Join Us!

forensic logical fo...
 
Notifications
Clear all

forensic logical formats  

  RSS
zemaria523
(@zemaria523)
New Member

What kind of open logical forensic file formats are used and that could be used in software?

AD is from access data, L01 is from encase, besides libewf can read L01 it cant write.

 

Thank you.

Quote
Posted : 25/05/2020 7:06 pm
jaclaz
(@jaclaz)
Community Legend
mcman
(@mcman)
Active Member

+1 for AFF4

ReplyQuote
Posted : 26/05/2020 6:21 pm
athulin
(@athulin)
Community Legend
Posted by: @zemaria523

What kind of open logical forensic file formats are used and that could be used in software?

AD is from access data, L01 is from encase, besides libewf can read L01 it cant write.

You may want to clarify what you mean by 'open'.  I include 'publicly accessible specification' in that term, but as far as I know neither of those you mention are open in that particular respect.

 

ReplyQuote
Posted : 27/05/2020 6:04 am
zemaria523
(@zemaria523)
New Member

@athulin

Open source, I think AFF4 is good enough! Thank you all.

ReplyQuote
Posted : 28/05/2020 4:55 pm
MSAB_Paul
(@msab_paul)
New Member

There's a new and developing 'CASE' format... https://caseontology.org/ontology/start.html

ReplyQuote
Posted : 17/06/2020 11:02 am
jaclaz
(@jaclaz)
Community Legend
Posted by: @msab_paul

There's a new and developing 'CASE' format... https://caseontology.org/ontology/start.html

I cannot see anything related to any image format, let alone tools to deal with them.

Do you have a more specific reference?

jaclaz

ReplyQuote
Posted : 18/06/2020 10:45 am
MSAB_Paul
(@msab_paul)
New Member

@jaclaz

It is new and developing... here's some more links:

Various presentation slides on CASE: https://caseontology.org/community/presentations.html

GitHub: https://github.com/casework and https://caseontology.org/ontology/releases/0.2.0/

CASE Members: https://caseontology.org/community/members.html

Most tool providers are awaiting the official release of 1.0.

ReplyQuote
Posted : 18/06/2020 11:31 am
jaclaz
(@jaclaz)
Community Legend
Posted by: @msab_paul

@jaclaz

It is new and developing... here's some more links:

Various presentation slides on CASE: https://caseontology.org/community/presentations.html

GitHub: https://github.com/casework and https://caseontology.org/ontology/releases/0.2.0/

CASE Members: https://caseontology.org/community/members.html

Most tool providers are awaiting the official release of 1.0.

That is all or mostly "fluff" about ontology

https://en.wikipedia.org/wiki/Ontology_(information_science)

 applied to digital forensics. which is (please read as will be) possibly a good thing but has very little to do with the topic.

This topic is about (free/open source) forensic sound disk image format (and the unwritten attribute is that this format needs to exist, not be in the wishlist of something that BTW is basically stale since more than three years):

0.1.0 Release

Date: 2017-01-13

I can find nothing about forensic sound disk image formats in those links (nor in any other I could find) hence I asked if you have any meaninfgul link specific to forensic sound disk image format.

 

jaclaz

 

ReplyQuote
Posted : 18/06/2020 1:15 pm
MSAB_Paul
(@msab_paul)
New Member

@jaclaz

I was just providing info in relation to the question:

What kind of open logical forensic file formats are used and that could be used in software

Take it or leave it, I have no personal connection or agenda on the efforts to develop the CASE format... and I was clear that this is work in progress.

ReplyQuote
Posted : 18/06/2020 1:22 pm
trewmte liked
jaclaz
(@jaclaz)
Community Legend
Posted by: @msab_paul

@jaclaz

I was just providing info in relation to the question:

What kind of open logical forensic file formats are used and that could be used in software

Take it or leave it, I have no personal connection or agenda on the efforts to develop the CASE format... and I was clear that this is work in progress.

It must be a difference in parsing, I read this:

... file formats are used and that could be used

as needing two things concurrently:
1) file formats used (already in use and thus already existing)
2) that could be used (in the sense of freely usable)

It is good to know that when/if a version 1.0 release of CASE will be released it may contain (or it may not, as it might be released later in the upcoming 2.0 or 3.0 versions) a forensic image file format specification and, when/if this happens it will be freely usable (open, open source, etc.).

jaclaz

ReplyQuote
Posted : 18/06/2020 1:44 pm
Share: