|
|
| Line 1: |
Line 1: |
| − | <table style="padding:0.3em; float:right; margin-left:15px; margin-bottom:8px; border:1px solid #A3B1BF; background:#f5faff; text-align:center; font-size:95%; line-height:1.5em;width:220px;">
| + | CarvFs is a modular [[Fuse]] based user space file system on top op [[LibCarvPath]]. |
| − | <tr>
| + | CarvFS makes CarvPath style annotations as used by LibCarvPath available as files. |
| − | <th colspan="2" style="padding:0.1em; font-size:1em; background-color:#cee0f2;">Current version</th>
| + | Using CarvFs makes it possible to process carved entities as files without the need for copy-out. |
| − | </tr>
| + | |
| − | <tr style="font-size:1em;">
| + | |
| − | <td align="right"><b>Version Number:</b></td>
| + | |
| − | <td align="left">1.5.1</td>
| + | |
| − | </tr>
| + | |
| − | <tr style="font-size:1em;">
| + | |
| − | <td align="right" ><b>Date Released:</b></td>
| + | |
| − | <td align="left">02 December 2008</td>
| + | |
| − | </tr>
| + | |
| − | <tr>
| + | |
| − | <th colspan="2" style="padding:0.1em; font-size:1em; background-color:#cee0f2;">Recent changes</th>
| + | |
| − | </tr>
| + | |
| − | <tr style="font-size:1em;">
| + | |
| − | <td colspan="2" align="left">
| + | |
| − | <ul>
| + | |
| − | <li>Added support of HASH calculation and verification for the extracted device data
| + | |
| − | <li>Added support for common Samsung phones based on Swift and Sysol platforms
| + | |
| − | </ul>
| + | |
| − | </td>
| + | |
| − | </tr>
| + | |
| − | <tr>
| + | |
| − | <th colspan="2" style="padding:0.1em; font-size:1em; background-color:#cee0f2;">Screenshots</th>
| + | |
| − | </tr>
| + | |
| − | <tr style="font-size:1em;">
| + | |
| − | <td colspan="2" align="left">
| + | |
| − | [[Image:OFS2_02_EventLog.png|200px|thumb|center|Event log]] | + | |
| − | [[Image:OFS2_04_LifeBlog.png|200px|thumb|center|LifeBlog with GPS mapping]] | + | |
| − | [[Image:OFS2_05_FileBrowser.png|200px|thumb|center|File Browser with Hex viewer]]
| + | |
| − | [[Image:OFS2_08_MessagesExportPDF.png|200px|thumb|center|Sample report]]
| + | |
| − | [http://www.oxygen-forensic.com/en/screenshots/ More screenshots ... ]
| + | |
| − | </td>
| + | |
| − | </tr>
| + | |
| − | </table>
| + | |
| | | | |
| − | ===Brief===
| + | CarvFs is modular with respect to access to image files. |
| | + | The CarvFs distribution comes with a default module for access to (split) raw files. |
| | | | |
| − | [http://www.oxygen-forensic.com/ Oxygen Forensic Suite 2] by [http://www.oxygen-software.com/ Oxygen Software] is a mobile forensic software for logical analysis of [[cell phones]], [[SmartPhones|smartphones]] and [[PDAs]]. The authors claim that using advanced data access protocols helps to extract much more data than usually. | + | A separate [[Libewf]] module is available for access to ewf images. |
| | | | |
| − | ===Regular data extraction=== | + | == External Links == |
| − | Oxygen Forensic Suite 2 is able to extract general data like:
| + | * [http://sourceforge.net/apps/mediawiki/carvpath/ CarvPath wiki] |
| − | * device information (IMEI, SW and HW versions, operator, etc),
| + | |
| − | * contacts (names, phones, notes)
| + | |
| − | * calendar events,
| + | |
| − | * messages ([[SMS]]),
| + | |
| − | * log records (incoming/outgoing/missed).
| + | |
| − | * files (images, sounds, videos, documents, etc)
| + | |
| − | | + | |
| − | ===Unique data extraction===
| + | |
| − | Besides the general data usually extracted, Oxygen Forensic Suite 2 can extract a lot of unique information:
| + | |
| − | * contacts (last date of contact modification, contacts photos, field labels, contact groups and speed dials)
| + | |
| − | * calendar events (last date of event modification, all event dates, alarm status, recurrences)
| + | |
| − | * messages (e-mails and MMS, messages from custom folders, message SMSC time stamp)
| + | |
| − | * log records ([[GPRS]], [[EDGE]], CSD, HSCSD and Wi-Fi session traffic and time, deleted SMS details)
| + | |
| − | * files (file system from phone memory and flash card)
| + | |
| − | * LifeBlog data (all main phone events like sms, photos, events '''with their geographical coordinates'''),
| + | |
| − | '''Important!''' The list of supported features depends on a certain phone model.
| + | |
| − | | + | |
| − | ===Device coverage===
| + | |
| − | By the October, 2008 Oxygen Forensic Suite 2 supports more than '''1100 devices''': [[Nokia]], Vertu, [[Sony Ericsson]], Samsung, Motorola, [[BlackBerry|Blackberry]], Panasonic, Siemens, HTC, HP, E-Ten, Gigabyte, i-Mate and other mobile phones.
| + | |
| − | Oxygen Forensic Suite 2 has a strong support for [[symbian|Symbian OS]], [[symbian|Nokia S60]], Sony Ericsson UIQ, [[Microsoft Windows Mobile|Windows Mobile 5/6]] and [[BlackBerry|Blackberry]] [[SmartPhones|smartphones]] and communicators.
| + | |
| − | | + | |
| − | ===Other===
| + | |
| − | * The software access devices without using standard protocols like AT, OBEX or SyncML. The Agent installation is required to access smartphones and communicators.
| + | |
| − | * The software is able to perform data search, to create and print reports.
| + | |
| − | * The software has a full support of Unicode standard. So the multilanguage information is read and shown correctly.
| + | |
| − | | + | |
| − | ===History===
| + | |
| − | Oxygen Forensic Suite 2 is a third generation of forensic tools by Oxygen Software.
| + | |
| − | * 2004, March. Oxygen Phone Manager II for Nokia phones (Forensic Edition) is released.
| + | |
| − | * 2005, November. Oxygen Phone Manager II for Symbian OS smartphones is released.
| + | |
| − | * 2007, June. Oxygen Phone Manager II (Forensic Edition) becomes a stand alone project with new name "Oxygen Forensic Suite"
| + | |
| − | * 2008, May. Oxygen Forensic Suite 2 is released and presented at Mobile Forensics World 2008.
| + | |
| − | | + | |
| − | ===Links===
| + | |
| − | * [http://www.oxygen-forensic.com/ Official web site] | + | |
| − | * [http://www.oxygen-software.com/ Oxygen Software web site]
| + | |
CarvFs is modular with respect to access to image files.
The CarvFs distribution comes with a default module for access to (split) raw files.
