Skip to main content

Advanced Forensic Format Version 4 (AFF4) Python module.

Project description

AFF4 -The Advanced Forensics File Format

The Advanced Forensics File Format 4 (AFF4) is an open source format used for the storage of digital evidence and data.

It was originally designed and published in [1] and has since been standardised as the AFF4 Standard v1.0, which is available at https://github.com/aff4/Standard. This project is a work in progress implementation, providing two library implementations, C/C++ and Python.

What is currently supported.

The focus of this implementation is reading physical images conforming with the AFF4 Standard v1.0, and for the ongoing development of an AFF4 based logical image standard.

Canonical images for the v1.0 physical image specification are provided in the AFF4 Reference Images github project at https://github.com/aff4/ReferenceImages

  1. Reading, writing & appending to ZipFile style volumes.
  2. Reading striped ZipFile volumes.
  3. Reading & writing AFF4 ImageStreams using the deflate or snappy compressor.
  4. Reading RDF metadata using Turtle (and to some degree YAML).
  5. Verification of linear and block hashed images.
  6. Reading & writing logical images (new) .
  7. Reading & writing deduplicated logical images (new).
  8. Encrypted AFF4 logical volumes (new).

What is not yet supported:

The write support in the libraries is currently broken and being worked on. Other aspects of the AFF4 that have not yet been implemented in this codebase include:

  1. Persistent data store (resolver).
  2. HTTP backed streams.
  3. Support for signed statements or Bill of Materials.
  4. Directory based volumes.

Notice

This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google and Schatz Forensic.

References

[1] "Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow" M.I. Cohen, Simson Garfinkel and Bradley Schatz, digital investigation 6 (2009) S57-S68.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyaff4-0.34.tar.gz (101.9 kB view details)

Uploaded Source

Built Distribution

pyaff4-0.34-py3-none-any.whl (136.9 kB view details)

Uploaded Python 3

File details

Details for the file pyaff4-0.34.tar.gz.

File metadata

  • Download URL: pyaff4-0.34.tar.gz
  • Upload date:
  • Size: 101.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.6.3 pkginfo/1.7.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.9.6

File hashes

Hashes for pyaff4-0.34.tar.gz
Algorithm Hash digest
SHA256 36a3236d8914e66c88b42d42ecb361c1f8dd1474ffe92a1743a7c0be8b82c6fe
MD5 e995d1780f6d39096c471776312cf62e
BLAKE2b-256 0a52cfe15539d649b9096c2ad64d4cd7f6aa21bcd41bbc55712c8f83c846cc3c

See more details on using hashes here.

File details

Details for the file pyaff4-0.34-py3-none-any.whl.

File metadata

  • Download URL: pyaff4-0.34-py3-none-any.whl
  • Upload date:
  • Size: 136.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.6.3 pkginfo/1.7.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.9.6

File hashes

Hashes for pyaff4-0.34-py3-none-any.whl
Algorithm Hash digest
SHA256 e89ecda38a354689425c910bea63ef3106513c7f4829cdfbbd65d892a57f4a52
MD5 56e858ce7d20e5aaf96e78f992d8b0b9
BLAKE2b-256 afe4ef695ff2a0a973c52023a503d14d09cba8449a03ef8b8e5eddf890ab9f9c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page