ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Hachoir"

From ForensicsWiki
Jump to: navigation, search
(New page: '''Hachoir''' is a generic framework for binary file manipulation. Hachoir supports many file formats (more than 60 formats) and have many features: * Fault tolerant parser (truncated/bug...)
 
Line 1: Line 1:
 +
{{Infobox_Software |
 +
  name = PyFlag |
 +
  maintainer = [[Michael Cohen]], [[David Collett]] |
 +
  os = {{Linux}}, {{Web-based}} |
 +
  genre = {{Analysis}} |
 +
  license = {{GPL}} |
 +
  website = [http://www.pyflag.net/ pyflag.net] |
 +
}}
 +
 
'''Hachoir''' is a generic framework for binary file manipulation.
 
'''Hachoir''' is a generic framework for binary file manipulation.
  

Revision as of 01:29, 19 March 2007

PyFlag
Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: pyflag.net

Hachoir is a generic framework for binary file manipulation.

Hachoir supports many file formats (more than 60 formats) and have many features:

  • Fault tolerant parser (truncated/buggy file or buggy parser)
  • Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields
  • Few functions to modify files
  • File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser)
  • Written in Python: OS independant and easy to script/extend
  • curses, wxWidgets and Gtk interfaces
  • Many programs based on hachoir-core and hachoir-parser:
    • hachoir-strip: remove metadata and other "useless" informations
    • hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
    • hachoir-subfile: find all subfiles in a file
    • etc.

Links