Forensics and Law Enforcement
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) |
|||
(24 intermediate revisions by 3 users not shown) | |||
Line 4: | Line 4: | ||
|image=All Detective Magazine February 1934.jpg | |image=All Detective Magazine February 1934.jpg | ||
}} | }} | ||
+ | |||
+ | See also [[Law]] | ||
+ | |||
+ | == Forensic images of disks and computer network data == | ||
+ | |||
+ | In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also [[Disk Image Formats]]. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact. | ||
* [[Advanced Forensics Format]] (AFF) | * [[Advanced Forensics Format]] (AFF) | ||
+ | * [[Advanced Forensics Metadata]] (AFM) | ||
* [[Digital Evidence Bag]] (DEB) | * [[Digital Evidence Bag]] (DEB) | ||
− | * [[ | + | * [[EnCase hash map]] (Expert Witness) |
+ | * [[Expert Witness]] | ||
+ | |||
+ | == Biometrics == | ||
+ | See also [[Fingerprints]] | ||
+ | |||
+ | * [[ANSI 378]] (used to store minutae of fingerprints) | ||
+ | * [[ANSI 379]] (used to store images of irises) | ||
+ | * [[ANSI 381]] (used to store images of fingerprints) | ||
+ | * [[ANSI 385]] (used to store face recognition data) | ||
+ | * [[CBEFF]] | ||
+ | * [[ISO 19794-2]] (used to store minutae of fingerprints) | ||
+ | * [[NIST IHead]] (one of its uses is storing fingerprint images) | ||
+ | * [[WSQ]] (used to store images of fingerprints) | ||
+ | |||
+ | ==Mobile-related== | ||
+ | *[[Cellebrite UFED Report]] (.ufdr) | ||
+ | *[[Oxygen Backup XML]] | ||
+ | *[[MOBILedit Backup XML]] | ||
+ | *[[MOBILedit Backup Package]] | ||
+ | == Oxygen == | ||
+ | * [[Oxygen Cloud Backup]] | ||
+ | * [[Oxygen Forensic Backup]] | ||
+ | * [[Oxygen Desktop Backup]] | ||
+ | * [[Oxygen UICC Image]] | ||
+ | * [[Oxygen Agent Extraction]] | ||
+ | |||
+ | == Cloud Warrant Return == | ||
+ | *[[Apple iCloud Warrant Return]] | ||
+ | *[[Google Warrant Return]] | ||
+ | *[[Facebook Warrent Return]] | ||
+ | *[[Skype Warrant Return]] | ||
+ | *[[Snapchat Warrant Return]] | ||
+ | *[[Discord Warrant Return]] | ||
+ | *[[Instagram Warrant Return]] | ||
+ | |||
+ | == Uncategorized == | ||
+ | * [[Forensics vs. Data Recovery vs. Data Preservation]] | ||
+ | |||
+ | == Links == | ||
+ | * [https://archive.org/details/ShmooCon2014_You_Dont_Have_the_Evidence ShmooCon 2014 - You Don't Have the Evidence (January 2014) (video)] | ||
+ | * [[The Sleuth Kit and Autopsy]] can read raw, Expert Witness, and AFF formats | ||
+ | * [http://qanda.digipres.org/132/best-choice-for-digital-preservationists-who-create-images?show=157 Is AFF the best choice for digital preservationists who create images?] |
Latest revision as of 15:29, 15 October 2023
See also Law
Contents |
[edit] Forensic images of disks and computer network data
In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also Disk Image Formats. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact.
- Advanced Forensics Format (AFF)
- Advanced Forensics Metadata (AFM)
- Digital Evidence Bag (DEB)
- EnCase hash map (Expert Witness)
- Expert Witness
[edit] Biometrics
See also Fingerprints
- ANSI 378 (used to store minutae of fingerprints)
- ANSI 379 (used to store images of irises)
- ANSI 381 (used to store images of fingerprints)
- ANSI 385 (used to store face recognition data)
- CBEFF
- ISO 19794-2 (used to store minutae of fingerprints)
- NIST IHead (one of its uses is storing fingerprint images)
- WSQ (used to store images of fingerprints)
[edit]
[edit] Oxygen
- Oxygen Cloud Backup
- Oxygen Forensic Backup
- Oxygen Desktop Backup
- Oxygen UICC Image
- Oxygen Agent Extraction
[edit] Cloud Warrant Return
- Apple iCloud Warrant Return
- Google Warrant Return
- Facebook Warrent Return
- Skype Warrant Return
- Snapchat Warrant Return
- Discord Warrant Return
- Instagram Warrant Return
[edit] Uncategorized
[edit] Links
- ShmooCon 2014 - You Don't Have the Evidence (January 2014) (video)
- The Sleuth Kit and Autopsy can read raw, Expert Witness, and AFF formats
- Is AFF the best choice for digital preservationists who create images?