ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Gfzip"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 1: Line 1:
{{Wikify}}
+
Gfzip is a file format designed by [[Rob J Meijer]] to hold forensic copies of disk images. The format provides for images that are both uncompressed and compressed, and allows both data and meta-data to be signed using x509 certificates.
  
Generic Forensic Zip is a set of tools and libraries for creating and
+
Details on gfzip can be found at http://www.nongnu.org/gfzip/
accessing randomly accessible forensic zip files of disk images.
+
These files that use an open format (gfzip) defined by this project,
+
allow a dd disk image to be stored in compressed form and yet be
+
randomly accessable through the libgfz library. A second library,
+
libgfzcreate is made available by this project to allow the creation
+
of gfz files from programs used to acquire disk image data. Finally the
+
project includes a set of basic commandline tools for the creation
+
and verification of gfzip files and for restoring dd images from the
+
gfz files. Next to compression, the gfzip files are made 'safe' for
+
forensic use by the use of x509 certificates and the use of multi level
+
digests (sha256). The x509 certificate that is used to sign the gfz
+
file is embedded into the file, thus carrying all relevant information
+
about the person who acquired the image within the file.
+
One further feature thet gfzip allows is the embedding of (signed)
+
enviroment data and commandline attributes that may be useful as
+
metadata in the further processing of the image files. This metadata may
+
include for example information about the source of the data and the
+
time it was aquired.
+
Future versions of gfzip will also include bad-block information, this
+
is a feature defined in the file format, but not implemented in the
+
first release of gfzip. Details on gfzip can be found at http://www.nongnu.org/gfzip/
+

Revision as of 03:06, 4 February 2007

Gfzip is a file format designed by Rob J Meijer to hold forensic copies of disk images. The format provides for images that are both uncompressed and compressed, and allows both data and meta-data to be signed using x509 certificates.

Details on gfzip can be found at http://www.nongnu.org/gfzip/