pjrinaldi
commented
6 months ago handling no crashes or hangs when the forensic image properties don't exist. need to build them, but want some time to think on them.
Open pjrinaldi opened 6 months ago
pjrinaldi
commented
6 months ago handling no crashes or hangs when the forensic image properties don't exist. need to build them, but want some time to think on them.
pjrinaldi
commented
6 months ago making progress on how to handle forensic image properties. just need to get properties, right them to the file and then read them back.
pjrinaldi
commented
6 months ago making progress on ewf properties. just need to pull them all in and then write them to a string so i can then write them to a file. the loop properties fail, and it could be because the uint8_t id value has a trailing \0 or doesn't have a trailing \0, need to check the header file and see and then fix accordingly, since the manual "case_number" entry works.
pjrinaldi
commented
6 months ago properties implemented for ewf. it works. just need to implement other properties for the other forensic images.
pjrinaldi
commented
6 months ago vhd/vhdx is implemented, working on aff4 next.
pjrinaldi
commented
6 months ago qcow/qcow2 is working. aff4 is on hold, that is crazy, complex, and convaluted. vmdk is working. need a phdi test image to implement phdi.
pjrinaldi
commented
3 months ago need to implement wfi and sfs properties next.
need to implement forensic image properties where applicable. EWF has properties, AFF4 has properties, wfi has properties, what else has properties for forensic images?