bulk_extractor
« Back to VersTracker
Description:
Stream-based forensics tool
Type: Formula  |  Latest Version: 2.1.1@3  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics security data-recovery cli analysis
Install: brew install bulk_extractor
About:
bulk_extractor is a high-performance digital forensics tool that scans disk images and other large files for specific patterns of interest. It operates on a stream-based model, allowing it to process data efficiently without loading entire files into memory. This makes it exceptionally fast at extracting information like email addresses, credit card numbers, and URLs for analysis.
Key Features:
  • Stream-based processing for high speed and low memory usage
  • Extensible feature carving via XML feature files
  • Generates comprehensive reports including histograms and feature counts
  • Supports a wide range of input formats, including E01 (Expert Witness Format)
Use Cases:
  • Digital forensics and incident response (DFIR) for identifying PII on disk images
  • Triage of large datasets to quickly find relevant evidence or artifacts
  • Malware analysis to extract IOCs (Indicators of Compromise) from memory dumps
Alternatives:
  • The Sleuth Kit (TSK) – TSK is better for traditional file system analysis and metadata examination, while bulk_extractor excels at rapid pattern and artifact carving without needing file system context.
  • Autopsy – Autopsy provides a comprehensive GUI-based forensic suite built on TSK, whereas bulk_extractor is a command-line tool focused purely on high-speed data extraction.
License: MIT
Dependencies: openssl@3
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, arm64_ventura, sonoma, ventura, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Sep 12, 2025 4:31pm 3 VERSION_BUMP 5fb75e88
« Back to VersTracker  |  Browse Packages  |  About