Filewatcher File Search File Search
Content Search
» » » » afflib_3.5.12.orig.tar.gz » Content »
pkg://afflib_3.5.12.orig.tar.gz:769785/afflib-3.5.12/  info  downloads


		       Using AFF Tool Under Microsoft Windows (Win32)

There are two ways to use AFFLIB with Windows: you can download the
pre-compiled executables, or you can compile your own.  The advantage
of the pre-compiled executables is that they work. The advantage of
compiling the executables yourself is that you can modify them.

Downloading and Installing
You can download the current version of AFF Tools from:

The ZIP file contains:
    * pre-compiled executables for AFF Tools
    * lib32eay.dll, the OpenSSL DLL (cryptography support for AFFLIB)
    * bulk_extractor jar and bat file. (Use the bat file to run the jar file)

Install these tools by:

1. Unzip the archive into the c:\afflib directory.
2. Add c:\afflib to your system PATH directory by:
   a. Opening the System control panel.
   b. Clicking the "Environment Variables" button.
   c. Adding "c:\afflib;" to the beginning of the PATH environment variable.

Working with the tools

If you are working with an encrypted disk image, set the environment
variable AFFLIB_PASSPHRASE to be the passphrase that should be used
for decryption.

   % set AFFLIB_PASSPHRASE="this_is_my_passphrase"

Displaying the metadata with a disk image:

   % afinfo.exe filename.aff	  

To convert an AFF file into a RAW file, use:

   % afconvert.exe -e raw filename.aff

To reliably copy an AFF file from one location to another:

   % afcopy.exe  file1.aff  d:\dest\path\file2.aff

To compare two AFF files:

   % afcompare file1.aff file2.aff

To fix a corrupted AFF file:

  % affix badfile.aff

To print statistics about a file:

  % afstats.exe filename.aff

An exciting feature in AFF 3.5 is the ability to rapidly calculate and
verify the "print" of a disk image. A print is constructed by
computing the SHA-256 of the beginning, end, and several randomly
chosen parts of the disk image.

To calculate the diskprint and store it in a file:

   % afdiskprint myfile.iso > myfile.xml

To verify a diskprint

   % afdiskprint -x myfile.xml myfile.iso

Bulk Extractor
In the ZIP file you will also find bulk_extractor.jar, a port of the
bulk_extractor to Java which actually runs 2x faster than the original
C version. (Unlike the C version, bulk_extractor.jar can only process
raw disk images, not EnCase or AFF files.)

To run bulk_extractor, you must have java on your system. Then type:

   % java -jar bulk_extractor.jar diskimage.raw

You will probably want to extract the output to a file:

   % java -jar bulk_extractor.jar ubnist1.casper-rw.gen3.raw > output.txt

The bulk extractor will report all of the email addresses, URLs,
domain names, and timestamps on the disk images. The current version
can handle a variety of Unicode encodings but it cannot handle
compressed regions.

Verifying the AFFLIB Digital Signature
Some organizations require that dgital signatures be verified on programs that are downloaded.

Some AFF distributions are now signed with the AFFLIB privat key. You
can verify the distribution by downloading a copy of the public key
from the AFFLIB website or the GPG key server. 

The public key can be downloaded from the website:

You can also download the key directly from the GPG keyserver with
this command:

  $ gpg --keyserver --recv-keys 805B3DB0
  gpg: requesting key 805B3DB0 from hkp server
  gpg: /home/simsong/.gnupg/trustdb.gpg: trustdb created
  gpg: key 805B3DB0: public key "AFFLIB Distribution (Simson L. Garfinkel)" imported
  gpg: Total number processed: 1
  gpg:               imported: 1

Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017