Difference between pages "Imager NG Ideas" and "Tapeworm"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(de-duplication)
 
 
Line 1: Line 1:
This page is for discussing ideas regarding next-generation (NG) imaging tools.
+
{{Infobox_Software |
 +
  name = TAPEWORM |
 +
  maintainer = [[Douglas Koster]] |
 +
  os = [[Linux]] |
 +
  genre = {{Analysis}} |
 +
  license = unknown |
 +
  website = [http://feedthetapeworm.com/ feedthetapeworm.com/] |
 +
}}
  
Note that some of the ideas mentioned can be already used by imaging tools, but the idea of this page is to determine how useful these features could be for next-generation of imaging tools.
+
From the [http://feedthetapeworm.com/ project site]:
The scope is mainly a software-based imaging tools, but not limited to. Some features might not be doable, because of limitations of certain image file formats.
+
  
Please, do not delete text (ideas) here. Use something like this:
+
TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.
 +
TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:
 +
* [[log2timeline]]
 +
* bulk_extractor
 +
* regripper
 +
* exiftool
 +
* volatility
 +
* Anti-Virus Scanning
 +
* Find Files of Interest
  
<pre>
+
== Tools ==
<s>bad idea</s>
+
good idea
+
</pre>
+
  
This will look like:
+
== History ==
  
<s>bad idea</s>
+
== External Links ==
  
good idea
+
* [http://feedthetapeworm.com/ Project site]
 
+
= License =
+
 
+
= Features =
+
* Compression
+
* Integrity checks
+
* Encryption
+
* Error correction (parity)
+
* Pre-processing during imaging
+
* User suspend/resume, resume after failure
+
* Remote imaging
+
* Error resistance in reading storage media, e.d. disks
+
** maybe have different techniques, e.g. to use for heavily damaged storage media
+
* Support different types of storage media
+
** disk
+
** volume
+
** optical discs
+
** memory
+
** files and directories
+
* Store relevant data about the storage media and the imaging process
+
** read errors
+
* Support multiple image format
+
** not all image formats have support for all the features
+
 
+
== Compression ==
+
* Reduces the amount of data that needs to be written; improved the overall imaging speed.
+
** hash-based imaging
+
** detection of easy (emtpy-block) and hard (encrypted block) to compress data
+
** multi-threaded compression
+
** sparse ranges
+
** de-duplication
+
 
+
=== de-duplication ===
+
* hash-based imaging
+
* sparse or repeated ranges
+
* pattern-fill
+
 
+
== Integrity checks ==
+
* Integrity hash (MD5, SHA1, SHA256)
+
* piecewise hashing
+
 
+
= Image format =
+
Implied features for an image format
+
* High-speed imaging
+
* Compact storage
+
* Error-resistant storage (over a longer time)
+
* Minimal overhead on read
+
* Evidence bag
+
** multiple images in one image format
+
** support for additional information e.g. case data
+
 
+
[[Category:Research]]
+

Revision as of 00:41, 17 September 2012

TAPEWORM
Maintainer: Douglas Koster
OS: Linux
Genre: Analysis
License: unknown
Website: feedthetapeworm.com/

From the project site:

TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools. TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:

  • log2timeline
  • bulk_extractor
  • regripper
  • exiftool
  • volatility
  • Anti-Virus Scanning
  • Find Files of Interest

Tools

History

External Links