c-aff4 Logo

c-aff4

0
Free
Visit Website

The Advanced Forensics File Format 4 (AFF4) is an open source format used for the storage of digital evidence and data. This project implements a C/C++ library for creating, reading and manipulating AFF4 images, and includes the canonical aff4imager binary which provides a general purpose standalone imaging tool. The library and binary are known to work on Linux, Windows, and OSX. It supports reading and writing ZipFile style volumes, Directory style volumes, and AFF4 Image streams using deflate or snappy compressor. It also supports multi-threaded imaging for efficient utilization on multi-core systems. However, it does not currently implement Section 6. Hashing of the standard, including verifying or generating linear or block hashes.

FEATURES

ALTERNATIVES

A Python-based engine for automatic creation of timelines in digital forensic analysis

AMExtractor is an Android Memory Extractor tool.

Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.

A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.

Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.