Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

Open Computer Forensics Architecture 2.1.0 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News Open Computer Forensics Architecture 2.1.0 (Default branch)
# 1  
Old 03-18-2008
Open Computer Forensics Architecture 2.1.0 (Default branch)
The Open Computer Forensics Architecture (OCFA) isa modular computer forensics framework to automatethe digital forensic process, to speed up theinvestigation and give tactical investigatorsdirect access to the seized data through an easyto use search and browse interface. Thearchitecture forms an environment where existingforensic tools and libraries can be easily pluggedinto the architecture and can thus be made part ofthe recursive extraction of data and metadata fromdigital evidence. It aims to be highly modular,robust, fault tolerant, recursive, and scalable inorder to be usable in large investigations thatspawn numerous terabytes of evidence data andcover hundreds of evidence items.License: GNU General Public License (GPL)Changes:
This version includes some refactored subsystems that should make the architecture a bit faster and easier to integrate with other programming languages like Java and Perl. With the new treegraph library, it should now be a lot simpler to create custom treegraph-based modules for the architecture.Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

tableau-parm

tableau-parm(1) 														   tableau-parm(1)

NAME

       tableau-parm - Tableau Write-blocking Bridge Query/Command Utility

SYNOPSIS

       tableau-parm [-r] device

DESCRIPTION

       tableau-parm  is  designed  to interact with write-blocking forensics bridges produced by Tableau, LLC. It can be used to query bridges for
       various bridge and device data, as well as to disable DCO regions.

OPTIONS

       tableau-parm accepts the following parameters:

       -r     Directs tableau-parm to permanently remove a DCO, if it exists.  THIS WILL MODIFY THE STATE OF THE DRIVE. USE AT YOUR OWN RISK!  (It
	      is  recommended  for forensics investigations, that a full drive image be taken before this command is run, and then again afterward
	      if a DCO was detected originally.) Note: after running this, you'll need to restart the Tableau bridge for it  to  correctly  detect
	      the changes.

       device Required	argument.  Specifies  the device file for the bridge/drive to be queried. This must be a device presenting SCSI emulation.
	      Under Linux, all USB and FireWire mass storage devices behave like SCSI devices. Once a bridge and drive are plugged in and  powered
	      on, one can generally find out what the device was dynamically mapped to by running: dmesg | tail -20

OUTPUT

       tableau-parm  generates	simple output with one data value per line, interspersed with blank lines and section headers.	This output format
       is subject to change.

EXAMPLES

       To query a bridge which is mapped to /dev/sda:

	    tableau-parm /dev/sda

       To remove a DCO from the hard drive on /dev/sda:

	    tableau-parm -r /dev/sda

BUGS

       Older versions of ATA and SATA Tableau firmwares didn't properly handle HPA and DCO on some types of drives. Be sure to upgrade your block-
       ers' firmwares using the firmware update utility, version 4.2 or later, which was released on July 5, 2007.

       This  is  not really a bug, but something to note: when a drive has both an HPA and DCO section, and the DCO is removed, the HPA is removed
       with it. This is how the bridge firmware works, and isn't something controlled by tableau-parm. Just something to be aware of.

CREDITS

       Copyright (C) 2007,2009 Timothy D. Morgan

       Copyright (C) 1999,2001,2006,2007 D. Gilbert

       tableau-parm was written by Timothy D. Morgan using portions of SCSI example code written by D. Gilbert.

       Tableau, LLC cooperated in the development of this tool by providing documentation on the proprietary SCSI interfaces and assisted in test-
       ing.  Without their help, this tool would not have been possible. Tableau, LLC does not endorse or warrant this code in any way.

LICENSE

       Please see the file "LICENSE" included with this software distribution.

       This  program  is  distributed  in  the	hope  that  it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details.

SEE ALSO

       hdparm(1) sdparm(1)

Forensics Utilities						 30 September 2009						   tableau-parm(1)