Difference between pages "Linux Repositories" and "VMWare Virtual Disk Format (VMDK)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(debian)
 
(Image types)
 
Line 1: Line 1:
 +
{{expand}}
  
There are a number of linux distributions.
+
== Image types ==
 +
There are multiple types of VMWare Virtual Disk Format (VMDK) data files:
 +
* 2GbMaxExtentFlat (twoGbMaxExtentFlat); descriptor file (name.vmdk) with RAW data extent files (name-f###.vmdk). This image type is basically a [[Raw Image Format|split RAW image]].
 +
* 2GbMaxExtentSparse (twoGbMaxExtentSparse); descriptor file (name.vmdk) with VMDK sparse data extent files (name-s###.vmdk)
  
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
+
== Descriptor file ==
  
=Repository Setup=
+
== Extent file types ==
==openSUSE==
+
There are multiple types extent files:
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
+
* RAW data file
 +
* VMDK sparse data file
 +
* COWD sparse data file
  
*security
+
== External Links ==
*devel:languages:perl
+
* [http://www.vmware.com/support/developer/vddk/vmdk_50_technote.pdf?src=vmdk Virtual Disk Format 5.0], by [[VMWare]]
*devel:languages:python
+
  
This is most easily done from the command line via (assumes openSUSE 12.1):
+
[[Category:File Formats]]
 
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
+
+
zypper lr  <nowiki>          </nowiki>  # used to verify you have the repos installed
+
 
+
==fedora==
+
 
+
[http://www.cert.org/forensics/tools/ CERT] maintains a fedora security repository with a large number of DFIR applicaitons.
+
 
+
==debian==
+
 
+
You can search for debian packages at [http://packages.debian.org/search debian's search page]
+
 
+
==ubuntu==
+
 
+
=Computer Forensic Tools=
+
Below is a list of computer forensic tools.  For each tool the repository it can be found in and the version in the repository is shown.
+
 
+
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
+
 
+
==Imaging Tools==
+
 
+
{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
+
|-
+
|rowspan=1| '''Tool'''
+
|'''openSUSE'''
+
|'''fedora'''
+
|'''debian'''
+
|'''ubuntu'''
+
|'''comment'''
+
|'''General Remarks'''
+
 
+
|-
+
|rowspan=1| [http://www.e-fense.com/helix/ adepto]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|  <!-- comment -->
+
|adepto is included in the helix boot cd<!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[aimage]]
+
|security/3.2.5 <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a imaging tool to create aff format images  <!-- comment -->
+
|aimage has been EOL'ed.  guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[AIR]]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|Automated Image and Restore  <!-- comment -->
+
|a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[dc3dd]]
+
|security*/7.1.614 <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|DoD Cyber Crime Center DD  <!-- comment -->
+
|This tool was formerly known as dcfldd.  When released as dc3dd it was totally rewritten. <!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[ddrescue]]
+
|Base/1.14 <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|Also known as GNU ddrescue<!-- comment -->
+
|This tool is different than dd_rescue.
+
 
+
|-
+
|rowspan=1| [[dd_rescue]]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|<!-- comment -->
+
|This tool is different than GNU ddrescue.
+
 
+
|-
+
|rowspan=1| [[libewf|ewfacquire]]
+
|security*/20100226 <!-- opensuse -->
+
|?              <!-- fedora-->
+
|squeeze/20100226              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a imaging tool to create ewf format images  <!-- comment -->
+
|ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[IXimager]]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|A law enforcement only imager<!-- comment -->
+
|used in conjunction with ILook Investigator
+
 
+
|-
+
|rowspan=1| [[LinEn]]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a proprietary imaging tool to create ewf format images  <!-- comment -->
+
|included on the Helix boot CD<!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [[guymager]]
+
|N/A<!-- opensuse -->
+
|?              <!-- fedora-->
+
|Sid/0.5.9-3              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a imaging tool to create aff format images  <!-- comment -->
+
|Guymager is an open source forensic imager. It focuses on user friendliness and high speed.  <!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [http://sourceforge.net/projects/rdd rdd]
+
|N/A <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a dd-like tool, with forensic imaging features  <!-- comment -->
+
|Rdd is robust with respect to read errors<!-- General Remarks -->
+
 
+
|-
+
|rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
+
|Archiving:Backup/1.52 <!-- opensuse -->
+
|?              <!-- fedora-->
+
|?              <!-- debian-->
+
|?              <!-- ubuntu-->
+
|a dd-like tool<!-- comment -->
+
|Designed to work well when IBS != OBS.  Working with tape is an example.<!-- General Remarks -->
+
 
+
|}
+
 
+
*package will appear in the base release with the next full distribution release.
+

Revision as of 09:43, 22 September 2012

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Image types

There are multiple types of VMWare Virtual Disk Format (VMDK) data files:

  • 2GbMaxExtentFlat (twoGbMaxExtentFlat); descriptor file (name.vmdk) with RAW data extent files (name-f###.vmdk). This image type is basically a split RAW image.
  • 2GbMaxExtentSparse (twoGbMaxExtentSparse); descriptor file (name.vmdk) with VMDK sparse data extent files (name-s###.vmdk)

Descriptor file

Extent file types

There are multiple types extent files:

  • RAW data file
  • VMDK sparse data file
  • COWD sparse data file

External Links