Closed pjrinaldi closed 3 years ago
pjrinaldi
commented
3 years ago upgrade image format to include the index file using the skippable frame of lz4. wombatimager works, wombatinfo, wombatverify, and integration with wombatforensics works. wombatfuse is almost there it appears to display all the content, but the hash doesn't come out correctly.
when i manually convert the wfi to lz4 and then use lz4 to decompress, the hash of the raw file works properly.
pjrinaldi
commented
3 years ago look into seeing if i can build the frame list on my own and bypass the skippable frame.
pjrinaldi
commented
3 years ago removal of skippable frame works. image format has been updated as has all the other tools and the only issue is still with wombatfuse, which doesn't seem to display all the content, i think the last 65536/2 bytes or so, so i need to investigate this and get it working, then the wombat forensic image and its tools will be ready for the v0.1 release and i can get back to getting v0.4 of wombatforensics finished and out the door.
pjrinaldi
commented
3 years ago tools are updated.
Currrently the forensic image format uses an index file to figure out where the frames start, this index allows the seek/find functionality within the lz4 compressed portion.
I need to move the index file elements into skippable frames, so it is all contained in the image. This will be need to be implemented in the imager, fuse, and verify tools.
Also, i use the sector size to create the image, and i need to use a larger size, called blocksize and make it a multiple of the sectorsize, so maybe 10,240 (20*512) or some number for a larger blocksize for more efficient images. i will have to work on what to do when errors are encountered if i do this method.