ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Dfvfs" and "Compression"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Deflate/Inflate)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{Expand}}
  name = dfvfs |
+
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{APL}} |
+
  website = [https://code.google.com/p/dfvfs/ code.google.com/p/dfvfs/] |
+
}}
+
  
dfVFS, or Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
+
== LZ-based ==
  
dfVFS is currently implemented as a Python module.
+
=== Deflate/Inflate ===
 +
Used in:
 +
* [[Gzip|gzip]]
  
== Supported Formats ==
+
=== LZNT1 ===
The information below is based of version 20140621.
+
Used in:
 +
* [[NTFS]]
 +
* [[Windows SuperFetch Format]]
  
=== Storage media types ===
+
=== LZXPRESS ===
* [[Encase image file format]] or EWF (EWF-E01, EWF-Ex01, EWF-S01) using [[libewf]]
+
Used in:
* [[QCOW Image Format]] or QCOW using [[libqcow]]
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]
* [[Raw Image Format]] or (split) RAW using [[libsmraw]]
+
* Storage media devices using [[libsmdev]]
+
* [[Virtual Disk Image (VDI)]] or VHD using [[libvhdi]]
+
* [[VMWare Virtual Disk Format (VMDK)]] using [[libvmdk]]
+
  
=== Volume systems ===
+
=== LZXPRESS Huffman ===
* using [[sleuthkit]] and [[pytsk]]
+
Used in:
** [[APM]]
+
* [[Windows SuperFetch Format]]
** [[GPT]]
+
** [[MBR]]
+
* [[BitLocker Disk Encryption]] or BDE using [[libbde]]
+
* [[Windows Shadow Volumes]] or VSS using [[libvshadow]]
+
  
=== File systems ===
+
== External Links ==
* using [[sleuthkit]] and [[pytsk]]
+
* [http://en.wikipedia.org/wiki/Lempel-Ziv Wikipedia: Lempel-Ziv]
** [[Extended File System (Ext)]] version 2, 3, 4
+
* [http://www.coderforlife.com/microsoft-compression-formats/ Microsoft Compression Formats]
** [[FAT]]
+
** [[HFS+|HFS, HFS+, HFSX]]
+
** [[New Technology File System (NTFS)]] version 3
+
** [[Unix File System (UFS)]] version 1, 2
+
  
== History ==
+
=== Deflate/Inflate ===
dfVFS originates from the [[plaso|Plaso project]]. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of the VFS functionality. dfVFS originally was named PyVFS, but that name conflicted with another project.
+
* [http://en.wikipedia.org/wiki/DEFLATE Wikipedia: DEFLATE]
 +
* [https://tools.ietf.org/html/rfc1950 IETF: RFC1950 - ZLIB Compressed Data Format Specification]
 +
* [https://tools.ietf.org/html/rfc1951 IETF: RFC1951 - DEFLATE Compressed Data Format Specification]
  
== See Also ==
+
=== LZ1 ===
* [[plaso]]
+
* [http://andyh.org/LZ1.html LZ1]
 
+
== External Links ==
+
* [https://code.google.com/p/dfvfs/ Project site]
+
* [https://code.google.com/p/dfvfs/wiki/dfvfs Developing Python code using dfvfs]
+

Revision as of 13:56, 21 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

LZ-based

Deflate/Inflate

Used in:

LZNT1

Used in:

LZXPRESS

Used in:

LZXPRESS Huffman

Used in:

External Links

Deflate/Inflate

LZ1