TULP2G - forensic framework for extracting and decoding data

This site: [ Index | FAQ | Plug-in HOWTO | News archive ] Quick links: [ Project details | Files | Bugs | Feature Requests | Forums ]

WARNING

Current TULP2G plug-ins don't contain state of the art technology for the examination of mobile phones. Most plug-ins were made years ago to demonstrate framework principles. Nowadays a lot of better (commercial and open source) tools exist to assist you in the examination of mobile phones.

WARNING

Introduction

Welcome to the TULP2G website at Sourceforge.net. Go to our project page to download the latest releases, subscribe to the mailinglist, submit bugs or feature requests or post in the forum. This page contains mostly background information about the project, as well as some help to get users and/or developers on the road with the framework. For specific answers to frequently asked questions, visit the FAQ.

 

Latest News

Mar. 2 2007: TULP2G 1.4.0.4 released.
TULP2G is a .NET 2.0 based forensic software framework for extracting and decoding data stored in electronic devices. Along with the framework this version includes several plug-ins in the area of retrieving data from mobile phones and generating the accompanying reports.

This release fixes an error in the installer, TULP2G can now be installed on machines that only have .NET 2.0 installed. Furthermore the SIM plug-in has been expanded to include support for reading out UMTS USIM cards. For more changes, see the changelog. Download the new release from the file area. The sources will be released after testing within a week.

Apr. 21 2006: TULP2G 1.3.0.3 sources released.
The full sourcecode to the recent 1.3.0.3 release of TULP2G is now also available. Biggest change is that the included build script now requires .NET 2.0 and Visual Studio 2005. The TULP2G sourcecode can still be built using the freely available .NET 2.0 Framework SDK, but to simplify our development environment we no longer directly support this. The good part is that the directory layout has improved and the build is much quicker. Get the zipfile with the new code here.

Apr. 5 2006: TULP2G 1.3.0.3 released.
TULP2G is a .NET 2.0 based forensic software framework for extracting and decoding data stored in electronic devices. Along with the framework this version includes several plug-ins in the area of retrieving data from mobile phones and generating the accompanying reports.

This release moves TULP2G to .NET 2.0, includes several updated plug-ins as well as a new SIM preparation plug-in. A new version of some base components that causes problems for some users has been fixed in this release as well.

See the full changelog for all details. Download the new release from the file area.

Mar. 9 2006: Issue deadline for upcoming TULP2G release
In April 2006, the 1.3 version of TULP2G will be released. This will mark a move to a .NET 2.0 version of TULP2G as well as fixes to most of the accumulated issues since the previous release. In order to finalize the functionality of the upcoming release, only issues that are reported on or before Monday March 20th 2006 will be considered for the new release. So please, if you have feature requests or bug reports, file them before that date.

See the news archive for all news items, including older ones.

 

About TULP2G

TULP2G is short for Telefoon Uitlees Programma, 2e Generatie. This is Dutch for Telephone Extraction Program, 2nd Generation. The Dutch word for tulip however is tulp, so the original program was named after a flower for which The Netherlands is famous. So the tulip is more or less the project's mascott, as a picture of a few tulips also appear in both the installer and the application. Below is part of the overview found in the included helpfile, for more information, please download the framework and read the full documentation:

TULP2G is a forensic software framework for extraction and decoding of data stored in electronic devices. In object-oriented systems a framework is defined as "a set of classes that embodies an abstract design for solutions to a number of related problems". For the TULP2G framework the solutions are so-called plug-ins for data extraction and data decoding and the problems are all related to forensic extraction and decoding of data stored in electronic devices.

TULP2G is not designed for presentation, viewing or searching of extracted information. By using XML as data storage format, existing tools can be used for those purposes.

The TULP2G framework is open source software which means that everybody has the opportunity to develop plug-ins which can be used with the framework. In this way the NFI wants to stimulate efforts in the area of embedded system forensics and promote standard operating procedures.

The NFI mentioned in the last paragraph is the Netherlands Forensic Institute, part of the Dutch Ministry of Justice and carrying out technical and scientific research for the purpose of solving crime.

 

Building TULP2G

The current release of TULP2G is 1.3.0.3. This version was developed under Windows XP2 with the .NET Framework 2.0 and Visual Studio 2005. As such it's a .NET 2.0 application, which means having the .NET Framework 2.0 installed is a requirement as opposed to the previous versions of TULP2G, which required .NET 1.1 SP1 or newer. Testing has also been performed on Windows XP/.NET 2.0. Furthermore, TULP2G should both be buildable and (partially) functional on Windows 2000 with the latest service packs and patches installed along with .NET 2.0. This has however not been verified. Some of the new functionality will not work on Windows 2000 at all however, in fact, Windows XP SP2 and .NET Framework 2.0 is the minimum requirement for full functionality.

TULP2G 1.3.0.3 was written in C# and developed using Microsoft Visual Studio .NET 2005. The previous version was also built using the .NET Framework SDK, but as of this release we've decided to drop explicit support for this. Our time is better spent improving TULP2G than in supporting multiple build environments. Solution (.sln) and project (.csproj) files are provided along with the NAnt-script ROOT/build/sourcedist.build. Since the previous 1.2.0.2 release, there are some new requirements regarding the tools needed to build the full distribution. Below is a list of all required tools to build TULP2G 1.3.0.3:

Install all the above packages and don't forget the things mentioned below:

After all these tools are installed and all steps mentioned above have been followed, unpack the TULP2G full sources distribution zipfile (called tulp2g-fulldist-1.3.0.3-source.zip and available from the project file listing) to a directory. Open a commandline and go to this directory, go to the ROOT/build subdirectory and type "nant". When this finishes (which will take a couple of minutes on most machines) the ROOT/output-directory will contain all the binaries for a release and debug build as well as an .msi installer. The .msi installer, called TULP2G-installer-1.3.0.3.msi, is also available directly from the project file listing. This installer installs the release build of the framework and all included plug-ins.

Note however that there is a small difference between the .msi installer created by compiling the distributed source and the .msi installer directly available from the project file listing. The binary distribution has all its assemblies signed using the NFI's secret key. The source distribution comes with another, so-called dummy key. If you wish to distribute a version of the TULP2G framework and give users the ability to verify that they received binaries that were created by you, you may replace this dummy key with your own private key.

 

Using TULP2G

After running the installer an icon will have been created on your desktop as well as a TULP2G group in the Programs directory under the Start menu. The latter also contains a link to the general helpfile as well as a subdirectory containing links to additional helpfiles. For a detailed description of the graphical user interface, please open the general helpfile and navigate to TULP2G - NFI Distribution->Framework->Users. In the future, some examples of common use might be added to this page as a quickstart guide as well.

 

Contact information

Through Sourceforge we have both a bug and feature tracker, a mailinglist, a forum and a file listing. Go to our project page there for these features. For forensic support, please use the support tracker or forum and for reporting technical problems, please use the bug tracker.

For technical comments, build problems, technical discussion of the sourcecode and anything related to this page, you can contact me directly.

 

SourceForge.net Logo