http://www.forensicswiki.org/w/index.php?title=Snorkel&feed=atom&action=history
Snorkel - Revision history
2013-05-24T06:31:49Z
Revision history for this page on the wiki
MediaWiki 1.20.3
http://www.forensicswiki.org/w/index.php?title=Snorkel&diff=9754&oldid=prev
Joachim Metz: /* Image File Formats Understood */
2012-09-20T19:30:12Z
<p><span dir="auto"><span class="autocomment">Image File Formats Understood</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:30, 20 September 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{|</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{|</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Image file formats</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Image file formats</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|[[<del class="diffchange diffchange-inline">Encase_image_file_format</del>|EnCase]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>|[[<ins class="diffchange diffchange-inline">Encase image file format</ins>|EnCase]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td></tr>
</table>
Joachim Metz
http://www.forensicswiki.org/w/index.php?title=Snorkel&diff=9753&oldid=prev
Joachim Metz at 19:29, 20 September 2012
2012-09-20T19:29:54Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:29, 20 September 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 23:</td>
<td colspan="2" class="diff-lineno">Line 23:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|<del class="diffchange diffchange-inline">RAW (</del>[[<del class="diffchange diffchange-inline">Dd</del>|dd]]<del class="diffchange diffchange-inline">)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>|[[<ins class="diffchange diffchange-inline">Raw Image Format</ins>|<ins class="diffchange diffchange-inline">RAW (</ins>dd<ins class="diffchange diffchange-inline">)</ins>]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|<del class="diffchange diffchange-inline">VMWare (</del>[[<del class="diffchange diffchange-inline">vmdk</del>]]<del class="diffchange diffchange-inline">)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>|[[<ins class="diffchange diffchange-inline">VMWare Virtual Disk Format (VMDK)|VMWare (VMDK)</ins>]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|}</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>
Joachim Metz
http://www.forensicswiki.org/w/index.php?title=Snorkel&diff=9752&oldid=prev
Joachim Metz: /* File Systems Understood */
2012-09-14T15:24:47Z
<p><span dir="auto"><span class="autocomment">File Systems Understood</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:24, 14 September 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 33:</td>
<td colspan="2" class="diff-lineno">Line 33:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{|</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{|</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Volume managers</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Volume managers</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|Windows (LDM)</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|[[Logical Disk Manager (LDM)</ins>|Windows (LDM)<ins class="diffchange diffchange-inline">]]</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|-</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Partitioning schemes</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|Partitioning schemes</div></td></tr>
</table>
Joachim Metz
http://www.forensicswiki.org/w/index.php?title=Snorkel&diff=9751&oldid=prev
Bally: Created page with '{{Infobox_Software | name = Snorkel | maintainer = NFI | os = Java | genre = {{Analysis}} | license = proprietary | website = [http://www.holmes.nl/NFIlabs/Snorkel h…'
2009-08-18T13:00:49Z
<p>Created page with '{{Infobox_Software | name = Snorkel | maintainer = NFI | os = Java | genre = {{Analysis}} | license = proprietary | website = [http://www.holmes.nl/NFIlabs/Snorkel h…'</p>
<p><b>New page</b></p><div>{{Infobox_Software |<br />
name = Snorkel |<br />
maintainer = NFI |<br />
os = Java |<br />
genre = {{Analysis}} |<br />
license = proprietary |<br />
website = [http://www.holmes.nl/NFIlabs/Snorkel http://www.holmes.nl/NFIlabs/Snorkel] |<br />
}}<br />
<br />
'''Snorkel''' is a Java software library that is used by developers of forensic software. Snorkel is not a standalone forensic application, but it is an important piece of infrastructure that can be used by many forensic applications: Snorkel gives access to digital evidence files, file systems, files, slack space, unallocated clusters, etc. This type of access is a key enabler in the development of forensic software systems, ranging from single-purpose stand-alone tools to integrated forensic processing systems.<br />
<br />
Snorkel is developed by the Netherlands Forensic Institute<br />
<br />
=Features=<br />
<br />
Snorkel recognizes and gives access to numerous storage formats for digital evidence, disk partitioning schemes, volume managers, file systems, and structured files. The formats supported are summarized below.<br />
<br />
==Image File Formats Understood==<br />
<br />
{|<br />
|Image file formats<br />
|[[Encase_image_file_format|EnCase]]<br />
|-<br />
| <br />
|RAW ([[Dd|dd]])<br />
|-<br />
| <br />
|VMWare ([[vmdk]])<br />
|}<br />
<br />
==File Systems Understood==<br />
<br />
{|<br />
|Volume managers<br />
|Windows (LDM)<br />
|-<br />
|Partitioning schemes<br />
|PC/MBR<br />
|-<br />
| <br />
|Apple<br />
|-<br />
| <br />
|GPT<br />
|-<br />
| <br />
|BSD<br />
|-<br />
|File systems<br />
|Windows ([[FAT]], [[NTFS]])<br />
|-<br />
| <br />
|Apple ([[MFS]], [[HFS]], [[HFS+]])<br />
|-<br />
| <br />
|Linux ([[Ext3|EXT]], [[Reiserfs|Reiser]])<br />
|-<br />
| <br />
|Solaris, BSD ([[UFS]])<br />
|-<br />
| <br />
|CD ([[ISO9660]], Joliet)<br />
|-<br />
|File Formats<br />
|Windows registry (Win 9x, NT)<br />
|-<br />
| <br />
|Microsoft Office (OLE2)<br />
|}<br />
<br />
<!-- ==File Search Facilities== --><br />
<!-- ==Historical Reconstruction== --><br />
<!-- Can it build timelines and search by creation date? --><br />
<!-- ==Searching Abilities== --><br />
<!-- Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata? --><br />
<!-- ==Hash Databases== --><br />
<!-- Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? --><br />
<!-- What sort of hash functions does it use? --><br />
<!-- ==Evidence Collection Features== --><br />
<!-- Can it sign files? Does it keep an audit log? --><br />
<!-- =History= --><br />
<br />
==License Notes==<br />
<br />
Snorkel is has a proprietary license.<br />
An evaluation version is available from the website.<br />
<br />
= External Links =<br />
<br />
* [http://www.forensischinstituut.nl/ the Netherlands Forensic Institute]<br />
* [http://www.holmes.nl/NFIlabs/Snorkel Snorkel website]<br />
<br />
<!-- ==External Reviews== --></div>
Bally