CERT-EDF/plasma

Plasma Framework

# Introduction Plasma framework and command line tool to dissect and extract structured information from forensics artifacts. It can be easily extended by adding new dissectors. Most dissectors are based on other FOSS projects such as: - [LIEF](https://github.com/lief-project/LIEF) for executables processing - [Scapy](https://github.com/secdev/scapy) for packet captures processing - [libyal](https://github.com/libyal) for Windows artifacts processing - [construct](https://github.com/construct/construct) for raw structures processing - [volatility3](https://github.com/volatilityfoundation/volatility3) for memory dump processing - [MVT](https://github.com/mvt-project/mvt) extracted files for normalization
## Getting Started Plasma releases are available on Github and Pypi. Use Python 3.12+ and a virtual environment for best experience. # Setup plasma to use as a library python3 -m pip install edf-plasma-dissectors[pcap,linux,binary,memdump,windows] # Setup plasma to use as a command line tool python3 -m pip install edf-plasma-cli # Display integrated help plasma -h plasma dissect -h # List available plasma dissectors plasma list # Dissect artifacts w/ dissectors tagged linux OR pcap plasma dissect --filter 'tags:linux,pcap' source/ output/ # Dissect artifacts w/ dissectors tagged windows AND memdump plasma dissect --filter 'tags:+windows,+memdump' source/ output/ # Dissect artifacts w/ dissectors tagged windows EXCEPT pe plasma dissect --filter 'tags:+windows,-pe' source/ output/ # Dissect artifacts w/ dissectors whose slug matches elf_* EXCEPT elf_info plasma dissect --filter 'slug:elf_*,-elf_info' source/ output/
## License Distributed under the [MIT License](LICENSE).
## Security To report a (suspected) security issue, see [SECURITY.md](SECURITY.md).