Forensics and Law Enforcement
From Just Solve the File Format Problem
(Difference between revisions)
(Added ISO 19794-2) |
Dan Tobias (Talk | contribs) |
||
Line 4: | Line 4: | ||
|image=All Detective Magazine February 1934.jpg | |image=All Detective Magazine February 1934.jpg | ||
}} | }} | ||
+ | |||
+ | See also [[Law]] | ||
+ | |||
+ | == Forensic images of disks and computer network data == | ||
In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also [[Disk Image Formats]]. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact. | In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also [[Disk Image Formats]]. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact. | ||
* [[Advanced Forensics Format]] (AFF) | * [[Advanced Forensics Format]] (AFF) | ||
− | |||
− | |||
* [[Digital Evidence Bag]] (DEB) | * [[Digital Evidence Bag]] (DEB) | ||
* [[EnCase hash map]] (Expert Witness) | * [[EnCase hash map]] (Expert Witness) | ||
+ | |||
+ | == Fingerprint data == | ||
+ | |||
+ | * [[ANSI 378]] (used to store minutae of fingerprints) | ||
+ | * [[ANSI 381]] (used to store images of fingerprints) | ||
* [[ISO 19794-2]] (used to store minutae of fingerprints) | * [[ISO 19794-2]] (used to store minutae of fingerprints) | ||
* [[WSQ]] (used to store images of fingerprints) | * [[WSQ]] (used to store images of fingerprints) | ||
− | |||
− | |||
== Links == | == Links == |
Revision as of 13:53, 1 June 2020
See also Law
Forensic images of disks and computer network data
In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also Disk Image Formats. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact.
- Advanced Forensics Format (AFF)
- Digital Evidence Bag (DEB)
- EnCase hash map (Expert Witness)
Fingerprint data
- ANSI 378 (used to store minutae of fingerprints)
- ANSI 381 (used to store images of fingerprints)
- ISO 19794-2 (used to store minutae of fingerprints)
- WSQ (used to store images of fingerprints)
Links
- ShmooCon 2014 - You Don't Have the Evidence (January 2014) (video)
- The Sleuth Kit and Autopsy can read raw, Expert Witness, and AFF formats
- Is AFF the best choice for digital preservationists who create images?