Difference between pages "Libuna" and "Joachim Metz"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{Infobox_Software |
+
Joachim Metz is a Digital researcher, IT/IS specialist.
  name = libuna |
+
  maintainer = [[Joachim Metz]] |
+
  os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{LGPL}} |
+
  website = [http://libuna.sourceforge.net libuna.sourceforge.net] |
+
}}
+
  
The '''libuna''' package contains [[Linux]] based library and applications to read and write the [[Text File (TXT)]] format in different characters encodings.
+
In 2006 he started working in the field of computer forensics as a digital forensic investigator at Hoffmann Investigations.
 +
At that time Hoffmann Investigations carried out digital forensic investigations for organisations (private law).
  
Libuna currently supports:
+
Before that he worked in multiple Information Communication Technology (ICT) disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS).
* Basic 7-bit ASCII
+
He has been working in the field of digital forensics for several years now.
* Extended 8-bit ASCII with codepages: ISO 8859-1, 8859-2, 8859-3, 8859-4, 8859-5, 8859-6, 8859-7, 8859-8, 8859-9, 8859-10, 8859-11, 8859-13, 8859-14, 8859-15, [[Windows]] 874, 1250, 1251, 1252, 1253, 1254, 1255, 1256, 1257, 1258, and Kod Obmena Informatsiey 8-bit KOI8-R, KOI8-U
+
* Unicode: UTF-7, UTF-8, UTF-16, UTF-32
+
  
== History ==
+
''Philosophy warning''
  
Libuna was created by [[Joachim Metz]] in 2008, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
+
In his opinion digital forensic investigators should be transparent in both their findings and methods.
 +
The statement "the tool provided me with the evidence" just does not cut it.
 +
In his work he experienced a lot of serious errors in 'digital forensic software' and corresponding human interpretation, e.g. tools that represent the FAT access date as a date and time value and is interpreted as such. He has put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.
  
The codepages are based on [http://www.gnu.org/software/libiconv/ libiconv] and documentation available by [[Microsoft]].
+
''Ancient history alert''
  
Currently libuna mainly supports the Windows codepages to be able to convert these when encountered in file formats that use them.
+
For him breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
  
Libuna is intended as a character encoding support library and is used in:
+
''Marketing alert''
* [[libewf]]
+
* [[libnk2]]
+
* [[libpff]]
+
  
== Tools ==
+
Some of his recent work are file format libraries like: [[libewf]], [[liblnk]], [[libmsiecf]], [[libnk2]], [[libpff]] and [[libesedb]]
The '''libuna''' package contains the following tools:
+
and the proof-of-concept carving tool called [[ReviveIt (revit)|revit]], which keeps surprising him because of its versatile application even in recovering NTFS-compressed files.
* '''unaexport''', which exports the plain text files in different encodings. It also allows end of line conversion and control over the byte order mark (BOM).
+
  
== External Links ==
+
More info can be found on [http://code.google.com/p/libyal/ libyal].
  
* [http://libuna.sourceforge.net libuna project site]
+
The challenge he likes about the field of digital forensics is that there is a lot out there still to be discovered ;-)
 +
 
 +
[[Category:People]]

Revision as of 04:42, 26 August 2012

Joachim Metz is a Digital researcher, IT/IS specialist.

In 2006 he started working in the field of computer forensics as a digital forensic investigator at Hoffmann Investigations. At that time Hoffmann Investigations carried out digital forensic investigations for organisations (private law).

Before that he worked in multiple Information Communication Technology (ICT) disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS). He has been working in the field of digital forensics for several years now.

Philosophy warning

In his opinion digital forensic investigators should be transparent in both their findings and methods. The statement "the tool provided me with the evidence" just does not cut it. In his work he experienced a lot of serious errors in 'digital forensic software' and corresponding human interpretation, e.g. tools that represent the FAT access date as a date and time value and is interpreted as such. He has put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.

Ancient history alert

For him breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.

Marketing alert

Some of his recent work are file format libraries like: libewf, liblnk, libmsiecf, libnk2, libpff and libesedb and the proof-of-concept carving tool called revit, which keeps surprising him because of its versatile application even in recovering NTFS-compressed files.

More info can be found on libyal.

The challenge he likes about the field of digital forensics is that there is a lot out there still to be discovered ;-)