Abstract:
In the field of digital forensics, the increasing volume of evidence and the use of fragmented
command line tools significantly hinder the speed and efficiency of forensic investigations.
Eric Zimmerman’s forensic toolkit named “EZ tools” is widely regarded for its granular level
artifact data extraction and accuracy. The toolkit consist of multiple CLI tools built for analysis
of various windows based artifacts. Forensic analysts are required to manually execute each
and every tool necessary for the investigation and interpret the generated outputs separately.
The absence of a centralized, automated and user-friendly tool integrating Eric Zimmerman’s
tools places a cognitive and technical burden on digital forensic investigators, particularly with
those who are less experienced or new to the field.
This research proposes a unified forensic platform that integrates ten of Eric Zimmerman’s
command-line tools into a single GUI based application. The platform allows investigators to
select forensic artifacts and automatically invoke the appropriate Eric Zimmerman tool and
parse the results to the tools interactive GUI for visibility. The tool will include a report
generation module allowing forensic analysts to preserve and utilize the artifact data
throughout the forensic investigation. The tool also includes a LLM based data analysis
functionality which provides contextual analysis on suspicious activities identified within the
generated data aiding the forensic analysts to improve the speed of the investigation.
The unified forensic platform achieved a promising result of being able to successfully
integrate and execute all ten Eric Zimmerman tools with the ability to generate PDF based
reports and LLM based result explanations.
