Difference between revisions of "Category:Digital Forensics XML"

From ForensicsWiki
Jump to: navigation, search
m
m (XML Forensics Tools and Toolkits)
Line 10: Line 10:
  
 
==XML Forensics Tools and Toolkits==
 
==XML Forensics Tools and Toolkits==
* The fiwalk.py Python module implements objects for reading and writing DFXML.
+
* The dfxml.py Python module implements objects for reading and writing DFXML.
 
* The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
 
* The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
 
* The frag_find hash-based carving tool produces a DFXML file indicating where items are found.
 
* The frag_find hash-based carving tool produces a DFXML file indicating where items are found.

Revision as of 09:37, 18 February 2011

Digital Forensics XML (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

Today there is no Digital Forensics XML standard and there is no fixed schema. Instead, we are slowly creating a set of tools that can produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.

Given this state of affairs, our current strategy is to:

  • Develop a set of standardized tags and data representations for current XML tools.
  • Modify our tools to produce XML similar to the sample XML.
  • Develop a DTD and schema to allow XML validation.

XML Forensics Tools and Toolkits

  • The dfxml.py Python module implements objects for reading and writing DFXML.
  • The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
  • The frag_find hash-based carving tool produces a DFXML file indicating where items are found.
  • We are creating a DFXML strategy for distributing hash sets.

See Also