Difference between pages "Dfvfs" and "Libsmraw"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = dfvfs |
+
   name = libsmraw |
   maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
   maintainer = [[Joachim Metz]] |
   os = [[Linux]], [[Mac OS X]], [[Windows]] |
+
   os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
   genre = {{Analysis}} |
+
   genre = {{Disk imaging}} |
   license = {{APL}} |
+
   license = {{LGPL}} |
   website = [https://code.google.com/p/dfvfs/ code.google.com/p/dfvfs/] |
+
   website = [https://code.google.com/p/libsmraw/ code.google.com/p/libsmraw/] |
 
}}
 
}}
  
dfVFS, or Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
+
The '''libsmraw''' package contains a library and applications to read and write (split) RAW storage media bitstream copies.
 +
Libsmraw contains supports for multiple (split) RAW naming schemes.
  
dfVFS is currently implemented as a Python module.
+
== History ==
  
== Supported Formats ==
+
Libsmraw was created by [[Joachim Metz]] in 2010, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
The information below is based of version 20140621.
+
Libsmraw is a rewrite of earlier work for the proof-of-concept multi-threaded imager: GNOME Forensic Imager.
  
=== Storage media types ===
+
== Tools ==  
* [[Encase image file format]] or EWF (EWF-E01, EWF-Ex01, EWF-S01) using [[libewf]]
+
The '''libsmraw''' package contains the following tools:
* [[QCOW Image Format]] or QCOW using [[libqcow]]
+
* '''smrawmount''', which FUSE mounts (split) RAW image files.
* [[Raw Image Format]] or (split) RAW using [[libsmraw]]
+
* Storage media devices using [[libsmdev]]
+
* [[Virtual Disk Image (VDI)]] or VHD using [[libvhdi]]
+
* [[VMWare Virtual Disk Format (VMDK)]] using [[libvmdk]]
+
  
=== Volume systems ===
+
The '''libsmraw''' package also contains the following bindings:
* using [[sleuthkit]] and [[pytsk]]
+
* '''pysmraw''', bindings for Python.
** [[APM]]
+
** [[GPT]]
+
** [[MBR]]
+
* [[BitLocker Disk Encryption]] or BDE using [[libbde]]
+
* [[Windows Shadow Volumes]] or VSS using [[libvshadow]]
+
  
=== File systems ===
+
== Examples ==  
* using [[sleuthkit]] and [[pytsk]]
+
** [[Extended File System (Ext)]] version 2, 3, 4
+
** [[FAT]]
+
** [[HFS+|HFS, HFS+, HFSX]]
+
** [[New Technology File System (NTFS)]] version 3
+
** [[Unix File System (UFS)]] version 1, 2
+
  
== History ==
+
FUSE mounting a split RAW image (libsmraw 20110916 or later)
dfVFS originates from the [[plaso|Plaso project]]. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of the VFS functionality. dfVFS originally was named PyVFS, but that name conflicted with another project.
+
<pre>
 +
smrawmount image.raw.000 mount_point
 +
</pre>
  
== See Also ==
+
Or:
* [[plaso]]
+
<pre>
 +
smrawmount image.raw.??? mount_point
 +
</pre>
 +
 
 +
== Also See ==
 +
[[Raw_Image_Format | RAW Image format]]
  
 
== External Links ==
 
== External Links ==
* [https://code.google.com/p/dfvfs/ Project site]
+
 
* [https://code.google.com/p/dfvfs/wiki/dfvfs Developing Python code using dfvfs]
+
* [https://code.google.com/p/libsmraw/ Project site]

Revision as of 07:45, 21 June 2014

libsmraw
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Disk imaging
License: LGPL
Website: code.google.com/p/libsmraw/

The libsmraw package contains a library and applications to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes.

History

Libsmraw was created by Joachim Metz in 2010, while working for Hoffmann Investigations. Libsmraw is a rewrite of earlier work for the proof-of-concept multi-threaded imager: GNOME Forensic Imager.

Tools

The libsmraw package contains the following tools:

  • smrawmount, which FUSE mounts (split) RAW image files.

The libsmraw package also contains the following bindings:

  • pysmraw, bindings for Python.

Examples

FUSE mounting a split RAW image (libsmraw 20110916 or later)

smrawmount image.raw.000 mount_point

Or:

smrawmount image.raw.??? mount_point

Also See

RAW Image format

External Links