The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework to automate the digital forensic process, to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface. The architecture forms an environment where existing forensic tools and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. It aims to be highly modular, robust, fault tolerant, recursive, and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and cover hundreds of evidence items.
License: GNU General Public License (GPL)
Changes:
Multiple minor changes and bugfixes were made. The tree module was added to ease libtreegraph based module creation. Fixes were made in apache virtual host creation from createcase. Fixes were made in how the Web interface handles errors. A race condition was fixed in store. Parsing of /proc/mounts now uses a tunable regex from the configuration. Processing colons in the mailwash module Magic install script was fixed so that it no longer uses and patches the existing system magic file, but instead installs a tuned bundled magic file.
More...
11-04-2008
