Difference between pages "OLE Compound File" and "Linux Repositories"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Contents)
 
(Imaging Tools)
 
Line 1: Line 1:
The '''OLE Compound File (OLECF)''' is used in other file formats as its underlying container file.
 
It allows data to be stored in multiple streams.
 
  
The OLECF is also known as:
+
There are a number of linux distributions.
* Compound Binary File (current name used by [[Microsoft]])
+
* Compound Document File (name used by [[OpenOffice]])
+
* OLE2 file
+
  
== MIME types ==
+
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
  
Because the OLECF by itself is just a container it does not use a mime type.
+
=Repository Setup=
A mime type assigned to an OLECF refers to its contents.
+
==openSUSE==
 +
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
  
== File signature ==
+
*security
 +
*devel:languages:perl
 +
*devel:languages:python
  
The OLECF has the following file signature:
+
This is most easily done from the command line via (assumes openSUSE 12.1):
hexadecimal: d0 cf 11 e0 a1 b1 1a e1
+
  
The OLECF has no distinct footer.
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
 +
 +
zypper lr  <nowiki>          </nowiki>  # used to verify you have the repos installed
  
== Contents ==
+
==fedora==
 +
==debian==
 +
==fedora==
  
The OLECF uses a FAT like file system to define blocks that are assigned to the stream using multiple allocation tables.
+
=Computer Forensic Tools=
It uses a directory structure to define the name of the streams.
+
Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.
  
The OLECF is used to store:
+
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
* [[Microsoft Office]] 97-2003 documents:
+
** [[Word Document (DOC)]]
+
** [[Excel Spreadsheet (XLS)]]
+
** [[Powerpoint Presentation (PPT)]]
+
* [[Thumbs.db]]
+
* [[Jump Lists]]
+
* StickyNotes.snt
+
  
== See also==
+
==Imaging Tools==
  
[[Media:Compdocfileformat.pdf|Microsoft Compound Document File Format]] (This is actually the OpenOffice specification)
+
{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
 +
|-
 +
|rowspan=1| '''Tool'''
 +
| '''openSUSE'''
 +
|'''fedora'''
 +
|'''debian'''
 +
|'''ubuntu'''
 +
| comment
 +
|rowspan=1| General Remarks
  
[http://download.microsoft.com/download/0/B/E/0BE8BDD7-E5E8-422A-ABFD-4342ED7AD886/WindowsCompoundBinaryFileFormatSpecification.pdf Compound Binary File Specification by Microsoft]
+
|-
 +
|rowspan=1| aimage
 +
|security/3.2.5 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended <!-- General Remarks -->
  
Be warned this file contains at least one error: the directory entry name length is a size in bytes not in characters.
+
|-
 +
|rowspan=1| [[http://www.forensicswiki.org/wiki/Guymager|guymager]]
 +
|N/A<!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|Guymager is an open source forensic imager. It focuses on user friendliness and high speed. <!-- General Remarks -->
  
[[Category:File Formats]]
+
|-
 +
|rowspan=1| package3
 +
|?              <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|another package of unknown purpose  <!-- comment -->
 +
|This is just another place holder to make the page look like something is going on. <!-- General Remarks -->
 +
 
 +
|}

Revision as of 13:49, 24 February 2012

There are a number of linux distributions.

In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.

Contents

Repository Setup

openSUSE

For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:

  • security
  • devel:languages:perl
  • devel:languages:python

This is most easily done from the command line via (assumes openSUSE 12.1):

sudo zypper ar -f http://download.opensuse.org/repositories/security/openSUSE_12.1 security
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_12.1 perl
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1 python

zypper lr               # used to verify you have the repos installed

fedora

debian

fedora

Computer Forensic Tools

Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.

As an example, aimage is in the openSUSE security repository and it is version 3.2.5

Imaging Tools

Tool openSUSE fedora debian ubuntu comment General Remarks
aimage security/3.2.5 ? ? ? a imaging tool to create aff format images aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended
[[1]] N/A ? ? ? a imaging tool to create aff format images Guymager is an open source forensic imager. It focuses on user friendliness and high speed.
package3 ? ? ? ? another package of unknown purpose This is just another place holder to make the page look like something is going on.