Difference between revisions of "Raw Image Format"

From ForensicsWiki
Jump to: navigation, search
(File types)
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
A '''raw image file''' is a bit-for-bit copy of the data that exists on the original media without any additions or deletions. There is no [[metadata]] attached to these files. Original used by [[dd]], these files can generally be used by computer forensics programs.
+
The RAW Image Format is used to store a disk or volume image.
  
[[Category:Forensics File Format]]
+
== File types ==
 +
Some variants of the RAW Image Format split the data among multiple segment files, which is also known as split RAW.
 +
 
 +
There are various naming schemes for RAW Image Format files, some of the more common used for disk or volume images are:
 +
* PREFIX.dd
 +
* PREFIX.dmg
 +
* PREFIX.img
 +
* PREFIX.raw
 +
* PREFIX.0 - PREFIX.#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX.000
 +
* PREFIX0 - PREFIX#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX000
 +
* PREFIXaa - PREFIXzz; variations: consisting of more letters e.g. PREFIX.aaa
 +
* PREFIX.1of5 - PREFIX.5of5; variations: consisting of multiple segment files
 +
* PREFIX001.asb - PREFIX###.asb
 +
* PREFIX-f001.vmdk - PREFIX-f###.vmdk; variations: starting with 001
 +
 
 +
 
 +
Note that there are also RAW Image Formats specific to the storage media, e.g. RAW optical disc image.
 +
 
 +
These often are accompanied by a table of contents file often in the [[CUE Sheet format]], e.g.
 +
* BIN/CUE
 +
* ISO/CUE
 +
 
 +
== Contents ==
 +
The RAW Image Format is basically a bit-for-bit copy of the RAW data of either the disk or the volume, without any additions or deletions.
 +
 
 +
There is no [[metadata]] stored in RAW Image Format files. However sometimes the metadata is stored in secondary files.
 +
 
 +
The RAW Image Format was original used by [[dd]], but is supported by most of the computer forensics applications.
 +
 
 +
== See Also ==
 +
* [[Disk Images]]
 +
 
 +
== Tools ==
 +
* [[Dd|dd]]
 +
* [[dc3dd]]
 +
* [[dcfldd]]
 +
* [[dd_rescue]]
 +
* [[ddrescue]]
 +
 
 +
[[Category:Forensics File Formats]]

Revision as of 05:46, 2 April 2013

The RAW Image Format is used to store a disk or volume image.

File types

Some variants of the RAW Image Format split the data among multiple segment files, which is also known as split RAW.

There are various naming schemes for RAW Image Format files, some of the more common used for disk or volume images are:

  • PREFIX.dd
  • PREFIX.dmg
  • PREFIX.img
  • PREFIX.raw
  • PREFIX.0 - PREFIX.#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX.000
  • PREFIX0 - PREFIX#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX000
  • PREFIXaa - PREFIXzz; variations: consisting of more letters e.g. PREFIX.aaa
  • PREFIX.1of5 - PREFIX.5of5; variations: consisting of multiple segment files
  • PREFIX001.asb - PREFIX###.asb
  • PREFIX-f001.vmdk - PREFIX-f###.vmdk; variations: starting with 001


Note that there are also RAW Image Formats specific to the storage media, e.g. RAW optical disc image.

These often are accompanied by a table of contents file often in the CUE Sheet format, e.g.

  • BIN/CUE
  • ISO/CUE

Contents

The RAW Image Format is basically a bit-for-bit copy of the RAW data of either the disk or the volume, without any additions or deletions.

There is no metadata stored in RAW Image Format files. However sometimes the metadata is stored in secondary files.

The RAW Image Format was original used by dd, but is supported by most of the computer forensics applications.

See Also

Tools