ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Windows SuperFetch Format" and "Afentis forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (TRX file)
 
(External Link)
 
Line 1: Line 1:
{{expand}}
 
  
== MEMO file ==
+
== Afentis Forensics ==
Some of the <tt>Ag*.db</tt> files are MEMO files.
+
  
The MEMO file consists of:
+
Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.
* file header
+
* compressed blocks
+
  
=== File header ===
+
Produce a number of eDiscovery and digital evidence software tools, including:
The file header is 84 bytes of size and consists of:
+
{| class="wikitable"
+
|-
+
! Offset
+
! Size
+
! Value
+
! Description
+
|-
+
| 0
+
| 4
+
| 0x304D454D ("MEM0") or 0x4F4D454D ("MEMO")
+
| Signature
+
|-
+
| 4
+
| 4
+
|
+
| Uncompressed (total) data size
+
|-
+
|}
+
  
=== Compressed blocks ===
+
[http://www.facebookforensics.com/ Facebook Forensic Toolkit]
The file header is followed by compressed blocks:
+
{| class="wikitable"
+
|-
+
! Offset
+
! Size
+
! Value
+
! Description
+
|-
+
| 0
+
| 4
+
|
+
| Compressed data size
+
|-
+
| 4
+
| ...
+
|
+
| Compressed data
+
|-
+
|}
+
  
=== Uncompressed data ===
+
[http://www.linkedinforensics.com/ LinkedIn Forensic Toolkit]
<b>TODO</b>
+
  
== TRX file ==
+
[http://www.youtubeforensics.com/ YouTube Forensic Toolkit]
The <tt>Ag*.db.trx</tt> files are TRX files.
+
  
<b>Note that the following format specification is incomplete.</b>
+
[http://www.tumblrforensics.com/ Tumblr Forensic Toolkit]
  
=== File header ===
 
The file header is 84 bytes of size and consists of:
 
{| class="wikitable"
 
|-
 
! Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 4
 
| 1
 
| Unknown (Version?)
 
|-
 
| 4
 
| 4
 
|
 
| Unknown
 
|-
 
| 8
 
| 4
 
|
 
| File size
 
|-
 
| 12
 
| 4
 
|
 
| Unknown (Record count?)
 
|-
 
| 16
 
| 4
 
|
 
| Unknown (Record count?)
 
|-
 
|}
 
  
== See Also ==
+
== External Link ==
* [[SuperFetch]]
+
  
== External Links ==
+
[http://www.afentis.com/ Official Website]
* [http://blog.rewolf.pl/blog/?p=214 Windows SuperFetch file format – partial specification], by ReWolf, October 5, 2011
+
 
+
[[Category:File Formats]]
+

Revision as of 17:36, 26 May 2014

Afentis Forensics

Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.

Produce a number of eDiscovery and digital evidence software tools, including:

Facebook Forensic Toolkit

LinkedIn Forensic Toolkit

YouTube Forensic Toolkit

Tumblr Forensic Toolkit


External Link

Official Website