Difference between revisions of "Snorkel"

From Forensics Wiki
Jump to: navigation, search
(File Systems Understood)
Line 23: Line 23:
 
|-
 
|-
 
|  
 
|  
|RAW ([[Dd|dd]])
+
|[[Raw Image Format|RAW (dd)]]
 
|-
 
|-
 
|  
 
|  
|VMWare ([[vmdk]])
+
|[[VMWare Virtual Disk Format (VMDK)|VMWare (VMDK)]]
 
|}
 
|}
  

Revision as of 14:29, 20 September 2012

Snorkel
Maintainer: NFI
OS: Java
Genre: Analysis
License: proprietary
Website: http://www.holmes.nl/NFIlabs/Snorkel

Snorkel is a Java software library that is used by developers of forensic software. Snorkel is not a standalone forensic application, but it is an important piece of infrastructure that can be used by many forensic applications: Snorkel gives access to digital evidence files, file systems, files, slack space, unallocated clusters, etc. This type of access is a key enabler in the development of forensic software systems, ranging from single-purpose stand-alone tools to integrated forensic processing systems.

Snorkel is developed by the Netherlands Forensic Institute

Contents

Features

Snorkel recognizes and gives access to numerous storage formats for digital evidence, disk partitioning schemes, volume managers, file systems, and structured files. The formats supported are summarized below.

Image File Formats Understood

Image file formats EnCase
RAW (dd)
VMWare (VMDK)

File Systems Understood

Volume managers Windows (LDM)
Partitioning schemes PC/MBR
Apple
GPT
BSD
File systems Windows (FAT, NTFS)
Apple (MFS, HFS, HFS+)
Linux (EXT, Reiser)
Solaris, BSD (UFS)
CD (ISO9660, Joliet)
File Formats Windows registry (Win 9x, NT)
Microsoft Office (OLE2)


License Notes

Snorkel is has a proprietary license. An evaluation version is available from the website.

External Links