[sleuthkit-developers] Resident files and carvpaths (ocfa tskfs)
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] Resident files and carvpaths (ocfa tskfs)
|
From: Rob M. <pi...@gm...> - 2010-11-04 05:39:16
|
Yesterday the first release candidate for ocfa (open computer forensics architecture) was released. Jn this version of ocfa the main new thing is that the perl script calling sleuthkit tools was completely replaced with (carvfs aware) treegraph ocfa modules that use libtsk. This setup allows ocfa to use zero storage techniques for most of the extracted slethkit data. There are basically two reasons why copy out would still be needed at the moment. Compression and residentness. I believe howaver that resident files must be expressable as carvpath. If anyone on this list would want to have a quick look at the OcfaModules/tree/tskfs ocfa code for resident and non resident files, maybe we could find a way for resident files to be also represented as carvpaths. Tia, Rob |
