Public release of B...
 
Notifications
Clear all

Public release of Binary Markup Toolkit (BMTK) software

8 Posts
4 Users
0 Likes
573 Views
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

I am pleased to announce the public release of Binary Markup Toolkit (BMTK). This is software that I developed whilst studying for my Master’s degree in forensic computing.

BMTK can be used to process binary data (raw files, disk images, live disks and filesystems) into Binary Markup Language (BML). BML is an XML-based language for describing the provenance of binary data. It is human readable and can be authored by hand or generated automatically by software. It describes the location and size of fields within the underlying data. It is data agnostic and can represent a complete filesystem or a specific application file format. Optionally, BML can also describe hierarchical data relationships, field names, interpreted data values/types and descriptions.

The software is extensible and uses plug-ins to support new binary file formats. It currently provides plug-ins for the FAT and NTFS filesystems, master file table, non-resident NTFS indexes (INDX files), the USN Change journal and Windows shortcut files. Further plug-ins are planned for the future.

The software includes a variety of complementary tools to generate BML and convert it to other formats such as CSV, SQLite and timelines. It also includes a small utility to generate annotated hexadecimal dumps that may be very familiar to practitioners who have attended a certain popular UK forensic course.

The software is available to bona fide forensic practitioners working in law enforcement, academia or similar and is completely free. My only request is that you please let me know what you think about it, how it works and what improvements you would like to see. You can read more about the software here

www.binarymarkup.com

I would be happy to answer any questions about the software either here or via email.

Best wishes

Jim

 
Posted : 11/04/2017 6:48 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I am pleased to announce the public release of Binary Markup Toolkit (BMTK). This is free software that I developed whilst studying for my Master’s degree in forensic computing.

With all due respect ) , it seems a lot like NOT "free" software (as in freedom), it may well be free (as in free beer) for a selected, restricted number of people, namely "bona fide forensic practitioners working in law enforcement, academia or similar." (whatever that means).

Anyway, congratulations, it seems like a nice thingy. )

jaclaz

 
Posted : 11/04/2017 7:32 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

To answer some questions that have been asked today about BMTK

1. Is BML the same or related to DFXML? No, BML was partially inspired by Simson Garfinkel's DFXML but they are quite different. DFXML uses specific XML elements to describe certain file system metadata, file locations and Windows Registry values. With some exceptions DFXML does not describe the actual location of binary data such as metadata. BML works a lower level and is designed to describe the internal structure of binary data.

2. Why is BMTK Windows only? Because I haven't got around to writing a Linux version yet - I had to start somewhere.

3. Is BMTK free? Yes, there is no charge for BMTK. I have restricted the initial release to people who have a legitimate interest in digital forensics because I don't want the software being misused or turn up on the next shareware website. If you want to have a play with it please ask. I haven't said no to anyone yet.

Jim

www.binarymarkup.com

 
Posted : 12/04/2017 6:57 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

3. Is BMTK free? Yes, there is no charge for BMTK. I have restricted the initial release to people who have a legitimate interest in digital forensics because I don't want the software being misused or turn up on the next shareware website. If you want to have a play with it please ask. I haven't said no to anyone yet.

Which is very nice of you, of course ) (the fact you didn't say no to anyone), still it doesn't make the thingy "free" (which is not only about the money involved, that would be "free of charge", not "free")

There is nothing "bad" in not being free, it's perfectly fine, it is only calling it "free" that is inaccurate.

You want to be contacted and asked for the program, and told who the appellant is, why one wants it and what intended use he/she has for it, etc., this in itself makes it "not free".

It is "controlled distribution to a restricted set of eligible user upon unquestionable judgement of the Author", it is good that you are not as selective as you declare in giving it away, but still this is not "free", and is not even strictly "freeware" since the user is giving you some (minimal) personal data in order to have it.

jaclaz

 
Posted : 12/04/2017 10:21 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

It seems pointless to get into a long debate about the word "free". There are many dictionary definitions, one of which is "zero cost". I have amended the original post to avoid confusion and suggest we move on to constructively discussing forensic issues rather than splitting hairs over the English language.

Jim

www.binarymarkup.com

 
Posted : 13/04/2017 12:33 am
pbobby
(@pbobby)
Posts: 239
Estimable Member
 

No s**t - we gonna hijack a thread now on semantics? Why not request a copy and test it out and comment on the tool and taxonomy etc?

JimC - thanks for releasing the tool. We use a similar process for parsing binary streams in real-time packet captures and converting elements to json for real-time analysis or for indexed storage. The biggest benefit by far is ease by which binary data can then be indexed and searched months after the fact.

 
Posted : 13/04/2017 5:57 pm
(@trewmte)
Posts: 1877
Noble Member
 

JimC applied for a download but received no response

 
Posted : 13/04/2017 11:05 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

I have responded to every request I have received. I have PM'd you to figure out what went wrong.

Jim

www.binarymarkup.com

 
Posted : 13/04/2017 11:34 pm
Share: