Difference between revisions of "Dfvfs"

From ForensicsWiki
Jump to: navigation, search
(Volume systems)
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
 
   name = dfvfs |
 
   name = dfvfs |
   maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
   maintainer = [[Daniel White]], [[Joachim Metz]] |
 
   os = [[Linux]], [[Mac OS X]], [[Windows]] |
 
   os = [[Linux]], [[Mac OS X]], [[Windows]] |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
 
   license = {{APL}} |
 
   license = {{APL}} |
   website = [https://code.google.com/p/dfvfs/ code.google.com/p/dfvfs/] |
+
   website = [https://github.com/log2timeline/dfvfs/ github.com/log2timeline/dfvfs] |
 
}}
 
}}
  
Line 13: Line 13:
  
 
== Supported Formats ==
 
== Supported Formats ==
 +
The information below is based of version 20160918.
 +
 
=== Storage media types ===
 
=== Storage media types ===
 
* [[Encase image file format]] or EWF (EWF-E01, EWF-Ex01, EWF-S01) using [[libewf]]
 
* [[Encase image file format]] or EWF (EWF-E01, EWF-Ex01, EWF-S01) using [[libewf]]
* [[Raw Image Format]] or RAW
 
 
* [[QCOW Image Format]] or QCOW using [[libqcow]]
 
* [[QCOW Image Format]] or QCOW using [[libqcow]]
 +
* [[Raw Image Format]] or (split) RAW using [[libsmraw]]
 +
* Storage media devices using [[libsmdev]]
 
* [[Virtual Disk Image (VDI)]] or VHD using [[libvhdi]]
 
* [[Virtual Disk Image (VDI)]] or VHD using [[libvhdi]]
 +
* [[VMWare Virtual Disk Format (VMDK)]] using [[libvmdk]]
  
 
=== Volume systems ===
 
=== Volume systems ===
 
* using [[sleuthkit]] and [[pytsk]]
 
* using [[sleuthkit]] and [[pytsk]]
** APM
+
** [[APM]]
** GPT
+
** [[GPT]]
** MBR
+
** [[MBR]]
 +
* [[BitLocker Disk Encryption]] or BDE using [[libbde]]
 +
* [[FileVault Disk Encryption]] or FVDE, or FileVault 2 using [[libfvde]]
 +
* [[Linux Logical Volume Manager (LVM)|Linux Logical Volume Manager]] or Linux LVM using [[libvslvm]]
 
* [[Windows Shadow Volumes]] or VSS using [[libvshadow]]
 
* [[Windows Shadow Volumes]] or VSS using [[libvshadow]]
 +
 +
Upcoming:
 +
* [[Linux Unified Key Setup (LUKS)|Linux Unified Key Setup]] or LUKS using [[libluksde]]
  
 
=== File systems ===
 
=== File systems ===
 
* using [[sleuthkit]] and [[pytsk]]
 
* using [[sleuthkit]] and [[pytsk]]
** ext 2, 3, 4  
+
** [[Extended File System (Ext)]] version 2, 3, 4  
** FAT
+
** [[FAT]]
** HFS, HFS+, HFSX
+
** [[HFS+|HFS, HFS+, HFSX]]
** NTFS
+
** [[New Technology File System (NTFS)]] version 3
** UFS 1, 2
+
** [[Unix File System (UFS)]] version 1, 2
  
 
== History ==
 
== History ==
Line 38: Line 48:
  
 
== See Also ==
 
== See Also ==
 +
* [[dfwinreg]]
 
* [[plaso]]
 
* [[plaso]]
  
 
== External Links ==
 
== External Links ==
* [https://code.google.com/p/dfvfs/ Project site]
+
* [https://github.com/log2timeline/dfvfs/ Project site]
 +
* [https://github.com/log2timeline/dfvfs/wiki Project documentation]
 +
* [https://github.com/log2timeline/dfvfs/wiki/Development Developing Python code using dfvfs]

Latest revision as of 06:28, 18 September 2016

dfvfs
Maintainer: Daniel White, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: github.com/log2timeline/dfvfs

dfVFS, or Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.

dfVFS is currently implemented as a Python module.

Supported Formats

The information below is based of version 20160918.

Storage media types

Volume systems

Upcoming:

File systems

History

dfVFS originates from the Plaso project. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of the VFS functionality. dfVFS originally was named PyVFS, but that name conflicted with another project.

See Also

External Links