Difference between pages "AFF Development Task List" and "User:Chuv"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Personal presentation)
 
Line 1: Line 1:
== High Priority ==
+
I'm forensic in IT as a complementary job. I'm Senior Project Manager (PMI-PMP) working for a large IT company in Belgium.
  
* When afinfo -a is run on a non-AFF file, it notes it is a "Raw" file, but continues to attempt to process segments. It should exit if it does not find valid AFF segments. For example, running it against a raw image of a 40GB disk created with aimage, afinfo -a reported 2,386 segments then finished with the error message "Cannot calculate missing pages."
+
My present focus in on the evidence of legal/illegal use of commercial software.
 
+
* The library does not compile on 64-bit versions of Fedora Core 7 Linux.
+
 
+
* Create man pages and/or documentation for AFF toolkit. To wit:
+
 
+
* [[aimage]]
+
* [[ident]]
+
* [[afcat]]
+
* [[afcompare]]
+
* [[afconvert]]
+
* [[affix]]
+
* [[affuse]]
+
* [[afinfo]]
+
* [[afstats]]
+
* [[afxml]]
+
* [[afsegment]]
+
 
+
* Add a usage description to [[afcat]]. When run with no arguments the output should say what the program does.
+
 
+
* Create man pages and/or documentation for AFF library functions (e.g. ,<tt>af_open</tt>, <tt>af_get_imagesize</tt>)
+
 
+
* Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary <em>on that machine</em>. There is no good way to determine those extra libraries.
+
 
+
* Document that <tt>af_write</tt> may not be called without first setting the <tt>image_pagesize</tt> value inside of the <tt>AFFILE</tt> structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that <tt>image_pagesize</tt> is not zero and 2. Set <tt>image_pagesize</tt> to a known good default value when opening a new AFF file for writing.
+
 
+
* Check aimage ability to write a file of 1,073,741,825 bytes ((2**30)+1). Correctly reported reading/writing a file that was a 1,073,741,824 random byte stream, but did not pick up the extra byte when it was added to the file. ls -la correctly shows the size with the extra byte. Also, added 42 additional bytes which were not apparently read or written.  UPDATE - With 511 bytes added, still didn't read/write full file, however, adding 512 bytes did cause the whole file (1,073,742,336 bytes) to be read/written.
+
 
+
== Medium Priority ==
+
 
+
* How about renaming the library to libaff? That would allow developers to link with <tt>-laff</tt> instead of <tt>-lafflib</tt>. To my knowledge, there is no existing library named AFF already.
+
:: Response: The problem with doing this is that we have AFFLIB.ORG; AFF.ORG is the Arab Film Festival.
+
 
+
* Is there a set of segment names that must be defined to have a ''valid'' AFF file?
+
 
+
* Document that <tt>af_open</tt> (when writing a file) does more than a standard <tt>fopen</tt> command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
+
 
+
* Does <tt>af_open</tt> refuse to open a file for writing if it already exists? If so, what kind of error does it return?
+
 
+
* Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of <tt>$ afinfo -a</tt>.
+
 
+
== Low Priority ==
+
 
+
* Add library function to open standard input. Perhaps:
+
 
+
<pre>AFFILE * af_open_stdin(void);</pre>
+

Latest revision as of 07:34, 19 July 2007

I'm forensic in IT as a complementary job. I'm Senior Project Manager (PMI-PMP) working for a large IT company in Belgium.

My present focus in on the evidence of legal/illegal use of commercial software.