Difference between pages "Windows SuperFetch Format" and "Afentis forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (TRX file)
 
(External Link)
 
Line 1: Line 1:
{{expand}}
 
  
== MEMO file ==
+
== Afentis Forensics ==
Some of the <tt>Ag*.db</tt> files are MEMO files.
+
  
The MEMO file consists of:
+
Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.
* file header
+
* compressed blocks
+
  
=== File header ===
+
Produce a number of eDiscovery and digital evidence software tools, including:
The file header is 84 bytes of size and consists of:
+
{| class="wikitable"
+
|-
+
! Offset
+
! Size
+
! Value
+
! Description
+
|-
+
| 0
+
| 4
+
| 0x304D454D ("MEM0") or 0x4F4D454D ("MEMO")
+
| Signature
+
|-
+
| 4
+
| 4
+
|
+
| Uncompressed (total) data size
+
|-
+
|}
+
  
=== Compressed blocks ===
+
[http://www.facebookforensics.com/ Facebook Forensic Toolkit]
The file header is followed by compressed blocks:
+
{| class="wikitable"
+
|-
+
! Offset
+
! Size
+
! Value
+
! Description
+
|-
+
| 0
+
| 4
+
|
+
| Compressed data size
+
|-
+
| 4
+
| ...
+
|
+
| Compressed data
+
|-
+
|}
+
  
=== Uncompressed data ===
+
[http://www.linkedinforensics.com/ LinkedIn Forensic Toolkit]
<b>TODO</b>
+
  
== TRX file ==
+
[http://www.youtubeforensics.com/ YouTube Forensic Toolkit]
The <tt>Ag*.db.trx</tt> files are TRX files.
+
  
<b>Note that the following format specification is incomplete.</b>
+
[http://www.tumblrforensics.com/ Tumblr Forensic Toolkit]
  
=== File header ===
 
The file header is 84 bytes of size and consists of:
 
{| class="wikitable"
 
|-
 
! Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 4
 
| 1
 
| Unknown (Version?)
 
|-
 
| 4
 
| 4
 
|
 
| Unknown
 
|-
 
| 8
 
| 4
 
|
 
| File size
 
|-
 
| 12
 
| 4
 
|
 
| Unknown (Record count?)
 
|-
 
| 16
 
| 4
 
|
 
| Unknown (Record count?)
 
|-
 
|}
 
  
== See Also ==
+
== External Link ==
* [[SuperFetch]]
+
  
== External Links ==
+
[http://www.afentis.com/ Official Website]
* [http://blog.rewolf.pl/blog/?p=214 Windows SuperFetch file format – partial specification], by ReWolf, October 5, 2011
+
 
+
[[Category:File Formats]]
+

Revision as of 13:36, 26 May 2014

Afentis Forensics

Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.

Produce a number of eDiscovery and digital evidence software tools, including:

Facebook Forensic Toolkit

LinkedIn Forensic Toolkit

YouTube Forensic Toolkit

Tumblr Forensic Toolkit


External Link

Official Website