ULTRA

The Ultimate
Forensic Suite

Professional disk & memory forensics tool with AI-powered analysis, interactive HTML reports, and CTF-optimized workflows.

Get Started View on GitHub
40+
Scan Profiles
2
Analysis Modes
100%
Open Source
unfold v3.0 ULTRA 
$ python3 unfoldV3.py disk.dd --scan-disk ctf --html

[*] 🔍 Starting SMART disk scan: ctf
[*] Smart filesystem detection...
[+] Mounted as EXT4!
[+] Found 847 files/directories
[*] Searching for flags...
[+] Found 12 interesting files!
[+] Interactive HTML report saved!
[*] 📥 Download files from the report!

Powerful Features

Everything you need for professional forensic investigations

🧠

Memory Forensics

22 specialized profiles for Windows & Linux memory analysis powered by Volatility 3.

  • ✓ APT hunting
  • ✓ Ransomware detection
  • ✓ Malware analysis
  • ✓ CTF mode
💾

Disk Forensics

18 specialized profiles with smart filesystem detection for any disk image.

  • ✓ Auto-detects NTFS, EXT4, FAT
  • ✓ Deleted file recovery
  • ✓ Timeline generation
  • ✓ Credential extraction
📊

Interactive Reports

Beautiful HTML reports with file download buttons and search capabilities.

  • ✓ Click to download files
  • ✓ Search & filter
  • ✓ Beautiful UI
  • ✓ Export to JSON/CSV
🤖

AI Integration

Natural language forensic commands powered by OpenRouter & DeepSeek.

  • ✓ Natural language queries
  • ✓ AI-powered analysis
  • ✓ GPT-4 & Claude support
  • ✓ Smart evidence extraction
🏆

CTF Optimized

Auto-detect flags in memory dumps and disk images for CTF competitions.

  • ✓ Auto flag detection
  • ✓ CTF{}, FLAG{}, HTB{}
  • ✓ Hash detection (MD5/SHA)
  • ✓ Competition ready

Lightning Fast

Optimized performance with resumable scans and smart caching.

  • ✓ Resume capability
  • ✓ Smart caching
  • ✓ Parallel processing
  • ✓ Minimal profiles (30s)

Scan Profiles

40+ specialized profiles for every forensic scenario

Memory Scans

triage
Incident response essentials
2-5m
ctf_windows
CTF flag hunting
2-5m
apt_hunting
Advanced persistent threats
10-15m
ransomware
Ransomware analysis
5-10m
View all 22 profiles →

Disk Scans

ctf
CTF flag hunting
3-5m
credentials
Password extraction
3-5m
deleted
Deleted file recovery
10-20m
timeline
Complete MAC timeline
15-30m
View all 18 profiles →

Quick Installation

Get started in under 2 minutes

terminal 
$ git clone https://github.com/arazazi/unfold.git
$ cd unfold
$ chmod +x DEPLOY.sh && ./DEPLOY.sh
$ python3 unfoldV3.py --check-deps

# Memory analysis
$ python3 unfoldV3.py memory.dmp --scan triage --html -o report.html

# Disk analysis
$ python3 unfoldV3.py disk.dd --scan-disk ctf --html -o disk.html
Get Started on GitHub