Generic Forensic Zip is a set of tools and libraries for creating and
accessing randomly accessible forensic zip files of disk images.
These files that use an open format (gfzip) defined by this project,
allow a dd disk image to be stored in compressed form and yet be
randomly accessable through the libgfz library. A second library,
libgfzcreate is made available by this project to allow the creation
of gfz files from programs used to acquire disk image data. Finally the
project includes a set of basic commandline tools for the creation
and verification of gfzip files and for restoring dd images from the
gfz files. Next to compression, the gfzip files are made 'safe' for
forensic use by the use of x509 certificates and the use of multi level
digests (sha256). The x509 certificate that is used to sign the gfz
file is embedded into the file, thus carrying all relevant information
about the person who acquired the image within the file.
One further feature thet gfzip allows is the embedding of (signed)
enviroment data and commandline attributes that may be useful as
metadata in the further processing of the image files. This metadata may
include for example information about the source of the data and the
time it was aquired.
Future versions of gfzip will also include bad-block information, this
is a feature defined in the file format, but not implemented in the
first release of gfzip.
Use Patent Claims
Include Install Instructions
These details are provided for information only. No information here is legal advice and should not be used as such.