ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Category:Digital Forensics XML

From ForensicsWiki
Revision as of 13:37, 18 February 2011 by Simsong (Talk | contribs) (XML Forensics Tools and Toolkits)

Jump to: navigation, search

Digital Forensics XML (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

Today there is no Digital Forensics XML standard and there is no fixed schema. Instead, we are slowly creating a set of tools that can produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.

Given this state of affairs, our current strategy is to:

  • Develop a set of standardized tags and data representations for current XML tools.
  • Modify our tools to produce XML similar to the sample XML.
  • Develop a DTD and schema to allow XML validation.

XML Forensics Tools and Toolkits

  • The Python module implements objects for reading and writing DFXML.
  • The fiwalk C++ program produces DFXML for files from disk images using SleuthKit.
  • The frag_find hash-based carving tool produces a DFXML file indicating where items are found.
  • We are creating a DFXML strategy for distributing hash sets.

See Also