[DFSci] Sleuth Kit support for the AFF4 Standard v1.0 Released

Bradley Schatz bradley at schatzforensic.com
Sun Apr 9 04:26:25 PDT 2017 

Sleuth Kit support for the AFF4 Standard v1.0 Released

I am pleased to announce the availability of both a set of patches to the Sleuth Kit and an open source C/C++ implementation for reading AFF4 Standard v1.0 disk images. Last week the AFF4 Standard v1.0 was released [1] by Bradley Schatz (Evimetry) and Michael Cohen (Google) .

Originally proposed in 2009 by Michael Cohen, Simson Garfinkel, and Bradley Schatz, the AFF4 forensic container enables new approaches to forensics, unparalleled forensic acquisition speeds and more accurate representation of evidence. These are enabled through next-generation forensic image features such as storage virtualisation, arbitrary metadata, and partial, non-linear and discontiguous images. The standard is the culmination of research spanning 6 years and 4 scientifically peer reviewed papers.

The release of these is a significant step forwards to the wider adoption of the format, enabling a large portion of the open source forensic toolchain to access AFF4 forensic images, and commercial implementers the ability to support reading the format by integration of a single unencumbered library.

The patches to the SleuthKit [2] were contributed by Schatz Forensic (Evimetry), while the C/C++ library [3] was originally developed by Michael Cohen (Google), with AFF4 Standard v1.0 support added by Schatz Forensic (Evimetry).

This release follows the release last week of the AFF4 Standard v.1.0 [4] and a Python reference implementation (reader) [5], and the release of Evimetry Community Edition, a freely licensed subset of the AFF4-based forensic tool. 

For more information on the AFF4, attend the webcast “AFF4: The New Standard in Forensic Image Format, and Why You Should Care”, given by Bradley Schatz [6], in association with SANS, on 17 April 2017.

Implementers and interested parties are invited to join the AFF4 working group at aff4 at googlegroups.com .

[1] http://www.schatzforensic.com.au/insideout/2017/03/aff4-standard-v1-0-released/
[2] https://github.com/blschatz/sleuthkit/tree/release-4.4
[3] https://github.com/google/aff4
[4] https://github.com/aff4/Standard
[5] https://github.com/google/aff4/tree/master/pyaff4
[6] https://www.sans.org/webcasts/104652


Dr Bradley Schatz | Forensic computer scientist
PhD (Digital Forensics), BSc (Computer Science)
Director, Schatz Forensic.
 
direct: +61 7 3613 0082
p: Level 10, 149 Wickham Tce, Brisbane, QLD, 4000
e: bradley at schatzforensic.com  | w: schatzforensic.com.au
 
pgp key id:     EFD98616
pgp fingerprint: 1FB9 1F36 3142 9764 2D58  C6D9 1ECD 1E33 EFD9 8616

More information about the DFSci mailing list