Bulk Extractor.

An open-source, parallelized forensic tool by Simson Garfinkel that streams through disk images, memory dumps, and arbitrary binary blobs to extract structured artifacts — emails, URLs, credit-card numbers, network packets — without first parsing a filesystem. Pertence à categoria Forense e resposta da cibersegurança.

An open-source, parallelized forensic tool by Simson Garfinkel that streams through disk images, memory dumps, and arbitrary binary blobs to extract structured artifacts — emails, URLs, credit-card numbers, network packets — without first parsing a filesystem.

Bulk Extractor is a parallelized, filesystem-agnostic forensic carving and feature-extraction tool originally developed by Simson Garfinkel and maintained by the Naval Postgraduate School. Given any input — raw disk image, RAM dump, pcap, container image, or even a corrupt filesystem — it sweeps the bytes in parallel and writes 'feature files' containing extracted artifacts: email addresses, URLs, domains, IPv4/IPv6 addresses, credit-card numbers, EXIF metadata, JSON fragments, ELF/PE headers, ZIP entries, decompressed gzip streams, and more. Because it does not require a parseable filesystem, Bulk Extractor is the standard first-pass tool when investigating heavily damaged disks, unallocated space, swap, hiberfil, memory dumps, or unknown binary blobs. Output is straightforward text or histogram files that integrate easily with Autopsy, the Sleuth Kit, or custom analysis pipelines. The 2.0 series (2023) added improved Windows support, better Unicode handling, and cleaner JSON output.

As defesas contra Bulk Extractor costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.

Nomes alternativos comuns: bulk_extractor, Garfinkel bulk_extractor.