GitHunt
KA

kalink0/crush-forensics

Open-source desktop workbench for digital forensic analysis. Inspect ZIP/TAR acquisitions and parse ABX, SQLite, SEGB, PLIST, hex, JSON, XML, and media files — all in one GUI.

android-forensicsartifact-analysisbplistdfirdigital-forensicsforensicsios-forensicsmobile-forensicsopen-sourceplistsegbsqlite

crush-forensics

Crush — Digital Forensic Analysis Workbench

Features

Open and navigate in ZIP and TAR archives (eg. for mobile phone acquisitions)
Open single files and folder.

When navigating and open file you can use the following feature atm:

  • ABX Viewer
  • Hex Viewer
  • SQLITE Viewer
  • SEGB v1/v2 Decoder and Viewer
  • Media file (Audio, Video Image) Viewer
  • JSON Viewer
  • XML-Viewer
  • PLIST and BPLIST Viewer

Install and Run

  1. Create a virtual environment
python -m venv .venv
source .venv/bin/activate
  1. Install dependencies
python -m pip install --upgrade pip
python -m pip install -e .
  1. Run Crush
crush

Alternative run command

python -m crush

If you see missing Qt or media errors, install the system dependencies below.

System Dependencies

Some Python packages require OS-level libraries on fresh machines.

Base GUI/Qt runtime (PySide6)

These are required for the Qt GUI to run correctly on Linux.

  • Debian/Ubuntu: sudo apt-get install libgl1 libegl1 libxcb-xinerama0 libxkbcommon-x11-0
  • Fedora: sudo dnf install mesa-libGL mesa-libEGL libxcb libxkbcommon-x11
  • Arch: sudo pacman -S mesa libglvnd libxcb libxkbcommon-x11
  • Windows: no additional packages required; if the app fails to start, install the Microsoft Visual C++ Redistributable 2015-2022 (x64)
  • macOS: no additional packages required (bundled with the OS)

libmagic (for python-magic)

python-magic depends on libmagic being present on the system.

  • Debian/Ubuntu: sudo apt-get install libmagic1
  • Fedora: sudo dnf install file-libs
  • Arch: sudo pacman -S file
  • macOS (Homebrew): brew install libmagic
  • Windows: no additional packages required

Qt Multimedia (for audio/video)

PySide6 uses system multimedia backends.

  • Debian/Ubuntu: sudo apt-get install gstreamer1.0-plugins-base gstreamer1.0-plugins-good
  • Fedora: sudo dnf install gstreamer1-plugins-base gstreamer1-plugins-good
  • Arch: sudo pacman -S gstreamer gst-plugins-base gst-plugins-good
  • macOS: typically bundled with Qt; if media playback fails, install gstreamer
  • Windows: typically bundled with Qt; no additional packages required

Audio backend (PulseAudio)

For Linux audio playback, libpulse is commonly required by Qt Multimedia.

  • Debian/Ubuntu: sudo apt-get install libpulse0
  • Fedora: sudo dnf install pulseaudio-libs
  • Arch: sudo pacman -S libpulse

Languages

Python100.0%

Contributors

KA

Latest Release

v0.1.0March 19, 2026
Apache License 2.0
Created March 15, 2026
Updated March 21, 2026
kalink0/crush-forensics | GitHunt