|
|
| Line 1: |
Line 1: |
| − | {{Infobox_Software |
| + | Oxygen Forensic Suite 2. Phone Activity module in Date view. |
| − | name = Snorkel |
| + | |
| − | maintainer = NFI |
| + | |
| − | os = Java |
| + | |
| − | genre = {{Analysis}} |
| + | |
| − | license = proprietary |
| + | |
| − | website = [http://www.holmes.nl/NFIlabs/Snorkel http://www.holmes.nl/NFIlabs/Snorkel] |
| + | |
| − | }}
| + | |
| − | | + | |
| − | '''Snorkel''' is a Java software library that is used by developers of forensic software. Snorkel is not a standalone forensic application, but it is an important piece of infrastructure that can be used by many forensic applications: Snorkel gives access to digital evidence files, file systems, files, slack space, unallocated clusters, etc. This type of access is a key enabler in the development of forensic software systems, ranging from single-purpose stand-alone tools to integrated forensic processing systems.
| + | |
| − | | + | |
| − | Snorkel is developed by the Netherlands Forensic Institute
| + | |
| − | | + | |
| − | =Features=
| + | |
| − | | + | |
| − | Snorkel recognizes and gives access to numerous storage formats for digital evidence, disk partitioning schemes, volume managers, file systems, and structured files. The formats supported are summarized below.
| + | |
| − | | + | |
| − | ==Image File Formats Understood==
| + | |
| − | | + | |
| − | {|
| + | |
| − | |Image file formats
| + | |
| − | |[[Encase image file format|EnCase]]
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |[[Raw Image Format|RAW (dd)]]
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |[[VMWare Virtual Disk Format (VMDK)|VMWare (VMDK)]]
| + | |
| − | |}
| + | |
| − | | + | |
| − | ==File Systems Understood==
| + | |
| − | | + | |
| − | {|
| + | |
| − | |Volume managers
| + | |
| − | |[[Logical Disk Manager (LDM)|Windows (LDM)]]
| + | |
| − | |-
| + | |
| − | |Partitioning schemes
| + | |
| − | |PC/MBR
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |Apple
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |GPT
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |BSD
| + | |
| − | |-
| + | |
| − | |File systems
| + | |
| − | |Windows ([[FAT]], [[NTFS]])
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |Apple ([[MFS]], [[HFS]], [[HFS+]])
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |Linux ([[Ext3|EXT]], [[Reiserfs|Reiser]])
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |Solaris, BSD ([[UFS]])
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |CD ([[ISO9660]], Joliet)
| + | |
| − | |-
| + | |
| − | |File Formats
| + | |
| − | |Windows registry (Win 9x, NT)
| + | |
| − | |-
| + | |
| − | |
| + | |
| − | |Microsoft Office (OLE2)
| + | |
| − | |}
| + | |
| − | | + | |
| − | <!-- ==File Search Facilities== -->
| + | |
| − | <!-- ==Historical Reconstruction== -->
| + | |
| − | <!-- Can it build timelines and search by creation date? -->
| + | |
| − | <!-- ==Searching Abilities== -->
| + | |
| − | <!-- Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata? -->
| + | |
| − | <!-- ==Hash Databases== -->
| + | |
| − | <!-- Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? -->
| + | |
| − | <!-- What sort of hash functions does it use? -->
| + | |
| − | <!-- ==Evidence Collection Features== -->
| + | |
| − | <!-- Can it sign files? Does it keep an audit log? -->
| + | |
| − | <!-- =History= -->
| + | |
| − | | + | |
| − | ==License Notes==
| + | |
| − | | + | |
| − | Snorkel is has a proprietary license.
| + | |
| − | An evaluation version is available from the website.
| + | |
| − | | + | |
| − | = External Links =
| + | |
| − | | + | |
| − | * [http://www.forensischinstituut.nl/ the Netherlands Forensic Institute]
| + | |
| − | * [http://www.holmes.nl/NFIlabs/Snorkel Snorkel website]
| + | |
| − | | + | |
| − | <!-- ==External Reviews== -->
| + | |
Oxygen Forensic Suite 2. Phone Activity module in Date view.
