blob: bf75e927b2c5b7491dd29334e6986f9ebde02ee2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
dfvfs (Digital Forensics Virtual File System - python module)
This package provides read-only access to file-system objects from various
storage media types and file formats. The goal of dfVFS is to provide a generic
interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media
types, volume systems and file systems.
A note about REQUIREMENTS: dfvfs requires the following packages [secondary
dependancies are listed in brackets]. They should be installed IN THE ORDER
LISTED. This is important because while libewf support is optional for the
sleuthkit (a requirement for pytsk), it is a REQUIRED option for the sleuthkit
when building dfvfs. Do NOT rely on automated tools to properly order your
dependancies.
REQUIRES="[six] construct [python-gflags] [python-dateutil] [pytz] protobuf
libbde libewf libqcow libsigscan libsmdev libsmraw libvhdi libvmdk libvshadow
[sleuthkit] pytsk"
Supported:
EWF (EWF-E01, EWF-Ex01, EWF-S01)
QCOW version 1, 2
Storage Media device
(split) Storage Media RAW
VHD
VMDK
Note that at the moment differential images are not supported.
Volume systems
Supported:
APM
BitLocker (BDE)
GPT
MBR
VSS
Planned:
FileVault2 (CoreStorage)
LDM
LUKS
Linux LVM version 1, 2
Software Raid
File systems
Supported file systems:
ext version 2, 3, 4
FAT
HFS, HFS+, HFSX
NTFS version 3
UFS version 1, 2
Archive file types
Supported:
tar
zip
|