Digital Forensics Platform
UNEARTH
Exposing what lies beneath the surface...
curl -fsSL https://raw.githubusercontent.com/bhargavgajare1479/Unearth/master/install.sh | bashdemo
Demo video coming soon
About
The Idea Behind Unearth
A unified platform for digital forensic investigation that brings together data recovery and intelligent analysis...
Problem Statement
Digital investigations today face several challenges. Important information often exists only in digital form, and it may be hidden, deleted, or intentionally manipulated. Investigators need reliable ways to recover this information and understand what actually happened on a system.
The main issues can be summarised as follows:
1. Difficulty in recovering deleted data
Modern file systems such as Btrfs and XFS manage data in complex ways. Once files are deleted, recovering them becomes difficult. Many existing recovery tools either do not fully support these file systems or require deep technical expertise to operate. Because of this, valuable digital evidence may remain unrecovered.
2. Fragmented investigation tools
Digital forensic investigations usually involve multiple stages such as data recovery, metadata analysis, and content examination. These tasks are often handled by separate tools. Investigators are forced to switch between different software, which slows down the process and increases the chances of missing critical evidence.
3. Growing complexity of digital evidence
Digital evidence is no longer limited to files stored on a device. Images, videos, documents, and online content can all play a role in an investigation. Identifying manipulated media or misleading information requires additional analysis, which many traditional forensic tools do not support.
4. Lack of integrated analysis platforms
Most tools focus on only one part of the investigation process. There are very few platforms that combine evidence recovery with deeper analysis in a single environment. This makes investigations less efficient and harder to manage.
Because of these challenges, there is a clear need for a unified platform that can recover digital evidence, analyse it effectively, and help investigators understand the complete sequence of events during an incident.
Proposed Solution
To address these challenges, Unearth is designed as a unified platform that brings together digital evidence recovery and intelligent analysis in a single environment. The goal is to simplify the investigation process and give investigators the tools they need to recover, examine, and understand digital evidence more efficiently.
The proposed solution focuses on the following key aspects:
1. Reliable recovery of deleted data
Unearth provides specialised support for modern file systems such as Btrfs and XFS. It uses a combination of metadata analysis and signature-based file carving to recover deleted files. This approach increases the chances of retrieving valuable evidence even when file system structures are partially lost.
2. Integrated forensic analysis
Instead of relying on multiple separate tools, Unearth brings important investigation capabilities into one platform. Investigators can recover files, examine metadata, and analyse the recovered data within the same workflow. This reduces complexity and makes the investigation process more efficient.
3. Metadata extraction and timeline reconstruction
Unearth automatically extracts key metadata from recovered files, including timestamps, permissions, and embedded information such as EXIF data or document properties. This information is organised into a chronological timeline that helps investigators understand the sequence of events on a system.
4. Evidence integrity and verification
To maintain the authenticity of recovered data, Unearth generates a SHA256 hash for every recovered file. This allows investigators to verify that the evidence has not been altered and supports proper chain-of-custody practices.
5. Intelligent content analysis
Unearth also includes an AI-assisted analysis component that can evaluate images, videos, audio, text, and URLs. This helps investigators detect manipulated media, analyse suspicious content, and assess the credibility of online information.
6. Accessible investigation tools
The platform provides both a command-line interface and a graphical interface, making it usable for both technical experts and investigators who prefer a visual environment. A browser extension also allows users to analyse content directly from web pages.
By combining data recovery with intelligent analysis tools, Unearth aims to provide investigators with a practical and efficient platform for uncovering hidden digital evidence and understanding what lies beneath the surface.
Vision
To make digital investigations more accessible and effective by building tools that help uncover hidden evidence and reveal the truth behind digital activity.
Mission
To develop a unified platform that enables investigators to recover digital evidence, analyse it intelligently, and understand incidents with clarity and confidence.
Capabilities
Core Features
A complete toolkit designed for digital forensic investigation and content analysis...
Deleted File Recovery
Unearth can recover deleted files from Btrfs and XFS file systems. It uses a combination of metadata analysis and file carving to locate and reconstruct files that have been removed from the system.
File Carving & Format Detection
The platform scans raw disk data and identifies files using their unique signatures, also known as magic numbers. This allows the system to detect and recover files even when file names or extensions are missing.
Metadata Extraction
Unearth extracts important metadata from recovered files, such as timestamps, permissions, and embedded information from images or documents. This helps investigators understand when and how the files were created or modified.
Timeline Reconstruction
All recovered files are organised into a chronological timeline. This allows investigators to see the sequence of events on the system and identify suspicious activity more easily.
File Integrity Verification
Each recovered file is assigned a SHA256 hash. This ensures that the evidence remains unchanged and helps maintain the chain of custody during an investigation.
Keyword Search
Investigators can search through recovered text files using keywords. This makes it easier to locate specific information such as passwords, confidential terms, or other relevant content.
AI-Based Media & Content Analysis
Unearth includes an AI analysis component that can examine images, videos, audio, text, and URLs. It helps identify manipulated media, analyse content context, and evaluate the credibility of information.
Browser Extension for Quick Analysis
A browser extension allows users to analyse content directly from web pages or social media posts. This makes it easier to investigate suspicious online content without leaving the browser.
Multiple User Interfaces
The platform provides both a command line interface and a graphical interface. This allows users to choose the environment that best suits their workflow, whether they prefer terminal-based tools or a visual dashboard.
Team
Meet the Developers
The individuals who are the backbone of Unearth...
Dr. Anjalidevi Patil
Project Guide
Provided academic guidance and technical direction throughout the project. Reviewed the system design, ensured the approach followed proper forensic practices, and helped refine the overall research and implementation strategy.
Mr. Bhargav S. Gajare
Project Manager & Linux Expert
Led the overall development of the project and coordinated the team. Designed the system architecture, implemented the core forensic recovery modules, and handled Linux-based filesystem analysis for Btrfs and XFS.
Mr. Divesh K. Dalvi
Web Developer
Designed and developed the project website and user interfaces. Built the frontend using modern web technologies and ensured the platform was responsive, interactive, and easy to navigate.
Mr. Nachiket D. Patil
AI Engineer
Developed the AI analysis components used for content evaluation. Implemented the logic for analysing text, images, videos, and URLs to identify misinformation patterns and contextual insights.