±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 35647
New Yesterday: 9 Visitors: 160

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Public release of Binary Markup Toolkit (BMTK) software

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

JimC
Senior Member
 

Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 11, 17 18:48

I am pleased to announce the public release of Binary Markup Toolkit (BMTK). This is software that I developed whilst studying for my Master’s degree in forensic computing.

BMTK can be used to process binary data (raw files, disk images, live disks and filesystems) into Binary Markup Language (BML). BML is an XML-based language for describing the provenance of binary data. It is human readable and can be authored by hand or generated automatically by software. It describes the location and size of fields within the underlying data. It is data agnostic and can represent a complete filesystem or a specific application file format. Optionally, BML can also describe hierarchical data relationships, field names, interpreted data values/types and descriptions.

The software is extensible and uses plug-ins to support new binary file formats. It currently provides plug-ins for the FAT and NTFS filesystems, master file table, non-resident NTFS indexes (INDX files), the USN Change journal and Windows shortcut files. Further plug-ins are planned for the future.

The software includes a variety of complementary tools to generate BML and convert it to other formats such as CSV, SQLite and timelines. It also includes a small utility to generate annotated hexadecimal dumps that may be very familiar to practitioners who have attended a certain popular UK forensic course.

The software is available to bona fide forensic practitioners working in law enforcement, academia or similar and is completely free. My only request is that you please let me know what you think about it, how it works and what improvements you would like to see. You can read more about the software here:

www.binarymarkup.com

I would be happy to answer any questions about the software either here or via email.

Best wishes

Jim  

Last edited by JimC on Apr 12, 17 23:56; edited 3 times in total
 
  

jaclaz
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 11, 17 19:32

- JimC
I am pleased to announce the public release of Binary Markup Toolkit (BMTK). This is free software that I developed whilst studying for my Master’s degree in forensic computing.

With all due respect Smile , it seems a lot like NOT "free" software (as in freedom), it may well be free (as in free beer) for a selected, restricted number of people, namely "bona fide forensic practitioners working in law enforcement, academia or similar." (whatever that means).

Anyway, congratulations, it seems like a nice thingy. Smile

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

JimC
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 12, 17 18:57

To answer some questions that have been asked today about BMTK:

1. Is BML the same or related to DFXML? No, BML was partially inspired by Simson Garfinkel's DFXML but they are quite different. DFXML uses specific XML elements to describe certain file system metadata, file locations and Windows Registry values. With some exceptions DFXML does not describe the actual location of binary data such as metadata. BML works a lower level and is designed to describe the internal structure of binary data.

2. Why is BMTK Windows only? Because I haven't got around to writing a Linux version yet - I had to start somewhere.

3. Is BMTK free? Yes, there is no charge for BMTK. I have restricted the initial release to people who have a legitimate interest in digital forensics because I don't want the software being misused or turn up on the next shareware website. If you want to have a play with it please ask. I haven't said no to anyone yet.


Jim

www.binarymarkup.com  
 
  

jaclaz
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 12, 17 22:21

- JimC

3. Is BMTK free? Yes, there is no charge for BMTK. I have restricted the initial release to people who have a legitimate interest in digital forensics because I don't want the software being misused or turn up on the next shareware website. If you want to have a play with it please ask. I haven't said no to anyone yet.


Which is very nice of you, of course Smile (the fact you didn't say no to anyone), still it doesn't make the thingy "free" (which is not only about the money involved, that would be "free of charge", not "free")

There is nothing "bad" in not being free, it's perfectly fine, it is only calling it "free" that is inaccurate.

You want to be contacted and asked for the program, and told who the appellant is, why one wants it and what intended use he/she has for it, etc., this in itself makes it "not free".

It is "controlled distribution to a restricted set of eligible user upon unquestionable judgement of the Author", it is good that you are not as selective as you declare in giving it away, but still this is not "free", and is not even strictly "freeware" since the user is giving you some (minimal) personal data in order to have it.


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

JimC
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 13, 17 00:33

It seems pointless to get into a long debate about the word "free". There are many dictionary definitions, one of which is "zero cost". I have amended the original post to avoid confusion and suggest we move on to constructively discussing forensic issues rather than splitting hairs over the English language.

Jim

www.binarymarkup.com  
 
  

pbobby
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 13, 17 17:57

No shit - we gonna hijack a thread now on semantics? Why not request a copy and test it out and comment on the tool and taxonomy etc?

JimC - thanks for releasing the tool. We use a similar process for parsing binary streams in real-time packet captures and converting elements to json for real-time analysis or for indexed storage. The biggest benefit by far is ease by which binary data can then be indexed and searched months after the fact.
_________________
Don't get baited. 
 
  

trewmte
Senior Member
 

Re: Public release of Binary Markup Toolkit (BMTK) software

Post Posted: Apr 13, 17 23:05

JimC applied for a download but received no response
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 

Page 1 of 2
Page 1, 2  Next