Difference between pages "MacOSX" and "Dfvfs"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (LaunchAgents)
 
(Supported Formats)
 
Line 1: Line 1:
{{Expand}}
+
{{Infobox_Software |
 +
  name = dfvfs |
 +
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/dfvfs/ code.google.com/p/dfvfs/] |
 +
}}
  
== LaunchDaemons ==
+
dfVFS, or Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
System-wide:
+
<pre>
+
/Library/LaunchDaemons
+
/System/Library/LaunchDaemons
+
</pre>
+
  
These directories contain [[Property list (plist)]] files.
+
dfVFS is currently implemented as a Python module.
  
== LaunchAgents ==
+
== Supported Formats ==
System-wide:
+
=== Storage media types ===
<pre>
+
* [[Encase image file format]] or EWF (EWF-E01, EWF-Ex01, EWF-S01) using [[libewf]]
/Library/LaunchAgents
+
* [[Raw Image Format]] or RAW using Python
/System/Library/LaunchAgents
+
* [[QCOW Image Format]] or QCOW using [[libqcow]]
</pre>
+
* Storage media devices using [[libsmdev]]
 +
* [[Virtual Disk Image (VDI)]] or VHD using [[libvhdi]]
 +
* [[VMWare Virtual Disk Format (VMDK)]] using [[libvmdk]]
  
Per user:
+
=== Volume systems ===
<pre>
+
* using [[sleuthkit]] and [[pytsk]]
/Users/$USERNAME/Library/LaunchAgents
+
** [[APM]]
</pre>
+
** [[GPT]]
 +
** [[MBR]]
 +
* [[Windows Shadow Volumes]] or VSS using [[libvshadow]]
  
These directories contain  [[Property list (plist)]] files.
+
=== File systems ===
 +
* using [[sleuthkit]] and [[pytsk]]
 +
** [[Extended File System (Ext)]] version 2, 3, 4
 +
** [[FAT]]
 +
** [[HFS+|HFS, HFS+, HFSX]]
 +
** [[New Technology File System (NTFS)]] version 3
 +
** [[Unix File System (UFS)]] version 1, 2
  
== Internet Plug-Ins ==
+
== History ==
System-wide:
+
dfVFS originates from the [[plaso|Plaso project]]. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of the VFS functionality. dfVFS originally was named PyVFS, but that name conflicted with another project.
<pre>
+
/Library/Internet Plug-Ins
+
</pre>
+
  
Per user:
+
== See Also ==
<pre>
+
* [[plaso]]
/Users/$USERNAME/Library/Internet Plug-Ins
+
</pre>
+
 
+
== See also ==
+
* [[Property list (plist)]]
+
  
 
== External Links ==
 
== External Links ==
 
+
* [https://code.google.com/p/dfvfs/ Project site]
[[Category:Operating systems]]
+
[[Category:MacOSX]]
+

Revision as of 02:14, 3 June 2014

dfvfs
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/dfvfs/

dfVFS, or Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.

dfVFS is currently implemented as a Python module.

Supported Formats

Storage media types

Volume systems

File systems

History

dfVFS originates from the Plaso project. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of the VFS functionality. dfVFS originally was named PyVFS, but that name conflicted with another project.

See Also

External Links