🔍 THOR Drive Scanner – Fast Forensic Scans with One Click
Need to scan a mounted drive with THOR Lite? I built a no-fuss batch utility to automate it — THOR Drive Scanner.
⚡ What It Does
This tool wraps THOR Lite into a streamlined workflow for DFIR cases:
Lists mounted drives by label and size
Validates the THOR executable path (auto or manual)
Asks for a case name and output folder
Kicks off a full scan with curated parameters
Drops results in 3 clean formats:
📄 CSV with file hashes
🧾 HTML report
📜 Log file
Auto-opens the results folder when it’s done
📁 Output Naming
Results follow a standard format:
- YYYMMDD-CaseName-drive(X)_files_md5s.csv
- YYYYMMDD-CaseName-drive(X)_thor_scan.html
- YYYYMMDD-CaseName-drive(X)_thor_log.txt
Example:
🧰 Requirements
Windows
THOR Lite (default:
C:\Tools\Thor\thor64-lite.exe)Admin rights (recommended)
▶️ How to Use It
Run as Administrator
Select a drive
Enter output location and case name
Let THOR rip 🔥
🎯 Version: 0.1
👤 Author: Jacob Wilson
🔗 View on GitHub
📬 dfirvault@gmail.com
🌐 dfirvault.com