Open Computer Forensics Architecture: Difference between revisions

Browse history interactively

Content deleted Content added

VisualWikitext

Revision as of 11:24, 29 December 2010 edit Robklpd (talk \| contribs) 6 edits ←Created page with 'The '''Open Computer Forensics Architecture''' or '''OCFA''' is an distributed computing open source computer forensics framework/backend/architecture u...'		Latest revision as of 02:22, 11 August 2025 edit undo Bender the Bot (talk \| contribs) Bots 1,064,377 edits m HTTP to HTTPS for SourceForge Tag: AWB
(33 intermediate revisions by 24 users not shown)
Line 1: {{multiple issues\| The '''Open Computer Forensics Architecture''' or '''OCFA''' is an [[distributed computing]] [[open source]] [[computer forensics]] framework/backend/architecture used to analyze [[digital media]] within a digital forensics laboratory environment..▼ {{notability\|Products\|date=April 2013}} {{more citations needed\|date=February 2011}} }} {{Infobox software \| name = Open Computer Forensics Architecture \| developer = [[National Police Corps (Netherlands)\|Korps landelijke politiediensten]] \| latest release version = 2.2.0pl4 \| operating system = [[Linux]] \| language = [[English language\|English]] \| discontinued = yes \| genre = [[Computer forensics]] \| website = {{URL\|https://sourceforge.net/apps/trac/ocfa/wiki}} }} ▲The '''Open Computer Forensics Architecture''' ~~or '''~~(OCFA~~'''~~) is ana [[distributed computing\|distributed]] [[open-source software\|open-source]] [[computer forensics]] framework~~/backend/architecture~~ used to analyze [[digital media]] within a digital forensics laboratory environment. The framework was built by the [[Netherlands\|Dutch]] national police. ==Architecture== ~~OCFA provides a framework for weaving together both computer forensics and generic media and file processing tools and libraries into an automated process that allows for the processing of~~ ~~The~~OCFA ~~Open~~consists ~~Computer Forensics Architecture is distributed primary as~~of a [[Front and back ends\|back end]] ~~architecture~~ for the [[Linux]] platform., ~~The~~it ~~results of the digital media processing are stored in~~uses a [[PostgreSQL]] database for data storage, a custom [[Content-addressable storage]] or CarvFS based data repository, and a [[Lucene]] index. AThe [[front end processor (program)\|front end]] for OCFA has not been made publicly available due to ~~licencing~~licensing issues.▼ ~~vast amounts of digital media data within the context of a computer forensic investigation. OCFA was build by the dutch national police to address the shortcomings of the commercial computer~~ ~~forensics tools like [[EnCase]] and [[Forensic Toolkit]] with respect to scalability, speed and most of all extendability.~~ The framework integrates with other open source forensic tools and includes modules for [[The Sleuth Kit]], Scalpel, Photorec, libmagic, [[GNU Privacy Guard]], [[objdump]], exiftags, zip, [[7-zip]], [[tar (computing)\|tar]], [[gzip]], [[bzip2]], [[RAR (file format)\|rar]], [[antiword]], qemu-img, and mbx2mbox. OCFA is extensible in [[C++]] or [[Java (programming language)\|Java]]. ▲The Open Computer Forensics Architecture is distributed primary as a [[back end]] architecture for the [[Linux]] platform. The results of the digital media processing are stored in a [[PostgreSQL]] database, a custom [[Content-addressable storage]] or CarvFS based data repository and a [[Lucene]] index. A [[front end]] for OCFA has not been made publicly available due to licencing issues. ==See also== OCFA comes with a small set of modules that integrate some common open source tools and libraries into the architecture. These include modules for integration of [[The Sleuth Kit]], Scalpel, Photorec, libmagic, * [[List of digital forensics tools]] [[GNU Privacy Guard]], [[objdump]], exiftags, zip, [[7-zip]], [[tar]], [[gnu zip]], [[bzip2]], [[rar]], [[antiword]], qemu-img, mbx2mbox, strings, many perl modules for mail and dbx processing, libewf and others. While these standard modules provide a reasonable environment for processing digital media, most of the power of OCFA comes from its extendability. OCFA comes with libraries for building your own modules in [[C++]] or [[Java]]. ==External links== Both the Java and C++ library provide an API for building custom OCFA modules for integration of other tools or libraries into the computer forensics process. Basic modules like this can produce derived data and add extracted meta-data to both the input data and the derived data. The C++ library also provides a second more advanced API for building modules that produce derived output with meta data at more than one level deep. * {{Official website\|https://sourceforge.net/apps/trac/ocfa/wiki}} * [http://www.linux-magazine.com/Issues/2008/93/OCFA Linux Magazine article on OCFA] * [https://www.springer.com/computer/security+and+cryptology/book/978-1-4419-5802-0 Open Source Software for Digital Forensics] {{Digital forensics}} [[Category:Digital forensics software]] [[Category:Data recovery]] [[Category:Distributed computing architecture]] [[Category:Software using the GNU Lesser General Public License]] {{Free-software-stub}}