daniell/c-aff4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
An AFF4 C++ implementation. http://docs.aff4.org
234 commits 1 branch 0 tags 4.1 MiB
Find a file
Exact
Daniel Lemper d07d225e38 fix wrong namespace for enable_if_t
2024-03-25 02:00:35 +01:00
.github/workflows CI tests (#154) 2023-03-24 10:21:24 +10:00
aff4 fix wrong namespace for enable_if_t 2024-03-25 02:00:35 +01:00
docker Allows the aff4_file cache to be disabled. (#130) 2019-08-20 22:42:41 +10:00
docs Updated docs. (#10) 2018-02-07 20:40:10 -08:00
m4 Bring back dependency on liburiparse. (#64) 2018-11-14 08:50:52 +10:00
samples Fixed the unit tests. (#52) 2017-12-31 03:27:52 -08:00
tests Fixed test compiling (#121) 2019-07-09 09:04:26 +10:00
tools Compile with spdlog v1.11 2023-12-18 16:48:36 +03:00
.gitignore Bring back dependency on liburiparse. (#64) 2018-11-14 08:50:52 +10:00
.gitmodules Renamed src directory to aff4. (#13) 2018-02-11 22:36:40 -08:00
AUTHORS Added documentation and comments. 2015-02-01 00:59:13 +01:00
autogen.sh AFF4 Standard v1.0 C/C++ support 2017-04-06 20:29:32 +10:00
CHANGES Added documentation and comments. 2015-02-01 00:59:13 +01:00
configure.ac fix compilation errors on current macOS Sonoma by not building osxpmem 2024-03-25 01:27:48 +01:00
CONTRIBUTING Reorganized the files and added licensing information, README etc. 2015-01-16 06:11:51 +01:00
docker-compose.yml Docker built container (#49) 2018-11-01 11:35:26 +10:00
INSTALL Update install instructions 2017-04-06 22:21:20 +10:00
LICENSE Initial commit 2015-01-10 15:52:29 +10:00
Makefile.am fix compilation errors on current macOS Sonoma by not building osxpmem 2024-03-25 01:27:48 +01:00
NEWS Added documentation and comments. 2015-02-01 00:59:13 +01:00
README.docker OSX and linux pmem did not support raw output. (#85) 2019-02-24 08:26:04 +10:00
README.linux OSX and linux pmem did not support raw output. (#85) 2019-02-24 08:26:04 +10:00
README.md Large refactor (#86) 2019-03-18 23:33:25 +10:00
README.windows OSX and linux pmem did not support raw output. (#85) 2019-02-24 08:26:04 +10:00

README.md

AFF4 -The Advanced Forensics File Format

The Advanced Forensics File Format 4 (AFF4) is an open source format used for the storage of digital evidence and data.

The standard is currently maintained here: https://github.com/aff4/Standard

Reference Images are found: https://github.com/aff4/ReferenceImages

This project implementats a C/C++ library for creating, reading and manipulating AFF4 images. The project also includes the canonical aff4imager binary which provides a general purpose standalone imaging tool.

The library and binary are known to work on Linux (all versions since Ubuntu 10.04), Windows (All versions) and OSX (All known versions).

What is currently supported.

Currently this library supports most of the features described in the standard https://github.com/aff4/Standard.

  1. Reading and Writing ZipFile style volumes

    a. Supports splitting of output volumes into volume groups (e.g. splitting at 1GB volumes).

  2. Reading ahd Writing Directory style volumes.

  3. Reading and Writing AFF4 Image streams using the deflate or snappy compressor.

  4. Reading RDF metadata using Turtle.

  5. Multi-threaded imaging for efficient utilization on multi core systems.

What is not yet supported.

This implementation currently does not implement Section 6. Hashing of the standard. This includes verifying or generating linear or block hashes.

Copyright

Copyright 2015-2017 Google Inc. Copyright 2018-present Velocidex Innovations.

References

[1] "Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow" M.I. Cohen, Simson Garfinkel and Bradley Schatz, digital investigation 6 (2009) S57S68.