mountpoint /mnt/recover
This mounts a FUSE filesystem, enabling you to browse and access recovered files directly from the scan report.
3. Recover Files Based on Scan Report
digler recover dfrws-2006-challenge.raw report.xml --dir ./recover
Test Datasets:
To help you get started, here are some publicly available disk image datasets commonly used in digital forensics research:
- DFRWS 2006 Challenge
- Digital Corpora Repository
- NIST Computer Forensics Reference Data Sets (CFReDS)
Links
For more detailed information, contributions, or to report issues, please visit the official Digler GitHub repository.