Welcome to the Open Computer Forensics Architecture (OCFA)

Mission

To build an open and scalable solution for processing terrabytes of seized evidence and make the result direct accessible for forensics analyses by analists and tactical investigators.
Some prerequisites and assumptions:

1. Disks under investigation contain different types of non compliant data files.
2. As a result, some modules may crash, so modules should not tear down the whole framework and should be restartable within a running case.
3. No installation of additional software on machines of investigators

For a more comprehensive list consult the Non-functional specs for the Open Computer Forensics Architecture.

History

The first Proof-Of-Concept version of the "Open Computer Forensics Architecture" was build by seven developers of the Dutch National Police Agency in the year 2003-2004. At the time the first (completely revised) 2.0.0 version was completed in 2006, this version was released as open source under GPL/LGPL license. In march 2008 the first 2.1.x version was released with a large amount of code cleanups. April 2009 the first 2.2.x version was released with some relatively minor but important refactoring in order to allow simpler and/or more powerful 3th party modules to be created for the architecture. November 2010 the first 2.3.x version was released.

Installation

How to install ocfa 2.2.x on Ubuntu 8.10. Installing Ocfa on Ubuntu. For the 2.3.x version you will first want to read the 2.3 installation notes.

Usage

How to on the basic use of ocfa 2.2.x Practical Use of OCFA. For the 2.3.x version please also read the 2.3 usage notes.

Module development walkthrough

An example of how to develop your own OCFA modules using the architecture.

Sharing your modules

Users of OCFA are encouraged to write and share 3th party modules.

Base index

• Specification
• Description
• Installation
• Usage
• Development
• Legal notice
• Download
• Related work
• Links

Please don't forget to join the user mailinglist.

Unstructured Index of all pages

Available pages:

• 2.3 installation notes
• 2.3 usage notes
• 3th party modules
• CamelCase
• Config parsing and access
• Data policies and speed
• Description
• DigestPairs
• Exceptions
• Identifiers
• Installation
• InterMapTxt
• InterTrac
• InterWiki
• Legal notice
• Links
• Logging
• MemBuf
• MetaValues
• MiscWikiFiles
• ModuleInstance
• Non-functional specs
• OcfaArch
• OcfaGroup
• OcfaLib
• OcfaModules
• OcfaObject
• PageTemplates
• Policy loading
• RecentChanges
• Related work
• SandBox
• Scalars
• Specification
• The kickstarts
• The ocfa evidence library
• The ocfa facade library
• The ocfa fs library
• The ocfa message library
• The ocfa misc library
• The ocfa module library
• The ocfa store library
• The ocfa treegraph library
• The router
• TitleIndex
• Top level abstractions
• TracAccessibility
• TracAdmin
• TracBackup
• TracBrowser
• TracChangeset
• TracEnvironment
• TracFineGrainedPermissions
• TracGuide
• TracImport
• TracIni
• TracInterfaceCustomization
• TracLinks
• TracLogging
• TracNavigation
• TracNotification
• TracPermissions
• TracPlugins
• TracQuery
• TracReports
• TracRevisionLog
• TracRoadmap
• TracRss
• TracSearch
• TracSupport
• TracSyntaxColoring
• TracTickets
• TracTicketsCustomFields
• TracTimeline
• TracUnicode
• TracWiki
• TracWorkflow
• Usage
• Using m4
• WikiDeletePage
• WikiFormatting
• WikiHtml
• WikiMacros
• WikiNewPage
• WikiPageNames
• WikiProcessors
• WikiRestructuredText
• WikiRestructuredTextLinks
• WikiStart
• anycast relay
• how to develop
• how to develop-II
• how to develop-III
• rulelist
• space.menu