Permalink
Browse files

Reorganized the files and added licensing information, README etc.

  • Loading branch information...
scudette committed Jan 16, 2015
1 parent 7c88c2f commit 101920b90aee3c46346220004384f46a9a0a6f06
@@ -0,0 +1,26 @@
Want to contribute? Great! First, read this page (including the small print at
the end).
### Before you contribute
Before we can use your code, you must sign the [Google Individual Contributor
License
Agreement](https://developers.google.com/open-source/cla/individual?csw=1)
(CLA), which you can do online. The CLA is necessary mainly because you own the
copyright to your changes, even after your contribution becomes part of our
codebase, so we need your permission to use and distribute your code. We also
need to be sure of various other things—for instance that you'll tell us if you
know that your code infringes on other people's patents. You don't have to sign
the CLA until after you've submitted your code for review and a member has
approved it, but you must do it before we can put your code into our codebase.
Before you start working on a larger contribution, you should get in touch with
us first through the issue tracker with your idea so that we can help out and
possibly guide you. Coordinating up front makes it much easier to avoid
frustration later on.
### Code reviews
All submissions, including submissions by project members, require review. We
use Github pull requests for this purpose.
### The small print
Contributions made by corporations are covered by a different agreement than
the one above, the Software Grant and Corporate Contributor License Agreement.
@@ -1,2 +1,31 @@
# aff4
The Advanced Forensics File Format
# AFF4 -The Advanced Forensics File Format
The Advanced Forensics File format 4 was originally designed and published in
"Extending the advanced forensic format to accommodate multiple data sources,
logical evidence, arbitrary information and forensic workflow" M.I. Cohen,
Simson Garfinkel and Bradley Schatz, digital investigation 6 (2009) S57–S68.
The format is an open source format used for the storage of digital evidence and
data.
The original paper was released with an earlier implementation written in
python. This project is a complete open source re-implementation for a general
purpose AFF4 library.
## What is currently supported.
Not all features described in the paper are currently supported:
1. Writing and Reading ZipFile style volumes.
2. Writing and Reading AFF4 Image streams using the deflate or snappy compressor.
3. Writing and reading RDF metadata using both YAML and Turtle.
What is not yet supported:
1. Encrypted AFF4 volumes.
2. Persistent data store.
3. HTTP backed streams.
4. Splitting an AFF4 Image across multiple volumes.
5. Map streams.
6. Support for signed statements or Bill of Materials.
7. Logical file acquisition.
2 aff4.h

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.
File renamed without changes.
@@ -0,0 +1,115 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
#ifndef AFF4_BASE_H
#define AFF4_BASE_H
// Decleations for basic AFF4 types.
#include "rdf.h"
#include "data_store.h"
template<typename T>
RDFValue *fCreate() {
return new T();
};
struct AFF4Schema {
string classname;
RDFValue* (*constructor)();
};
/**
All AFF4 objects extend this basic object.
AFF4Objects present an external API for users. There are two main ways to
instantiate an AFF4Object:
1) To create a new object, one uses the static Factory function defined in
the AFF4 public interface. For example:
static unique_ptr<ZipFile> NewZipFile(unique_ptr<AFF4Stream> stream);
This will return a new instance of the AFF4Object. When the object is
deleted, it will be flushed to the AFF4 resolver.
2) Similarly, to open an existing object, the static factory function can be
used. e.g.:
static unique_ptr<ZipFile> OpenZipFile(URN urn);
Typically only the URN is required as a parameter. Note that if the
object stored at the specified URN is not of the required type, this
method will fail and return NULL.
Internally all AFF4 objects must be able to be recreated exactly from the
AFF4 resolver. Therefore the following common pattern is followed:
static unique_ptr<XXXX> NewXXXX(arg1, arg2, arg3) {
this->Set(predicate1, arg1);
this->Set(predicate2, arg2);
this->Set(predicate3, arg2);
// instantiate the object.
XXXX(arg1, arg2, arg3);
// Now, when the object is destroyed the predicates set above will
// be flushed to storage.
};
static unique_ptr<XXXX> OpenXXXX(URN urn) {
InitAFF4Attributes(); // Load all attributes from the resolver.
arg1 = this->Get(predicate1);
arg2 = this->Get(predicate2);
arg3 = this->Get(predicate3);
return unique_ptr<XXXX>(new XXX(arg1, arg2, arg3));
};
**/
class AFF4Object {
protected:
// AFF4 objects store attributes.
AFF4_Attributes attributes;
AFF4Schema schema[1] = {
{"URN", &fCreate<URN>}
};
string name = "AFF4Object";
public:
URN urn;
// AFF4 objects are created using the following pattern:
// obj = AFF4_FACTORY.Create(type)
// obj.Set(attribute1, value1)
// obj.Set(attribute2, value2)
// if (!obj.finish()) {
// Failed to create object.
// }
AFF4Object(); // Used by the factory for generic
// instantiation.
// By defining a virtual destructor this allows the destructor of derived
// objects to be called when deleting a pointer to a base object.
virtual ~AFF4Object() {};
AFF4Status Flush();
};
#endif // AFF4_BASE_H
@@ -0,0 +1,28 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
#ifndef AFF4_ERRORS_H
#define AFF4_ERRORS_H
typedef enum {
STATUS_OK = 1,
NOT_FOUND = -1,
INCOMPATIBLE_TYPES = -2,
MEMORY_ERROR = -3,
GENERIC_ERROR = -4,
INVALID_INPUT = -5
} AFF4Status;
#endif // AFF4_ERRORS_H
@@ -1,3 +1,18 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
#include "lexicon.h"
#include "aff4_image.h"
#include <zlib.h>
@@ -40,6 +55,11 @@ int AFF4Image::Write(const char *data, int length) {
FlushChunk(chunk.c_str(), chunk.length());
};
readptr += length;
if (readptr > size) {
size = readptr;
};
return length;
};
@@ -51,5 +71,8 @@ AFF4Image::~AFF4Image() {
oracle.Set(urn, AFF4_TYPE, new URN(AFF4_IMAGE_TYPE));
oracle.Set(urn, AFF4_STORED, new URN(volume_urn));
oracle.Set(urn, AFF4_IMAGE_CHUNK_SIZE, new XSDInteger(chunksize));
oracle.Set(urn, AFF4_STREAM_SIZE, new XSDInteger(size));
oracle.Set(
urn, AFF4_IMAGE_COMPRESSION, new URN(AFF4_IMAGE_COMPRESSION_DEFLATE));
};
};
@@ -0,0 +1,45 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
#ifndef _AFF4_IMAGE_H_
#define _AFF4_IMAGE_H_
#include "aff4_io.h"
class AFF4Image: public AFF4Stream {
private:
int FlushChunk(const char *data, int length);
protected:
string buffer;
unique_ptr<AFF4Stream> bevy_index;
unique_ptr<AFF4Stream> bevy;
URN volume_urn;
public:
virtual ~AFF4Image();
unsigned int chunksize = 32*1024;
static unique_ptr<AFF4Image> NewAFF4Image(string filename, AFF4Volume &volume);
virtual int Write(const char *data, int length);
using AFF4Stream::Write;
};
#endif // _AFF4_IMAGE_H_
Oops, something went wrong.

0 comments on commit 101920b

Please sign in to comment.