ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Training Courses and Providers" and "Windows SuperFetch Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
This is the list of Scheduled Training Courses, referred to by [[Upcoming_events]].  Please refer to the instructions on the [[Upcoming_events]] page if you wish to edit this page.
+
{{expand}}
  
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv.
+
SuperFetch, is a memory management scheme that enhances the least-recently accessed approach with historical information and proactive memory management. [http://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx]
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
<b>Note that the following format specification are incomplete.</b>
|- style="background:#bfbfbf; font-weight: bold"
+
 
! Title
+
== SuperFetch DB files ==
! Date/Location
+
The <tt>Ag*.db</tt> files are of the SuperFetch file format. E.g.
! Website
+
<pre>
! Limitation
+
AgAppLaunch.db
 +
AgCx_SC*.db
 +
AgGlFaultHistory.db
 +
AgGlFgAppHistory.db
 +
AgGlGlobalHistory.db
 +
AgGlUAD_%SID%.db
 +
AgGlUAD_P_%SID%.db
 +
AgRobust.db
 +
</pre>
 +
 
 +
The SuperFetch DB files can be stored in uncompressed or compressed form, where different version of Windows use different compressed forms:
 +
* Compressed SuperFetch DB - MEMO file format; Windows Vista
 +
* Compressed SuperFetch DB - MEM0 file format; Windows  7
 +
* Compressed SuperFetch DB - MAM file format; Windows 8
 +
 
 +
=== Compressed SuperFetch DB - MEMO file format ===
 +
The MEM file consists of:
 +
* file header
 +
* compressed blocks
 +
 
 +
This format uses the LZNT1 compression method
 +
 
 +
==== File header ====
 +
The file header is 84 bytes of size and consists of:
 +
{| class="wikitable"
 
|-
 
|-
|File Systems Revealed
+
! Offset
|Apr 03-04, Chicago, IL
+
! Size
|http://www.x-ways.net/training/chicago.html
+
! Value
 +
! Description
 
|-
 
|-
|Macintosh Forensic Survival Course (MFSC)
+
| 0
|Apr 07-11, Trenton, NJ
+
| 4
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
| "MEMO" (0x4d, 0x45, 0x4d, 0x4f)
|Limited to Law Enforcement
+
| Signature
 
|-
 
|-
|EnCase&reg; Enterprise v6 - Phase II
+
| 4
|Apr 07-10, Washington DC
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Uncompressed (total) data size
 
|-
 
|-
|SubRosaSoft Examiner Certification
+
|}
|Apr 07-10, Union City, CA
+
 
|http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=product_info&cPath=2&products_id=112
+
==== Compressed blocks ====
 +
The compressed block size is the chunk data size, which is part of the LZNT1 compressed data, + 2 bytes for the size of the chunk header itself.
 +
 
 +
The uncompressed block size is 4096 (0x1000) or the remaining uncompressed data size for the last block.
 +
 
 +
=== Compressed SuperFetch DB - MEM0 file format ===
 +
The MEM file consists of:
 +
* file header
 +
* compressed blocks
 +
 
 +
This format uses the LZXPRESS Huffman compression method
 +
 
 +
==== File header ====
 +
The file header is 84 bytes of size and consists of:
 +
{| class="wikitable"
 
|-
 
|-
|Introduction to Cyber Crime
+
! Offset
|Apr 07-09, Mississippi State University
+
! Size
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
! Value
|Limited to Law Enforcement
+
! Description
 
|-
 
|-
|Certified Wireless Network Admin/Wireless Security Professional Bootcamp
+
| 0
|Apr 08-17, Reston, VA
+
| 4
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
+
| "MEM0" (0x4d, 0x45, 0x4d, 0x30)
 +
| Signature
 
|-
 
|-
|EnCase&reg; v6 Computer Forensics II
+
| 4
|Apr 08-11, United Kingdom
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Uncompressed (total) data size
 
|-
 
|-
|EnCase&reg; v6 NTFS
+
|}
|Apr 08-11, Los Angeles, CA
+
 
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
==== Compressed blocks ====
 +
The file header is followed by compressed blocks:
 +
{| class="wikitable"
 
|-
 
|-
|EnCase&reg; v6 Computer Forensics I
+
! Offset
|Apr 08-11, Houston, TX
+
! Size
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
! Value
 +
! Description
 
|-
 
|-
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
+
| 0
|Apr 08-11, Chicago, IL
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Compressed data size
 
|-
 
|-
|Certified Wireless Network Administrator
+
| 4
|Apr 08-11, Reston, VA and Online-instructor led/Distance Learning
+
| ...
|http://www.securityuniversity.net/classes_wireless_CWNA.php
+
|
 +
| Compressed data
 
|-
 
|-
|AccessData&reg; Windows Forensics
+
|}
|Apr 08-10, Albany, NY
+
 
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
The uncompressed block size is 65536 (0x10000) or the remaining uncompressed data size for the last block.
 +
 
 +
=== Compressed SuperFetch DB - MAM file format ===
 +
The MAM file consists of:
 +
* file header
 +
* compressed blocks
 +
 
 +
This format uses the <b>TODO</b> compression method
 +
 
 +
==== File header ====
 +
<b>TODO</b>
 +
 
 +
{| class="wikitable"
 
|-
 
|-
|AccessData&reg; Internet Forensics
+
! Offset
|Apr 08-10, Sydney, NSW, Australia
+
! Size
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
! Value
 +
! Description
 
|-
 
|-
|Neutrino-Mobile Phone Forensics
+
| 0
|Apr 08-09, Washington DC
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
| "MAM\x84" (0x4d, 0x41, 0x4d, 0x84)
 +
| Signature
 
|-
 
|-
|Forensics Tools and Techniques
+
|}
|Apr 09-11, Mississippi State University
+
 
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
==== Compressed blocks ====
|Limited to Law Enforcement
+
<b>TODO</b>
 +
 
 +
=== Uncompressed SuperFetch DB format ===
 +
<b>TODO</b>
 +
 
 +
==== File header ====
 +
<b>TODO</b>
 +
 
 +
{| class="wikitable"
 
|-
 
|-
|Mastering the Cellebrite UFED (Universal Forensic Extraction Device)
+
! Offset
|Apr 09-11, Los Angeles, CA
+
! Size
|http://www.42-consulting.com
+
! Value
 +
! Description
 
|-
 
|-
|CelleBrite Forensics
+
| 0
|April 09-11, Miami, FL
+
| 4
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=4
+
| 0x0000000e
 +
| Unknown (Database type or signature?)
 
|-
 
|-
|Mobile Device Investigations Program (MDIP)
+
| 4
|Apr 14-18, Glynco, GA
+
| 4
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|  
|Limited to Law Enforcement
+
| Uncompressed (total) data size
 
|-
 
|-
|Core Skills for the Investigation of Cellular Telephones
+
|}
|Apr 14-17, Midland, MI
+
== TRX files ==
|http://www.search.org/programs/hightech/calendar.asp
+
The <tt>Ag*.db.trx</tt> files are of the TRX file format. E.g.
|Limited To Law Enforcement
+
<pre>
 +
AgCx_SC*.db.trx
 +
</pre>
 +
 
 +
<b>Note that the following format specification is incomplete.</b>
 +
 
 +
=== File header ===
 +
The file header is variable of size and consists of:
 +
{| class="wikitable"
 
|-
 
|-
|Certified Wireless Security Professional
+
! Offset
|Apr 14-17, Reston, VA
+
! Size
|http://www.securityuniversity.net/classes_wireless_CWSP.php
+
! Value
 +
! Description
 
|-
 
|-
|EnCase&reg; v6 Computer Forensics II
+
| 0
|Apr 15-18, Houston, TX and Toronto, Canada
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
| 1
 +
| Unknown (Version?)
 
|-
 
|-
|EnCase&reg; v6 Advanced Internet Examinations
+
| 4
|Apr 15-18, Los Angeles, CA
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Unknown
 
|-
 
|-
|EnCase&reg; v6 Advanced Computer Forensics
+
| 8
|Apr 15-18, United Kingdom
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| File size
 
|-
 
|-
|EnCase&reg; v6 EnScript&reg;  Programming - Phase I
+
| 12
|Apr 15-18, Washington DC
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Maximum number of records (of the record offsets array)
 
|-
 
|-
|EnCase&reg; v6 NTFS
+
| 16
|Apr 15-18, Chicago, IL
+
| 4
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|  
 +
| Number of records
 
|-
 
|-
|Qualified Edge Protection: Firewalls, IPS, Spyware, Trojans and Viruses
+
| 20
|Apr 15-18, San Francisco, CA
+
| ...
|http://www.securityuniversity.net/classes_anti-hacking_Net_firewall_VPN.php
+
|  
|-
+
| Record offsets array, where the record offset is a 32-bit integer. Unused record offset are set to 0.
|AccessData&reg; Windows Forensics
+
|Apr 15-17, Dallas, TX
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Apr 21-May 02, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Advanced MacIntosh Forensics
+
|Apr 21-25, Santa Clara, CA
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|Certified Ethical Hacker/Qualified Security Hacker/Network Defender
+
|Apr 21-25, San Francisco, CA
+
|http://www.securityuniversity.net/classes_QSH.php
+
|-
+
|Basic Data Recovery and Acquisition(BDRA)
+
|Apr 21-24, Vassalboro, ME
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 FIM/Mobile Use of EE Live Forensics
+
|Apr 22-25, Los Angeles, CA and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Apr 22-25, Houston, TX and Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|X-Ways Forensics
+
|Apr 22-24, London, United Kingdom
+
|http://www.x-ways.net/training/london.html
+
|-
+
|AccessData&reg; BootCamp
+
|Apr 22-24, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Advanced Responders - Search and Seizure of SOHO Networks
+
|Apr 22-24, Jacksonville, FL
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|Core Skills for the Investigation of Computer Crime
+
|Apr 28-May 02, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|Qualified Software Security Expert Bootcamp
+
|April 28-May 02, Reston, VA
+
|http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
+
|-
+
|EC-Council Certified Security Analyst/Qualified Security Analyst/Pen Testing Methods
+
|April 28-May 02, San Francisco, CA
+
|http://www.securityuniversity.net/classes_QSH.php
+
|-
+
|Licensed Penetration Tester/Qualified Penetration Tester
+
|April 28-May 02, San Francisco, CA
+
|http://www.securityuniversity.net/classes_Licensed_Penetration_Tester.php
+
|-
+
|Introduction to Automated Forensic Tools(AFT)
+
|Apr 28-May 01, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Apr 29-May 02, Houston, TX and Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Apr 29-May 02, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 NTFS
+
|Apr 29-May 02, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Internet Examinations
+
|Apr 29-May 02, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|Apr 29-May 01, Ft Lauderdale, FL
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Computer Hacking Forensic Investigator/Qualified Forensics Investigator
+
|May 05-09, San Francisco, CA
+
|http://www.securityuniversity.net/classes_CHFI.php
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|May 06-09, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|May 06-09, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; Enterprise v6 - Phase I
+
|May 06-09, Chicago, IL and Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|May 06-08, Manchester, United Kingdom andSydney, NSW, Australia
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|May 06-08, New York City, NY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|May 12-23, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Internet Investigations Training Program (IITP)
+
|May 12-16, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Qualified Software Security Expert Bootcamp
+
|May 12-16, San Francisco, CA
+
|http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
+
|-
+
|Fast CyberForensic Triage(FCT)
+
|May 12-15, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; Enterprise v6 - Phase II
+
|May 12-15, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Secure Techniques for Onsite Preview(STOP)
+
|May 12-13, Pullman, WA
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|May 13-16, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|May 13-16, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|May 13-16, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 FIM/Mobile Use of EE Live Forensics
+
|May 13-16, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Windows Forensics
+
|May 13-15, Sydney, NSW, Australia
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Internet Forensics
+
|May 13-15, Ft Lauderdale, FL
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Advanced Responders - Search and Seizure of SOHO Networks
+
|May 13-15, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|Secure Techniques for Onsite Preview(STOP)
+
|May 14-15, Pullman, WA
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|May 19-23, Grand Rapids, MI
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|-
+
|Basic On-Line Technical Skills(BOTS)
+
|May 19, Lynchburg, VA
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|May 19-23, Santa Clara, CA
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|Core Skills for the Investigation of Computer Crime
+
|May 19-23, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|Boot Camp Certified Wireless Network Admin/Wireless Security Professional
+
|May 20-29, San Francisco, CA
+
|http://www.securityuniversity.net/www.classes_wireless_bootcamp.php
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|May 20-23, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|May 20-23, Houston, TX and Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|May 20-23, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Certified Wireless Network Administrator
+
|May 20-23, San Francisco, CA
+
|http://www.securityuniversity.net/www.classes_wireless_CWNA.php
+
|-
+
|AccessData&reg; Windows Forensics
+
|May 20-22, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Certified Wireless Network Administrator
+
|May 26-30, Rome Italy
+
|http://www.securityuniversity.net/www.classes_wireless_CWNA.php 
+
|-
+
|Certified Wireless Security Professional
+
|May 26-29, San Francisco, CA
+
|http://www.securityuniversity.net/classes_wireless_CWSP.php
+
|-
+
|Certified Ethical Hacker/Qualified Security Hacker/Network Defender
+
|May 26-30, Reston, VA
+
|http://www.securityuniversity.net/classes_QSH.php
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|May 27-30, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Catching the Hackers Intro to IDS
+
|May 27-30, Reston, VA
+
|http://www.securityuniversity.net/classes_introIDS.php
+
|-
+
|AccessData&reg; BootCamp
+
|May 27-29, San Jose, CA
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Jun 02-13, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|ILook® Automated Forensic Application(ILook)
+
|Jun 02-06, Vassalboro, ME
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EC-Council Certified Security Analyst/Qualified Security Analyst/Pen Testing Methods
+
|Jun 02-06, Reston, VA
+
|http://www.securityuniversity.net/classes_anti-hacking_pentest.php
+
|-
+
|Licensed Penetration Tester/Qualified Penetration Tester
+
|Jun 02-06, Reston, VA
+
|http://www.securityuniversity.net/classes_Licensed_Penetration_Tester.php
+
|-
+
|EnCase® v6 Computer Forensics I
+
|Jun 02-06, Pasig City, Phillipines
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Core Skills for the Investigation of Cellular Telephones
+
|Jun 02-05, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Jun 03-06, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 NTFS
+
|Jun 03-06, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Jun 03-06, Chicago, IL and Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Internet Examinations
+
|Jun 03-06, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
+
|Jun 03-06, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|Jun 03-05, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Jun 09-13, San Jose, CA
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|Limited to Law Enforcement
+
|-
+
|Certified Ethical Hacker/Qualified Security Hacker/Network Defender
+
|Jun 09-13, Reston, VA  and Online-instructor led/Distance Learning
+
|http://www.securityuniversity.net/classes_QSH.php
+
|-
+
|Core Skills for the Investigation of Cellular Telephones
+
|Jun 09-12, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|X-Ways Forensics
+
|Jun 09-11, New York City, NY
+
|http://www.x-ways.net/training/new_york.html
+
|-
+
|Certified Wireless Network Admin/Wireless Security Professional Bootcamp
+
|Jun 10-19, Reston, VA
+
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
+
|-
+
|Computer Hacking Forensic Investigator/Qualified Forensics Expert
+
|Jun 10-13, Reston, VA
+
|http://www.securityuniversity.net/classes_CHFI.php
+
|-
+
|Certified Wireless Network Administrator
+
|Jun 10-13, Reston, VA
+
|http://www.securityuniversity.net/classes_CWNA.php
+
|-
+
|AccessData&reg; BootCamp
+
|Jun 10-12, St Paul, MN
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Neutrino-Mobile Phone Forensics
+
|Jun 10-11, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Jun 10-13, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|Jun 10-13, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 FIM/Mobile Use of EE Live Forensics
+
|Jun 10-13, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Jun 10-13, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|File Systems Revealed
+
|Jun 12-13, New York City, NY
+
|http://www.x-ways.net/training/new_york.html
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Jun 16-27, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Intermediate Data Recovery and Analysis(IDRA)
+
|Jun 16-20, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Certified Ethical Hacker/Qualified Security Hacker Class
+
|Jun 16-20, Rome Italy
+
|http://www.securityuniversity.net/classes_QSH.php 
+
|-
+
|Basic Data Recovery and Acquisition(BDRA)
+
|Jun 16-19, Hamilton, NJ
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Certified Wireless Security Professional
+
|Jun 16-19, Reston, VA
+
|http://www.securityuniversity.net/classes_CWSP.php
+
|-
+
|EnCase® v6 Computer Forensics II
+
|Jun 16-19, Pasig City, Phillipines
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Jun 17-20, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Internet Examinations
+
|Jun 17-20, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
+
|Jun 17-20, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Neutrino-Mobile Phone Forensics
+
|Jun 17-18, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Jun 17-20, Los Angeles, CA and Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|Jun 17-20, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Introduction to Automated Forensic Tools(AFT)
+
|Jun 23-27, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|Jun 23-27, Washington D.C.
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Jun 23-27, Melbourne, Australia
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|Limited to Law Enforcement
+
|-
+
|Secure Techniques for Onsite Preview(STOP)
+
|Jun 23-24, Shawano, WI
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|e-fense - Live Forensics and Incident Response Featuring Helix
+
|Jun 24-26, Jacksonville, FL
+
|https://www.e-fense.com/register.php
+
|-
+
|EnCase&reg; v6 Computer Forensics I
+
|Jun 24-27, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
+
|Jun 24-27, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Internet Examinations
+
|Jun 24-27, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; Enterprise v6 - Phase I
+
|Jun 24-27, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|Jun 24-27, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Jun 24-27, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Windows Forensics
+
|Jun 24-26, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Advanced Responders - Search and Seizure of SOHO Networks
+
|Jun 24-26, Sacramento, CA
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|Secure Techniques for Onsite Preview(STOP)
+
|Jun 25-26, Shawano, WI
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Jun 30-Jul 04, Brisbane, Australia
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; Enterprise v6 - Phase II
+
|Jun 30-Jul 03, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|Jul 01-03, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|BlackBag Intermediate MacIntosh Forensics
+
|Jul 07-11, Los Angeles, CA
+
|http://www.blackbagtech.com/products/training.htm
+
|Limited to Law Enforcement
+
|-
+
|Linux /Unix Security
+
|Jul 07-10, Reston, VA
+
|http://www.securityuniversity.net/classes_linux_sec.php
+
|-
+
|Certified Ethical Hacker/Qualified Security Hacker/Network Defender
+
|Jul 07-10, San Francisco, CA
+
|http://www.securityuniversity.net/classes_QSH.php
+
|-
+
|Mobile Device Investigations Program (MDIP)
+
|Jul 14-18, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|AccessData&reg; Applied Decryption
+
|Jul 15-17, St Paul, MN
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|Jul 15-17, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Jul 21-Aug 01, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Internet Investigations Training Program (IITP
+
|Jul 21-25, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Intermediate MacIntosh Forensics
+
|Jul 21-25, Santa Clara, CA
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|EC-Council Certified Security Analyst/Qualified Security Analyst/Pen Testing Methods
+
|Jul 21-25, San Francisco, CA
+
|http://www.securityuniversity.net/classes_anti-hacking_pentest.php
+
|-
+
|Licensed Penetration Tester/Qualified Penetration Tester
+
|Jul 21-25, San Francisco, CA
+
|http://www.securityuniversity.net/classes_Licensed_Penetration_Tester.php
+
|-
+
|AccessData&reg; Windows Forensics
+
|Jul 22-24, St Louis, MO
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Computer Hacking Forensic Investigator/Qualified Forensics Expert
+
|July 26-Aug 01, San Francisco, CA
+
|http://www.securityuniversity.net/classes_CHFI.php
+
|-
+
|ILook® Automated Forensic Application(ILook)
+
|Jul 28-Aug 01, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Certified Wireless Network Administrator
+
|July 28-Aug 01, San Francisco, CA
+
|http://www.securityuniversity.net/www.classes_wireless_CWNA.php
+
|-
+
|Certified Wireless Network Admin/Wireless Security Professional Bootcamp
+
|July 29-Aug 07, San Francisco, CA
+
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Aug 04-08, Huntington Beach, CA
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|-
+
|Certified Wireless Network Admin/Wireless Security Professional Bootcamp
+
|Aug 05-14, Reston, VA
+
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
+
|-
+
|Certified Wireless Network Administrator
+
|Aug 05-08, Reston, VA
+
|http://www.securityuniversity.net/classes_wireless_CWNA.php
+
|-
+
|AccessData&reg; BootCamp
+
|Aug 05-07, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|Aug 05-07, Louisville, KY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|Limited to Law Enforcement
+
|-
+
|Certified Wireless Security Professional
+
|Aug 11-14, Reston, VA
+
|http://www.securityuniversity.net/classes_wireless_CWSP.php
+
|-
+
|AccessData&reg; Windows Forensics
+
|Aug 12-14, St Paul, MN
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; BootCamp
+
|Aug 12-14, Albany, NY and New York City, NY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Aug 18-29, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|Aug 18-22, Santa Clara, CA
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|AccessData&reg; BootCamp
+
|Aug 19-21, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; BootCamp
+
|Aug 26-28, Ft Lauderdale, FL
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; BootCamp
+
|Sep 02-04, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Sep 08-19, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|Sep 08-12, Washington D.C.
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Sep 08-12, Bellingham, WA
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|-
+
|Windows NT File System(NTFS)
+
|Sep 08-11, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|ILook® Automated Forensic Application(ILook)
+
|Sep 15-19, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Sep 16-19, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Windows Forensics
+
|Sep 16-18, Columbia, SC
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|Sep 23-26, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Windows Forensics
+
|Sep 23-25, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; BootCamp
+
|Sep 23-25, Dallas, TX
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Applied Decryption
+
|Sep 23-25, Ft Lauderdale, FL
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Sep 30-Oct 03, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Applied Decryption
+
|Oct 07-09, London, UK
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|Oct 07-09, Las Vegas, NV and New York City, NY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; BootCamp
+
|Oct 14-16, Louisville, KY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|Limited to Law Enforcement
+
|-
+
|Windows NT Operating System(NTOS)
+
|Oct 20-23, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Oct 21-24, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 EnScript&reg;  Programming - Phase I
+
|Oct 28-31, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Windows Forensics
+
|Oct 28-30, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Macintosh Forensic Survival Course (MFSC)
+
|Nov 03-07, Bern, Switzerland
+
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
+
|-
+
|Windows NT File System(NTFS)
+
|Nov 03-06, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Nov 04-07, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|Nov 04-06, London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Internet Forensics
+
|Nov 04-06, St Paul, MN
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|Nov 04-06, Albany, NY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|BlackBag Intermediate MacIntosh Forensics
+
|Nov 17-21, Washington D.C.
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
+
|Nov 18-21, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Nov 25-28, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Internet Forensics
+
|Nov 25-27, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Windows Internet Trace Evidence(INET)
+
|Dec 01-05, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|AccessData&reg; Windows Forensics
+
|Dec 02-04, Ft Lauderdale, FL; New York City, NY; and London, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|Windows NT Operating System(NTOS)
+
|Dec 08-11, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Computer Forensics II
+
|Dec 09-12, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; Internet Forensics
+
|Dec 09-11, Dallas, TX and New York City, NY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|AccessData&reg; Windows Forensics
+
|Dec 09-11, Louisville, KY
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|Limited to Law Enforcement
+
|-
+
|EnCase&reg; v6 Advanced Computer Forensics
+
|Dec 16-19, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData&reg; BootCamp
+
|Dec 16-18, Manchester, United Kingdom
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
+
|-
+
|**__2009 EVENTS__**
+
|_______2009_______
+
|-
+
|Linux File System for Computer Forensic Examiners(Linux)
+
|Jan 12-16, 2009, St. Louis, MO
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Windows Internet Trace Evidence(INET)
+
|Jan 19-23, 2009, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
|-
+
|Linux File System for Computer Forensic Examiners(Linux)
+
|Mar 02-06, 2009, Meriden, CT
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited to Law Enforcement
+
 
|-
 
|-
 
|}
 
|}
 +
 +
=== Record ===
 +
<b>TODO describe</b>
 +
 +
== See Also ==
 +
* [[SuperFetch]]
 +
 +
== External Links ==
 +
* [http://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx Inside the Windows Vista Kernel: Part 2], by [[Mark Russinovich]], March 2007
 +
* [http://blog.rewolf.pl/blog/?p=214 Windows SuperFetch file format – partial specification], by ReWolf, October 5, 2011
 +
 +
[[Category:File Formats]]

Revision as of 05:41, 23 April 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

SuperFetch, is a memory management scheme that enhances the least-recently accessed approach with historical information and proactive memory management. [1]

Note that the following format specification are incomplete.

SuperFetch DB files

The Ag*.db files are of the SuperFetch file format. E.g.

AgAppLaunch.db
AgCx_SC*.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_%SID%.db
AgGlUAD_P_%SID%.db
AgRobust.db

The SuperFetch DB files can be stored in uncompressed or compressed form, where different version of Windows use different compressed forms:

  • Compressed SuperFetch DB - MEMO file format; Windows Vista
  • Compressed SuperFetch DB - MEM0 file format; Windows 7
  • Compressed SuperFetch DB - MAM file format; Windows 8

Compressed SuperFetch DB - MEMO file format

The MEM file consists of:

  • file header
  • compressed blocks

This format uses the LZNT1 compression method

File header

The file header is 84 bytes of size and consists of:

Offset Size Value Description
0 4 "MEMO" (0x4d, 0x45, 0x4d, 0x4f) Signature
4 4 Uncompressed (total) data size

Compressed blocks

The compressed block size is the chunk data size, which is part of the LZNT1 compressed data, + 2 bytes for the size of the chunk header itself.

The uncompressed block size is 4096 (0x1000) or the remaining uncompressed data size for the last block.

Compressed SuperFetch DB - MEM0 file format

The MEM file consists of:

  • file header
  • compressed blocks

This format uses the LZXPRESS Huffman compression method

File header

The file header is 84 bytes of size and consists of:

Offset Size Value Description
0 4 "MEM0" (0x4d, 0x45, 0x4d, 0x30) Signature
4 4 Uncompressed (total) data size

Compressed blocks

The file header is followed by compressed blocks:

Offset Size Value Description
0 4 Compressed data size
4 ... Compressed data

The uncompressed block size is 65536 (0x10000) or the remaining uncompressed data size for the last block.

Compressed SuperFetch DB - MAM file format

The MAM file consists of:

  • file header
  • compressed blocks

This format uses the TODO compression method

File header

TODO

Offset Size Value Description
0 4 "MAM\x84" (0x4d, 0x41, 0x4d, 0x84) Signature

Compressed blocks

TODO

Uncompressed SuperFetch DB format

TODO

File header

TODO

Offset Size Value Description
0 4 0x0000000e Unknown (Database type or signature?)
4 4 Uncompressed (total) data size

TRX files

The Ag*.db.trx files are of the TRX file format. E.g.

AgCx_SC*.db.trx

Note that the following format specification is incomplete.

File header

The file header is variable of size and consists of:

Offset Size Value Description
0 4 1 Unknown (Version?)
4 4 Unknown
8 4 File size
12 4 Maximum number of records (of the record offsets array)
16 4 Number of records
20 ... Record offsets array, where the record offset is a 32-bit integer. Unused record offset are set to 0.

Record

TODO describe

See Also

External Links