pjrinaldi
commented
4 years ago almost got the raw forensic imager intial testing working. ended up not using dc3dd due not capturing information, but might switch back as i go depending...
Closed pjrinaldi closed 4 years ago
pjrinaldi
commented
4 years ago almost got the raw forensic imager intial testing working. ended up not using dc3dd due not capturing information, but might switch back as i go depending...
pjrinaldi
commented
4 years ago almost have md5 checking working for manual raw operation...
pjrinaldi
commented
4 years ago got initial raw and sfs working. aff4 works but the resulting image doesn't seem valid. also need to work on formatting better and notifying the user in the program somehow, maybe capturing the command line to display in messaging.
pjrinaldi
commented
4 years ago almost have the log working to store with raw and within the sfs and aff4. aff4 is on hold until there is a way to fuse mount aff4 or otherwise process aff4 within tsk like ewf or aff.
aff4fuse would allow dd image within aff4 to be processed. aff4 within tsk would be just directly writing the bites to the aff4 container...
pjrinaldi
commented
4 years ago issues getting aff4 c library to compile. will shefve aff4 for now. I have raw and squashfs'd working with logging and viewing and processing when added into a case as evidence...
Working on a forensic imager using dc3dd (raw), aff4, and sqaush fs'd raw...
will use qt system calls to call what i need, maybe a bash script, which calls the functions i need or something else...
squash fs'd is mksquashfs and unsquashfs and/or squashfuse to get to the raw file... aff4 will use c-aff4 library...