π THOR Drive Scanner β Fast Forensic Scans with One Click
Need to scan a mounted drive with THOR Lite? I built a no-fuss batch utility to automate it β THOR Drive Scanner.
https://github.com/dfirvault/Thor-scanner-menu
β‘ What It Does
This tool wraps THOR Lite into a streamlined workflow for DFIR cases:
Lists mounted drives by label and size
Validates the THOR executable path (auto or manual)
Asks for a case name and output folder
Kicks off a full scan with curated parameters
Drops results in 3 clean formats:
π CSV with file hashes
π§Ύ HTML report
π Log file
Auto-opens the results folder when itβs done
π Output Naming
Results follow a standard format:
- YYYMMDD-CaseName-drive(X)_files_md5s.csv
- YYYYMMDD-CaseName-drive(X)_thor_scan.html
- YYYYMMDD-CaseName-drive(X)_thor_log.txt
Example:
π§° Requirements
Windows
THOR Lite (default:
C:\Tools\Thor\thor64-lite.exe)Admin rights (recommended)
βΆοΈ How to Use It
Run as Administrator
Select a drive
Enter output location and case name
Let THOR rip π₯
π― Version: 0.1
π€ Author: Jacob Wilson
π View on GitHub
π¬ dfirvault@gmail.com
π dfirvault.com