Difference between revisions of "Gfzip"

From ForensicsWiki
Jump to: navigation, search
 
(Generic Forensic Zip)
Line 20: Line 20:
 
Future versions of gfzip will also include bad-block information, this
 
Future versions of gfzip will also include bad-block information, this
 
is a feature defined in the file format, but not implemented in the
 
is a feature defined in the file format, but not implemented in the
first release of gfzip.
+
first release of gfzip. Details on gfzip can be found at http://www.nongnu.org/gfzip/

Revision as of 05:31, 7 March 2006

Generic Forensic Zip is a set of tools and libraries for creating and accessing randomly accessible forensic zip files of disk images. These files that use an open format (gfzip) defined by this project, allow a dd disk image to be stored in compressed form and yet be randomly accessable through the libgfz library. A second library, libgfzcreate is made available by this project to allow the creation of gfz files from programs used to acquire disk image data. Finally the project includes a set of basic commandline tools for the creation and verification of gfzip files and for restoring dd images from the gfz files. Next to compression, the gfzip files are made 'safe' for forensic use by the use of x509 certificates and the use of multi level digests (sha256). The x509 certificate that is used to sign the gfz file is embedded into the file, thus carrying all relevant information about the person who acquired the image within the file. One further feature thet gfzip allows is the embedding of (signed) enviroment data and commandline attributes that may be useful as metadata in the further processing of the image files. This metadata may include for example information about the source of the data and the time it was aquired. Future versions of gfzip will also include bad-block information, this is a feature defined in the file format, but not implemented in the first release of gfzip. Details on gfzip can be found at http://www.nongnu.org/gfzip/