» Content »pkg://afflib_3.5.12.orig.tar.gz:769785
/ info downloads
The Advanced Forensic Format
Library and Tools
Simson L. Garfinkel
Naval Postgraduate School
The Advanced Forensic Format (AFF) is an emerging standard for storing
computer forensic information. Critical features of AFF include:
- AFF allows you to store both computer forensic data and associated
metadata in one or more files.
- AFF allows files to be digital singed, to provide for
chain-of-custody and long-term file integrity.
- AFF allows for forensic disk images to stored encrypted and
decrypted on-the-fly for processing. This allows disk images
containing privacy sensitive material to be stored on the Internet.
- AFF is an open format unencumbered by copyright or patent
protection. The AFFLIB library that implements AFF is available
for use in both Open Source and proprietary tools.
AFF Library and Toolkit is a set of programs for working with computer
forensic information. Using these tools you can:
* Interconvert disk images between a variety of formats, including:
- raw or "dd"
- splitraw (in which a single image is split between mulitple files)
- EnCase or "E01" format
- AFF format (in which the entire disk image is stored in a single file.)
- AFD format (in which a disk image is stored in mulitple AFF files
stored in a single directory.)
- AFM format (in which an AFF file is used to annotate a raw file.)
* Compare disk images and report the data or metadata that is different.
* Copy disk images from one location to another, with full
verification of data, metadata, and the automatic generation of a
* Find errors in an AFF file and fix them.
* Print information about a file.
* Print detailed statistics about a file
* Generate an XML representation of a disk image's metadata (for
example, acquisition time or the serial number of the acquisition
* Produce an XML "diskprint" which allows a disk image to be rapidly
fingerprinted without having the computer the SHA1 of the entire
AFFLIB and Toolkit is provided in source code form for Linux, MacOS
and Windows. We have also created a Windows zipfile that contains:
* precompiled versions of the AFFLIB tools and all of the libraries
necessary to run them.
* bulk_extractor.jar - A Java port of our system that automatically
extracts email addresses, dates, and other information from a file
and produces a histogram of the contents.
The AFF library can be downloaded from http://afflib.org/.
The pre-compiled AFF for Windows can be downloaded from
AFFLIB with SleuthKit:
TSK officially supports a subset of the image formats that AFFLIB
supports. To use the other image formats, specify the image type as
"afflib". For example:
# fls -o 63 -i afflib foo.vmdk
Note: AFF and AFFLIB are trademarks of Simson L. Garfinkel and Basis
# Local Variables:
# mode: auto-fill
# mode: flyspell
Results 1 - 1 of 1Search over 15 billion files
© 1997-2017 FileWatcher.com