|
 MY ACCOUNT
 COMMUNITY
EMPLOYMENT
EDUCATION
 RESOURCES
 MISC
|
|
|
|
|
|
|
Computer Forensics Newsletter
|
|
 You must be a registered userto receive our newsletter Register Now! |
|
|
|
|
|
Computer Forensics Videos
|
| |
|
Publication of Hachoir project version 1.0 |
|
 Hachoir is a framework for binary file manipulation: file format recognition, metadata extraction, searching files in any binary stream (forensics), viewing file content with human representation, etc. It's composed of many components...
Programs:
· hachoir-metadata: fault tolerant metadata extraction;
· hachoir-subfile: search subfiles in a disk image or any other binary stream;
· hachoir-urwid, hachoir-wx, hachoir-gtk, hachoir-gtk: user interface to view file content (curses, wxPython, pygtk, web+ajax);
Modules:
· hachoir-core: library to split binary data into a field tree;
· hachoir-parser: collection of 70 file format parsers;
· hachoir-regex: regular expression optimization/manipulation and pattern matching (used by hachoir-subfile).
· Hachoir project website
· List of supported file formats (jpeg, ttf, exe, rar, ogg, ntfs, ole2, torrent, etc.)
· Examples of metadata extraction
· hachoir-wx screenshots
Hachoir works any operating system and only depends on Python (2.4+). Packages are available for Debian, Mandriva, Gentoo, Arch and FreeBSD.
hachoir-core goal is to ease binary parser writing. It takes care of endian problem, has bit resolution (for addresses and sizes), and only use Unicode charset for text. It gives a nice API to the programmer (see parsers source code): each field is an object. A parser is lazy: its value, display string, description, etc. is computed on demand (when the program ask it). So it's possible to parse very complex structures and huge files (60 GB or more is not a problem).
hachoir-core and hachoir-metadata are "fault tolerant": on parser/extractor error or file error (truncated or damaged file), the program doesn't stop but continue to next valid state. It allows to extract informations on very damaged files.
hachoir-metadata create a dictionary with typed values: track number is an integer, creation date is datetime.datetime object, etc. and all text are stored as Unicode string. The API allows easy reuse of extracted data.
Source code has good code coverage with automatic tests (lot of testcases). Fuzzing is sometimes used to find more bugs.
Some experimental programs exist like hachoir-strip: program to remove personal information (author name, timestamp, copyright, etc.) from a
picture, movie, sound, archive, etc. Another example: swf_extract.py allows to extract pictures and sounds from a SWF (Flash) do*****ent.
Victor Stinner aka haypo |
|
Posted by haypo on Monday, August 20, 2007 (11:22:54) (1299 reads)
|
|
|
|
|
| "Publication of Hachoir project version 1.0" | Login/Create an Account | 0 comments |
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
|
|
|
|
Average Score: 4
Votes: 1
|
|
|
|
|
|
Welcome Anonymous
 Membership:
 Latest: praf
 New Today: 4
 New Yesterday: 19
 Overall: 15533
People Online:
 Members: 4
 Visitors: 20
Bots: 4
 Staff: 0
Staff Online:
No staff members are online! |
|
|
|
|
|
|
|
|
|
|
|
What is Computer Forensics?
|
|
|
Computer forensics (or forensic computing) is the use of specialized techniques for recovery, authentication, and analysis of electronic data with a view to presenting evidence in a court of law.
|
|
|
|
|
|
Computer Forensics Downloads
|
|
|
|
|
|
|
|
Copy and paste the text below to insert the button displayed above on your site. Thanks for your support!
|
|
|
|
|
|
Jailbreaking using jailbrea...
