Difference between pages "Cell Phone Forensics" and "AFF Development Task List"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
(High Priority: - afcat usage message)
 
Line 1: Line 1:
== Guidelines ==
+
== High Priority ==
  
# If on, leave on. If off, leave off.
+
* Create man pages and/or documentation for AFF toolkit. To wit:
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
+
# Plug the phone in, preferably in the evidence room, as soon as possible.
+
# Retain [[search warrant]] (if necessary - [[LE]]).
+
# Return device to forensic lab if able.
+
# Use [[forensically sound]] tools for processing.
+
  
== Notes ==
+
* [[aimage]]
 +
* [[ident]]
 +
* [[afcat]]
 +
* [[afcompare]]
 +
* [[afconvert]]
 +
* [[affix]]
 +
* [[affuse]]
 +
* [[afinfo]]
 +
* [[afstats]]
 +
* [[afxml]]
 +
* [[afsegment]]
  
Expand on 5 as to what to collect:
+
* Add a usage description to [[afcat]]. When run with no arguments the output should say what the program does.
  
* [[ESN]],
+
* Create man pages and/or documentation for AFF library functions (e.g. ,<tt>af_open</tt>, <tt>af_get_imagesize</tt>)
* [[IMEI]],
+
* [[Carrier]],
+
* Model Number,
+
* Color, and
+
* Other information related to [[Cell Phone]] and [[SIM Card]].
+
  
Process:
+
* Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary <em>on that machine</em>. There is no good way to determine those extra libraries.
  
# Research the [[Cell Phone]]. Visit PhoneScoop.com for more information
+
* Document that <tt>af_write</tt> may not be called without first setting the <tt>image_pagesize</tt> value inside of the <tt>AFFILE</tt> structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that <tt>image_pagesize</tt> is not zero and 2. Set <tt>image_pagesize</tt> to a known good default value when opening a new AFF file for writing.
#
+
#
+
#
+
  
== Links ==
+
== Medium Priority ==
[http://www.PhoneScoop.com PhoneScoop.com]
+
  
[http://www.mobileforensics.com MobileForensics.com]
+
* How about renaming the library to libaff? That would allow developers to link with <tt>-laff</tt> instead of <tt>-lafflib</tt>. To my knowledge, there is no existing library named AFF already.
  
[http://www.SmartPhoneForensics.com SmartPhoneForensics.com]
+
* Is there a set of segment names that must be defined to have a ''valid'' AFF file?
 +
 
 +
* Document that <tt>af_open</tt> (when writing a file) does more than a standard <tt>fopen</tt> command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
 +
 
 +
* Does <tt>af_open</tt> refuse to open a file for writing if it already exists? If so, what kind of error does it return?
 +
 
 +
* Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of <tt>$ afinfo -a</tt>.
 +
 
 +
== Low Priority ==
 +
 
 +
* Add library function to open standard input. Perhaps:
 +
 
 +
<pre>AFFILE * af_open_stdin(void);</pre>

Revision as of 13:07, 25 July 2007

High Priority

  • Create man pages and/or documentation for AFF toolkit. To wit:
* aimage
* ident
* afcat
* afcompare
* afconvert
* affix
* affuse
* afinfo
* afstats
* afxml
* afsegment
  • Add a usage description to afcat. When run with no arguments the output should say what the program does.
  • Create man pages and/or documentation for AFF library functions (e.g. ,af_open, af_get_imagesize)
  • Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary on that machine. There is no good way to determine those extra libraries.
  • Document that af_write may not be called without first setting the image_pagesize value inside of the AFFILE structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that image_pagesize is not zero and 2. Set image_pagesize to a known good default value when opening a new AFF file for writing.

Medium Priority

  • How about renaming the library to libaff? That would allow developers to link with -laff instead of -lafflib. To my knowledge, there is no existing library named AFF already.
  • Is there a set of segment names that must be defined to have a valid AFF file?
  • Document that af_open (when writing a file) does more than a standard fopen command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
  • Does af_open refuse to open a file for writing if it already exists? If so, what kind of error does it return?
  • Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of $ afinfo -a.

Low Priority

  • Add library function to open standard input. Perhaps:
AFFILE * af_open_stdin(void);