AFF4 Standard v1.0 Released
Originally proposed in 2009 by Michael Cohen, Simson Garfinkel, and Bradley Schatz, the AFF4 forensic container enables new approaches to forensics, unparalleled forensic acquisition speeds and more accurate representation of evidence. These are enabled through next-generation forensic image features such as storage virtualisation, arbitrary metadata, and partial, non-linear and discontiguous images. The standard is the culmination of research spanning 8 years and 4 scientifically peer reviewed papers.
Bradley Schatz (Evimetry) and Michael Cohen (Google) have collaborated to make freely available:
* a set of canonical reference images which serve as ground truth for the format [1]; and
* an explanatory specification document describing the format in detail [2]; and
* a Python reference implementation capable of reading the format [3].
This release of a standard specification for the file format is a milestone towards the wider adoption of the format, providing implementers an unambiguous and straightforward path to implementation. The release of the AFF4 Standard coincides with the limited release of Evimetry Community Edition, a freely licensed subset of the AFF4 based forensic tool, and in the coming days, a C++ implementation and patches to the Sleuth Kit, and support for Volatility and Rekall.
Implementers and interested parties are invited to join the AFF4 Working Group mailing list [4], and/or contact Bradley Schatz or Michael Cohen.
Contact:
Bradley Schatz ( bradley@evimetry.com <mailto:bradley@evimetry.com> )
Michael Cohen (scudette@google.com <mailto:scudette@google.com> )
[1] https://github.com/aff4/ReferenceImages
[2] https://github.com/aff4/Standard
[3] https://github.com/google/aff4/tree/master/pyaff4
[4] https://groups.google.com/d/forum/aff4-wg