The Open Computer Forensics Architecture (OCFA) is a
distributed Distribution may refer to:
Mathematics
*Distribution (mathematics), generalized functions used to formulate solutions of partial differential equations
*Probability distribution, the probability of a particular value or value range of a varia ...
open-source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
computer forensics
Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensical ...
framework used to analyze
digital media
Digital media is any communication media that operate in conjunction with various encoded machine-readable data formats. Digital media can be created, viewed, distributed, modified, listened to, and preserved on a digital electronics device. ' ...
within a digital forensics laboratory environment. The framework was built by the
Dutch
Dutch commonly refers to:
* Something of, from, or related to the Netherlands
* Dutch people ()
* Dutch language ()
Dutch may also refer to:
Places
* Dutch, West Virginia, a community in the United States
* Pennsylvania Dutch Country
People E ...
national police.
Architecture
OCFA consists of a
back end for the
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
platform, it uses a
PostgreSQL
PostgreSQL (, ), also known as Postgres, is a free and open-source relational database management system (RDBMS) emphasizing extensibility and SQL compliance. It was originally named POSTGRES, referring to its origins as a successor to the In ...
database for data storage, a custom
Content-addressable storage
Content-addressable storage (CAS), also referred to as content-addressed storage or fixed-content storage, is a way to store information so it can be retrieved based on its content, not its name or location. It has been used for high-speed storage ...
or CarvFS based data repository and a
Lucene
Apache Lucene is a free and open-source search engine software library, originally written in Java by Doug Cutting. It is supported by the Apache Software Foundation and is released under the Apache Software License. Lucene is widely used as a ...
index. The
front end for OCFA has not been made publicly available due to licensing issues.
The framework integrates with other open source forensic tools and includes modules for
The Sleuth Kit
The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a bet ...
, Scalpel, Photorec, libmagic,
GNU Privacy Guard
GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable ...
,
objdump
objdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine- ...
, exiftags, zip,
7-zip
7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, ...
,
tar
Tar is a dark brown or black viscous liquid of hydrocarbons and free carbon, obtained from a wide variety of organic materials through destructive distillation. Tar can be produced from coal, wood, petroleum, or peat. "a dark brown or black bit ...
,
gzip
gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and in ...
,
bzip2,
rar RAR or Rar may refer to:
* Radio acoustic ranging, a non-visual technique for determining a ship's position at sea
* "rar", the ISO 639-2 code for the Cook Islands Māori language
* RAR (file format), a proprietary compressed archive file format in ...
,
antiword
Antiword is a free software reader for proprietary Microsoft Word documents, and is available for most computer platforms. Antiword can convert the documents from Microsoft Word version 2, 6, 7, 97, 2000, 2002 and 2003 to plain text, PostScript, ...
, qemu-img, and mbx2mbox. OCFA is extensible in
C++
C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
or
Java
Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
.
See also
*
List of digital forensics tools
During the 1980s, most digital forensic investigations consisted of "live analysis", examining digital media directly using non-specialist tools. In the 1990s, several freeware and other proprietary tools (both hardware and software) were created ...
External links
*
Linux Magazine article on OCFAOpen Source Software for Digital Forensics
Computer forensics
Digital forensics software
Data recovery
Distributed computing architecture
{{software-stub