FAQ

Frequently Asked Questions

What disk image formats does affuse support?

The affuse program only supports AFF, AFD and AFM formats. If you wish to mount EnCase (E01) images please use mount_ewf.

When you mount an AFF image with affuse, you will view the raw file in the file system. affuse will now show you the individual files in the disk image.

 

Why use AFF? What’s wrong with EnCase or raw block-by-block images?

The proprietary EnCaseā„¢ file format (also known as the Expert Witness file format) is widely used in computer forensics, but it has a number of limitations:

  • EnCase doesn’t support encryption or digital signatures of the evidence.
  • EnCase has limited support for metadata; applications can’t create arbitrary annotations or new metadata pairs.
  • EnCase creates many files with extensions like .E01, .E02, .E03 … If you lose just one file, the entire disk image is unusable.
  • Although the E01 format can detect errors, it cannot correct them.

The AFF format has solutions for each of those EnCase limitations:

  • AFF supports encryption and digital signatures.
  • AFF allows any number of metadata name/value pairs to be inserted in the evidence file.
  • A single AFF file may be any size; it is not limited to files that are 4GB or less.
  • AFF includes a RAID-like feature that can be used to reconstruct corrupt data in the event of on-disk corruption.
Why is AFFLIB distributed under the 4-clause Berkeley License?

Why is AFFLIB distributed under the 4-clause Berkeley License? Berkeley repudated the advertising clause. Do we need to advertise AFFLIB if we bundled AFF on a distribution of Unix or Linux tools?

We’ve decided to keep the advertising clause because Basis Technology, the company that funded a substantial amount of the AFFLIB development, wishes to be acknowledged in computer forensic products that use AFF. We do not consider the bundling of AFFLIB on a CDROM or online distribution of Linux utilities to meet the requirements in section 3—that is, unless the CDROM or distribution specifically mentions AFF. If you specifically mention AFF, you do need to indicate in the copyright statement that AFF contains code that is copyright by Simson Garfinkel and Basis Technology Corp.

Does AFFLIB compile under Windows?

AFFLIB compiles under Windows using either MinGW or Cygwin. The MinGW version can be used to create libraries that are linkable with Microsoft Visual Studio. You can also download pre-compiled versions of AFF for WIndows.

What open source libraries are required to compile AFF?

You will want the following:

  • Zlib (zlib-dev)
  • OpenSSL Libraries (crypto-dev) with SHA256 support.
  • expat (if you wish to use Amazon S3 support)
  • fuse-dev (if you wish to compile AFFUSE)

 

Pages

Blogroll

Downloads

Meta

Tags

afflib aimage bulk_extractor fiwalk release tcpflow