bulk_extractor vs PCILeech
GitHub Stats
About bulk_extractor
bulk_extractor is a high-performance digital forensics tool that scans disk images, files, or directories and extracts useful information without parsing the file system or file system structures. It finds email addresses, URLs, credit card numbers, JPEG images, JSON fragments, GPS coordinates, Windows registry fragments, AES keys, and other artifacts by scanning raw data. This approach means it can recover data from unallocated space, slack space, compressed archives, and even encrypted volumes where the key is present in memory. bulk_extractor operates on the raw bytes of the input, dividing it into pages that are processed in parallel across all available CPU cores, making it extremely fast - often 10x faster than other carving tools. Its output consists of feature files that can be analyzed with tools like the included bulk_diff utility or imported into other analysis platforms.
About PCILeech
PCILeech uses PCIe/Thunderbolt/USB3380 hardware to perform Direct Memory Access (DMA) attacks against target computers. It can read and write physical memory of live systems without requiring any software on the target. Capabilities include dumping full physical memory, patching kernel code in-memory (e.g., removing authentication), injecting code into running processes, and extracting encryption keys. PCILeech supports FPGA-based hardware (Screamer, PCIe squirrel) for high-speed transfers and includes plugins for common attack scenarios like Windows login bypass, BitLocker key extraction, and macOS FileVault attacks. A powerful tool for physical security assessments.
Platform Support
Tags
bulk_extractor only
PCILeech only