Difference between revisions of "Digital forensics image ingest"

From Archivematica
Jump to navigation Jump to search
(Created page with "Main Page > Development > Development documentation > Digital forensics image ingest Category:Development documentation")
 
Line 1: Line 1:
 
[[Main Page]] > [[Development]] > [[:Category:Development documentation|Development documentation]] > Digital forensics image ingest
 
[[Main Page]] > [[Development]] > [[:Category:Development documentation|Development documentation]] > Digital forensics image ingest
 
[[Category:Development documentation]]
 
[[Category:Development documentation]]
 +
 +
Sample fiwalk xml output:
 +
(pre)
 +
<?xml version='1.0' encoding='ISO-8859-1'?>
 +
<fiwalk xmloutputversion='0.2'>
 +
  <metadata
 +
  xmlns='http://example.org/myapp/'
 +
  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
 +
  xmlns:dc='http://purl.org/dc/elements/1.1/'>
 +
    <dc:type>Disk Image</dc:type>
 +
  </metadata>
 +
  <creator>
 +
    <program>fiwalk</program>
 +
    <version>0.5.7</version>
 +
    <os>Darwin</os>
 +
    <library name="tsk" version="3.0.1"></library>
 +
    <library name="afflib" version="3.5.2"></library>
 +
    <command_line>fiwalk -x /dev/disk2</command_line>
 +
  </creator>
 +
  <source>
 +
    <imagefile>/dev/disk2</imagefile>
 +
  </source>
 +
<!-- fs start: 512 -->
 +
  <volume offset='512'>
 +
    <Partition_Offset>512</Partition_Offset>
 +
    <block_size>512</block_size>
 +
    <ftype>2</ftype>
 +
    <ftype_str>fat12</ftype_str>
 +
    <block_count>5062</block_count>
 +
    <first_block>0</first_block>
 +
    <last_block>5061</last_block>
 +
    <fileobject>
 +
      <filename>README.txt</filename>
 +
      <id>2</id>
 +
      <filesize>43</filesize>
 +
      <partition>1</partition>
 +
      <alloc>1</alloc>
 +
      <used>1</used>
 +
      <inode>6</inode>
 +
      <type>1</type>
 +
      <mode>511</mode>
 +
      <nlink>1</nlink>
 +
      <uid>0</uid>
 +
      <gid>0</gid>
 +
      <mtime>1258916904</mtime>
 +
      <atime>1258876800</atime>
 +
      <crtime>1258916900</crtime>
 +
      <byte_runs>
 +
      <run file_offset='0' fs_offset='37376' img_offset='37888' len='43'/>
 +
      </byte_runs>
 +
      <hashdigest type='md5'>2bbe5c3b554b14ff710a0a2e77ce8c4d</hashdigest>
 +
      <hashdigest type='sha1'>b3ccdbe2db1c568e817c25bf516e3bf976a1dea6</hashdigest>
 +
    </fileobject>
 +
  </volume>
 +
<!-- end of volume -->
 +
<!-- clock: 0 -->
 +
  <runstats>
 +
    <user_seconds>0</user_seconds>
 +
    <system_seconds>0</system_seconds>
 +
    <maxrss>1814528</maxrss>
 +
    <reclaims>546</reclaims>
 +
    <faults>1</faults>
 +
    <swaps>0</swaps>
 +
    <inputs>56</inputs>
 +
    <outputs>0</outputs>
 +
    <stop_time>Sun Nov 22 11:08:36 2009</stop_time>
 +
  </runstats>
 +
</fiwalk>
 +
(pre/)

Revision as of 18:47, 19 June 2013

Main Page > Development > Development documentation > Digital forensics image ingest

Sample fiwalk xml output: (pre) <?xml version='1.0' encoding='ISO-8859-1'?> <fiwalk xmloutputversion='0.2'> 

 <metadata 
 xmlns='http://example.org/myapp/' 
 xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
 xmlns:dc='http://purl.org/dc/elements/1.1/'>
   <dc:type>Disk Image</dc:type>
 </metadata>
 <creator>
   <program>fiwalk</program>
   <version>0.5.7</version>
   <os>Darwin</os>
   <library name="tsk" version="3.0.1"></library>
   <library name="afflib" version="3.5.2"></library>
   <command_line>fiwalk -x /dev/disk2</command_line>
 </creator>

    <imagefile>/dev/disk2</imagefile>
 <volume offset='512'>
   <Partition_Offset>512</Partition_Offset>
   <block_size>512</block_size>
   <ftype>2</ftype>
   <ftype_str>fat12</ftype_str>
   <block_count>5062</block_count>
   <first_block>0</first_block>
   <last_block>5061</last_block>
   <fileobject>
     <filename>README.txt</filename>
     <id>2</id>
     <filesize>43</filesize>
     <partition>1</partition>
     <alloc>1</alloc>
     <used>1</used>
     <inode>6</inode>
     <type>1</type>
     <mode>511</mode>
     <nlink>1</nlink>
     <uid>0</uid>
     <gid>0</gid>
     <mtime>1258916904</mtime>
     <atime>1258876800</atime>
     <crtime>1258916900</crtime>
     <byte_runs>
      <run file_offset='0' fs_offset='37376' img_offset='37888' len='43'/>
     </byte_runs>
     <hashdigest type='md5'>2bbe5c3b554b14ff710a0a2e77ce8c4d</hashdigest>
     <hashdigest type='sha1'>b3ccdbe2db1c568e817c25bf516e3bf976a1dea6</hashdigest>
   </fileobject>
 </volume>
 <runstats>
   <user_seconds>0</user_seconds>
   <system_seconds>0</system_seconds>
   <maxrss>1814528</maxrss>
   <reclaims>546</reclaims>
   <faults>1</faults>
   <swaps>0</swaps>
   <inputs>56</inputs>
   <outputs>0</outputs>
   <stop_time>Sun Nov 22 11:08:36 2009</stop_time>
 </runstats>

</fiwalk> (pre/)

Retrieved from "https://wiki.archivematica.org/index.php?title=Digital_forensics_image_ingest&oldid=8489"