http://www.forensicswiki.org/w/index.php?title=Digital_Evidence_Bags&feed=atom&action=historyDigital Evidence Bags - Revision history2013-05-25T10:17:19ZRevision history for this page on the wikiMediaWiki 1.20.3http://www.forensicswiki.org/w/index.php?title=Digital_Evidence_Bags&diff=1253&oldid=prevUwe Hermann at 17:25, 3 May 20062006-05-03T17:25:17Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:25, 3 May 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>The Digital Evidence Bag (DEB) format mimics in a digital environment the</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>The <ins class="diffchange diffchange-inline">'''</ins>Digital Evidence Bag<ins class="diffchange diffchange-inline">''' </ins>(<ins class="diffchange diffchange-inline">'''</ins>DEB<ins class="diffchange diffchange-inline">'''</ins>) format mimics in a digital environment the bags, tags and seals used to traditionally wrap evidence.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>bags, tags and seals used to traditionally wrap evidence.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>When a DEB is</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>When a DEB is created three files are generated:</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>created three files are generated:</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># A .tag file which is plain text and stores case specific <del class="diffchange diffchange-inline">meta data </del>such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic <del class="diffchange diffchange-inline">hashes </del>(seals) that are used <del class="diffchange diffchange-inline"> </del>to maintain and assure the integrity of the DEB structure.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># A <ins class="diffchange diffchange-inline">'''</ins>.tag<ins class="diffchange diffchange-inline">''' </ins>file which is <ins class="diffchange diffchange-inline">[[</ins>plain text<ins class="diffchange diffchange-inline">]] </ins>and stores case specific <ins class="diffchange diffchange-inline">[[metadata]] </ins>such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic <ins class="diffchange diffchange-inline">[[hash]]es </ins>(seals) that are used to maintain and assure the integrity of the DEB structure.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># <del class="diffchange diffchange-inline">A </del>.index file is a plain text file that records device, file or data source <del class="diffchange diffchange-inline">meta data</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># <ins class="diffchange diffchange-inline">An '''</ins>.index<ins class="diffchange diffchange-inline">''' </ins>file is a plain text file that records device, file or data source <ins class="diffchange diffchange-inline">metadata</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># A .bag file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># A <ins class="diffchange diffchange-inline">'''</ins>.bag<ins class="diffchange diffchange-inline">''' </ins>file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">[[Category:File Formats]]</ins></div></td></tr>
</table>Uwe Hermannhttp://www.forensicswiki.org/w/index.php?title=Digital_Evidence_Bags&diff=1252&oldid=prevSimsong at 20:46, 31 October 20052005-10-31T20:46:36Z<p></p>
<p><b>New page</b></p><div>The Digital Evidence Bag (DEB) format mimics in a digital environment the<br />
bags, tags and seals used to traditionally wrap evidence. <br />
<br />
When a DEB is<br />
created three files are generated:<br />
<br />
# A .tag file which is plain text and stores case specific meta data such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic hashes (seals) that are used to maintain and assure the integrity of the DEB structure. <br />
# A .index file is a plain text file that records device, file or data source meta data.<br />
# A .bag file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.</div>Simsong