Sentinel
Securing open-source digital forensics tools
Digital forensics investigators rely on open-source tools every day. These tools process sensitive evidence, parse complex file formats, and help solve crimes. Yet many have never received a professional security review.
Through our Sentinel program, Mobasi performs security reviews for open-source forensics tools. Our team identifies vulnerabilities, documents findings, and works with maintainers through responsible disclosure to resolve issues before they can be exploited.
We are systematically reviewing tools in the digital forensic ecosystem to identify vulnerabilities and improve security. If you'd like your tool to be included or accelerated, please reach out below.
Our review process
- Deep code review for security vulnerabilities
- Dependency analysis and supply chain reviews
- Coordinated responsible disclosure with maintainers
- Pull requests with fixes where appropriate
- Public recognition for participating projects
Our track record
Since launching Sentinel, we've identified multiple critical and high-severity vulnerabilities across widely-used forensics tools. We work closely with maintainers to ensure issues are addressed before public disclosure.
Vulnerability index
| Tool | Type | Severity | Date |
|---|---|---|---|
| bulk_extractor | Heap Overflow Attack | HIGH | 2026-01-28 |
| unfurl | Permanent Debug Mode | CRITICAL | 2026-01-28 |
| unfurl | Decompression Bomb DoS | MEDIUM | 2026-01-28 |
Some vulnerabilities remain under embargo during responsible disclosure. This table is updated as disclosures are made public.
Submit a tool for review
Maintain an open-source forensics tool? We'd like to help ensure it's secure. Submit your tool for consideration in our review program.
Submit a tool for review