Plasma framework and command line tool to dissect and extract structured information from forensics artifacts.
It can be easily extended by adding new dissectors. Most dissectors are based on other FOSS projects such as:
- LIEF for executables processing
- Scapy for packet captures processing
- libyal for Windows artifacts processing
- construct for raw structures processing
- volatility3 for memory dump processing
- MVT extracted files for normalization
Many thanks to these projects for their contribution to the cybersecurity open source community!
Plasma releases are available on Github and Pypi. Use Python 3.12+ and a virtual environment for best experience.
# Setup plasma to use as a library
python3 -m pip install edf-plasma-dissectors[pcap,linux,binary,memdump,windows]
# Setup plasma to use as a command line tool
python3 -m pip install edf-plasma-cli
# Display integrated help
plasma -h
plasma dissect -h
# List available plasma dissectors
plasma list
# Dissect artifacts in source/ with plasma filtering dissectors by tags
plasma dissect --filter 'tags:linux,pcap' source/ output/Distributed under the MIT License.
Contributions are welcome. See CONTRIBUTING.md.
To report a (suspected) security issue, see SECURITY.md.