Open Computer Forensics Architecture
Encyclopedia
The Open Computer Forensics Architecture (OCFA) is an distributed
open source
computer forensics
framework used to analyze digital media
within a digital forensics laboratory environment. The framework was built by the Dutch national police.
platform, it uses a PostgreSQL
database for data storage, a custom Content-addressable storage
or CarvFS based data repository and a Lucene
index. The front end for OCFA has not been made publicly available due to licencing issues.
The framework integrates with other open source forensic tools and includes modules for The Sleuth Kit
, Scalpel, Photorec, libmagic,
GNU Privacy Guard
, objdump
, exiftags, zip, 7-zip
, tar
, gzip
, bzip2
, rar, antiword
, qemu-img and mbx2mbox. OCFA is extensible in C++
or Java
.
Distributed computing
Distributed computing is a field of computer science that studies distributed systems. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal...
open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
computer forensics
Computer forensics
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media...
framework used to analyze digital media
Digital media
Digital media is a form of electronic media where data is stored in digital form. It can refer to the technical aspect of storage and transmission Digital media is a form of electronic media where data is stored in digital (as opposed to analog) form. It can refer to the technical aspect of...
within a digital forensics laboratory environment. The framework was built by the Dutch national police.
Architecture
OCFA consists of a back end for the LinuxLinux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
platform, it uses a PostgreSQL
PostgreSQL
PostgreSQL, often simply Postgres, is an object-relational database management system available for many platforms including Linux, FreeBSD, Solaris, MS Windows and Mac OS X. It is released under the PostgreSQL License, which is an MIT-style license, and is thus free and open source software...
database for data storage, a custom Content-addressable storage
Content-addressable storage
Content-addressable storage, also referred to as associative storage or abbreviated CAS, is a mechanism for storing information that can be retrieved based on its content, not its storage location. It is typically used for high-speed storage and retrieval of fixed content, such as documents stored...
or CarvFS based data repository and a Lucene
Lucene
Apache Lucene is a free/open source information retrieval software library, originally created in Java by Doug Cutting. It is supported by the Apache Software Foundation and is released under the Apache Software License....
index. The front end for OCFA has not been made publicly available due to licencing issues.
The framework integrates with other open source forensic tools and includes modules for The Sleuth Kit
The Sleuth Kit
The Sleuth Kit is a library and collection of Unix- and Windows-based tools and utilities to allow for the forensic analysis of computer systems. It was written and maintained by digital investigator Brian Carrier. TSK can be used to perform investigations and data extraction from images of...
, Scalpel, Photorec, libmagic,
GNU Privacy Guard
GNU Privacy Guard
GNU Privacy Guard is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP...
, objdump
Objdump
objdump is a program for displaying various information about object files. For instance, it can be used as a disassembler to view executable in assembly form...
, exiftags, zip, 7-zip
7-Zip
7-Zip is an open source file archiver. 7-Zip operates with the 7z archive format, but can read and write several other archive formats. The program can be used from a command line interface, graphical user interface, or with Microsoft Windows shell integration. 7-Zip began in 1999 and is actively...
, tar
Tar
Tar is modified pitch produced primarily from the wood and roots of pine by destructive distillation under pyrolysis. Production and trade in tar was a major contributor in the economies of Northern Europe and Colonial America. Its main use was in preserving wooden vessels against rot. The largest...
, gzip
Gzip
Gzip is any of several software applications used for file compression and decompression. The term usually refers to the GNU Project's implementation, "gzip" standing for GNU zip. It is based on the DEFLATE algorithm, which is a combination of Lempel-Ziv and Huffman coding...
, bzip2
Bzip2
bzip2 is a free and open source implementation of the Burrows–Wheeler algorithm. It is developed and maintained by Julian Seward. Seward made the first public release of bzip2, version 0.15, in July 1996.-Compression efficiency:...
, rar, antiword
Antiword
Antiword is a free software reader for proprietary Microsoft Word documents, and is available for most computer platforms. Antiword can convert the documents from Microsoft Word version 2, 6, 7, 97, 2000, 2002 and 2003 to plain text, PostScript, PDF, and XML/DocBook .-Overview:The Word format is...
, qemu-img and mbx2mbox. OCFA is extensible in C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
or Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
.