Difference between revisions of "Category:Digital Forensics XML"

From ForensicsWiki
Jump to: navigation, search
m (See Also)
m
Line 1: Line 1:
''Digital Forensics XML'' is the effort to create an XML schema to allow for easy interoperability between different forensic tools.  
+
''Digital Forensics XML'' (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.  
 +
 
 +
Today there is no Digital Forensics XML standard and there is no fixed schema. Instead, we are slowly creating a set of tools that can  produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.
 +
 
 +
Given this state of affairs, our current strategy is to:
  
Today there is no Digital Forensics XML standard and there is no schema. Nevertheless there are a growing number of tools that can either produce or ingest XML data. Given this state of affairs, the goals of this project are:
 
 
* Develop a set of standardized tags and data representations for current XML tools.  
 
* Develop a set of standardized tags and data representations for current XML tools.  
 
* Modify our tools to produce XML similar to the sample XML.
 
* Modify our tools to produce XML similar to the sample XML.
 
* Develop a DTD and schema to allow XML validation.
 
* Develop a DTD and schema to allow XML validation.
  
==XML Forensics Tools==
+
==XML Forensics Tools and Toolkits==
 
+
* The fiwalk.py Python module implements objects for reading and writing DFXML.
==XML Forensics Toolkits==
+
* The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
 +
* The frag_find hash-based carving tool produces a DFXML file indicating where items are found.
 +
* We are creating a DFXML strategy for distributing hash sets.
  
 
==See Also==
 
==See Also==

Revision as of 08:14, 2 February 2011

Digital Forensics XML (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

Today there is no Digital Forensics XML standard and there is no fixed schema. Instead, we are slowly creating a set of tools that can produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.

Given this state of affairs, our current strategy is to:

  • Develop a set of standardized tags and data representations for current XML tools.
  • Modify our tools to produce XML similar to the sample XML.
  • Develop a DTD and schema to allow XML validation.

XML Forensics Tools and Toolkits

  • The fiwalk.py Python module implements objects for reading and writing DFXML.
  • The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
  • The frag_find hash-based carving tool produces a DFXML file indicating where items are found.
  • We are creating a DFXML strategy for distributing hash sets.

See Also