Forensicsforensicsfile-comparisonvisualizationbinary-filesfilesystem-images

forensics-colorize

forensics-colorize is a set of tools to visually compare large files like filesystem images using color graphics. It provides an intuitive graphic representation of the percentage of changes between two files.

Description

forensics-colorize is designed to show differences between files using color graphics, making it ideal for comparing large files such as filesystem images. Traditional diff tools produce overwhelming output for large textual files and are unsuitable for binary files, but forensics-colorize creates intuitive graphics that quickly convey the level of changes.

The package includes two command line programs: filecompare and colorize. filecompare generates a special auxiliary input file from two target files, which colorize then uses to produce the visual comparison graphic. This workflow simplifies perceiving differences, especially in forensic analysis scenarios involving disk images or large binaries.

Use cases include digital forensics investigations where visual overviews of file modifications are needed, such as verifying integrity of filesystem images or detecting tampering in binary data.

How It Works

The tool operates in two steps: filecompare processes two input files (FILE1 and FILE2) using configurable block sizes to create an auxiliary input file that captures differences. colorize then reads this auxiliary file and generates a color graphic image, with options to control data flow direction, image orientation, output width, and color schemes, providing a visual heatmap of changes.

Installation

bash

sudo apt install forensics-colorize

Flags

-dChange direction data flows, defaults to down or right (colorize)

-oChange image orientation, defaults to vertical (colorize)

-vVerbose mode (colorize)

-w <num>Set output image width, defaults to 100 (colorize)

-VDisplay version number and exit (both tools)

-hDisplay this help message and exit (both tools)

-b size[bkmgpe]Set block size with optional suffix b,k,m,g,p, or e. Note that the program will output at least one complete block. Make sure you have enough disk space! (filecompare)

-tUse transitional colors instead of default red or green (filecompare)

Examples

Display help message for colorize

colorize -h

Display version number for colorize and exit

colorize -V

Generate colorized graphic with output image width set to 200

colorize -w 200 FILES

Generate graphic with changed data flow direction and horizontal orientation

colorize -d -o FILES

Generate graphic in verbose mode

colorize -v FILES

Display help message for filecompare

filecompare -h

Display version number for filecompare and exit

filecompare -V

Compare FILE1 and FILE2 using 1MB block size

filecompare -b 1m FILE1 FILE2

Updated 2026-04-16kali.org ↗