Difference between revisions of "Gfzip"

From ForensicsWiki
Jump to: navigation, search
 
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Generic Forensic Zip is a set of tools and libraries for creating and
+
Gfzip is a file format designed by [[Rob J Meijer]] to hold forensic copies of disk images. The format provides for images that are both uncompressed and compressed, and allows both data and meta-data to be signed using x509 certificates.
accessing randomly accessible forensic zip files of disk images.
+
 
These files that use an open format (gfzip) defined by this project,
+
Details on gfzip can be found at http://www.nongnu.org/gfzip/
allow a dd disk image to be stored in compressed form and yet be
+
 
randomly accessable through the libgfz library. A second library,
+
[[Category:Forensics File Formats]]
libgfzcreate is made available by this project to allow the creation
+
of gfz files from programs used to acquire disk image data. Finally the
+
project includes a set of basic commandline tools for the creation
+
and verification of gfzip files and for restoring dd images from the
+
gfz files. Next to compression, the gfzip files are made 'safe' for
+
forensic use by the use of x509 certificates and the use of multi level
+
digests (sha256). The x509 certificate that is used to sign the gfz
+
file is embedded into the file, thus carrying all relevant information
+
about the person who acquired the image within the file.
+
One further feature thet gfzip allows is the embedding of (signed)
+
enviroment data and commandline attributes that may be useful as
+
metadata in the further processing of the image files. This metadata may
+
include for example information about the source of the data and the
+
time it was aquired.
+
Future versions of gfzip will also include bad-block information, this
+
is a feature defined in the file format, but not implemented in the
+
first release of gfzip.
+

Latest revision as of 09:33, 23 September 2012

Gfzip is a file format designed by Rob J Meijer to hold forensic copies of disk images. The format provides for images that are both uncompressed and compressed, and allows both data and meta-data to be signed using x509 certificates.

Details on gfzip can be found at http://www.nongnu.org/gfzip/