Filewatcher File Search File Search
Catalog
Content Search
» » » » afflib_3.5.12.orig.tar.gz » Content »
pkg://afflib_3.5.12.orig.tar.gz:769785/afflib-3.5.12/  info  downloads

README_Win32.txt

		       Using AFF Tool Under Microsoft Windows (Win32)


There are two ways to use AFFLIB with Windows: you can download the
pre-compiled executables, or you can compile your own.  The advantage
of the pre-compiled executables is that they work. The advantage of
compiling the executables yourself is that you can modify them.

Downloading and Installing
==========================
You can download the current version of AFF Tools from:

    http://afflib.org/downloads/afflib_windows.zip

The ZIP file contains:
    * pre-compiled executables for AFF Tools
    * lib32eay.dll, the OpenSSL DLL (cryptography support for AFFLIB)
    * bulk_extractor jar and bat file. (Use the bat file to run the jar file)

Install these tools by:

1. Unzip the archive into the c:\afflib directory.
2. Add c:\afflib to your system PATH directory by:
   a. Opening the System control panel.
   b. Clicking the "Environment Variables" button.
   c. Adding "c:\afflib;" to the beginning of the PATH environment variable.


Working with the tools
======================

If you are working with an encrypted disk image, set the environment
variable AFFLIB_PASSPHRASE to be the passphrase that should be used
for decryption.

   % set AFFLIB_PASSPHRASE="this_is_my_passphrase"

Displaying the metadata with a disk image:

   % afinfo.exe filename.aff	  


To convert an AFF file into a RAW file, use:

   % afconvert.exe -e raw filename.aff


To reliably copy an AFF file from one location to another:

   % afcopy.exe  file1.aff  d:\dest\path\file2.aff


To compare two AFF files:

   % afcompare file1.aff file2.aff


To fix a corrupted AFF file:

  % affix badfile.aff


To print statistics about a file:

  % afstats.exe filename.aff




Diskprint
=================
An exciting feature in AFF 3.5 is the ability to rapidly calculate and
verify the "print" of a disk image. A print is constructed by
computing the SHA-256 of the beginning, end, and several randomly
chosen parts of the disk image.

To calculate the diskprint and store it in a file:

   % afdiskprint myfile.iso > myfile.xml

To verify a diskprint

   % afdiskprint -x myfile.xml myfile.iso



Bulk Extractor
==============
In the ZIP file you will also find bulk_extractor.jar, a port of the
bulk_extractor to Java which actually runs 2x faster than the original
C version. (Unlike the C version, bulk_extractor.jar can only process
raw disk images, not EnCase or AFF files.)

To run bulk_extractor, you must have java on your system. Then type:

   % java -jar bulk_extractor.jar diskimage.raw

You will probably want to extract the output to a file:

   % java -jar bulk_extractor.jar ubnist1.casper-rw.gen3.raw > output.txt

The bulk extractor will report all of the email addresses, URLs,
domain names, and timestamps on the disk images. The current version
can handle a variety of Unicode encodings but it cannot handle
compressed regions.


Verifying the AFFLIB Digital Signature
===============================
Some organizations require that dgital signatures be verified on programs that are downloaded.

Some AFF distributions are now signed with the AFFLIB privat key. You
can verify the distribution by downloading a copy of the public key
from the AFFLIB website or the GPG key server. 

The public key can be downloaded from the website:

    http://afflib.org/pubkey.asc

You can also download the key directly from the GPG keyserver with
this command:

  $ gpg --keyserver subkeys.pgp.net --recv-keys 805B3DB0
  gpg: requesting key 805B3DB0 from hkp server subkeys.pgp.net
  gpg: /home/simsong/.gnupg/trustdb.gpg: trustdb created
  gpg: key 805B3DB0: public key "AFFLIB Distribution (Simson L. Garfinkel)" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  $

Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017 FileWatcher.com