SeqBox - A single file container/archive that can be reconstructed even after total loss of file system structures

  •        10

An SBX container exists both as a normal file in a mounted file system, and as a collection of recognizable blocks at a lower level.SBX blocks have a size sub-multiple/equal to that of a sector, so they can survive any level of fragmentation. Each block have a minimal header that include a unique file identifier, block sequence number, checksum, version. Additional, non critical info/metadata are contained in block 0 (like name, file size, crypto-hash, other attributes, etc.).

https://github.com/MarcoPon/SeqBox

Tags
Implementation
License
Platform

   




Related Projects

Kickass Undelete

  •    CSharp

Kickass Undelete is a free, fully featured, file recovery tool for Windows. Accidentally deleted a file? Never fear; the data is probably still on your drive and may be recoverable. Kickass Undelete finds all of the deleted files on your hard drive, flash drive or SD card and allows you to recover them.

CarvPath

  •    C

LibCarvpath is a library for computer forensics carving tools.It provides the low level needs of zero-storage carving using virtual paths. These virtual file paths can be used in conjunction with the CarvFS filesystem.

ROPMEMU - ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

  •    Python

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form that can be analyzed by traditional reverse engineering tools. In particular, it is based on memory forensics (as its input is a physical memory dump), code emulation (to faithfully rebuild the original ROP chain), multi-path execution (to extract the ROP chain payload), CFG recovery (to rebuild the original control flow), and a number of compiler transformations (to simplify the final instructions of the ROP chain). Specifically, the memory forensics part is based on Volatility [1] plugins. The emulation and the multi-path part is implemented through the Unicorn emulator [2].

ext3carve

  •    C

Ext3FS/Ext2FS File Recovery or Semantic File Carving tool.Recovers GIF/JPEG/MS-Word/PNG/HTML/JAVA/MP3 doc fileslt;48KB if default block size=4kb.(if default size=8kb then recovers 96kb file)Identifying and recovering files based on analysis of file for

C++ Hash Container Benchmark

  •    

C++ Hash Container Benchmark for STL map, C++0x unordered map, Boost unordered map, ATL map and ATL hash map for STL wide string and ATL CString.


Metadata and File Management Archiver

  •    PHP

This project will meet a variety of needs, borrowing from a wide variety of technology for handling files, creating/browing metadata, zipping files up for sending and automated cataloguing of files, descriptions, dates, types, etc. into a database.

grafeas - Cloud artifact metadata CRUD API and resource specifications

  •    Go

Grafeas defines an API spec for managing metadata about software resources, such as container images, Virtual Machine (VM) images, JAR files, and scripts. You can use Grafeas to define and aggregate information about your project's components. Grafeas divides the metadata information into notes and occurrences. Notes are high-level descriptions of particular types of metadata. Occurrences are instantiations of notes, which describe how and when a given note occurs on the resource associated with the occurrence. This division allows third-party metadata providers to create and manage metadata on behalf of many customers. It also allows for fine-grained access control of different types of metadata.

FlashBack - Digital Image Recovery

  •    CSharp

FlashBack is an JPG image recovery application for flash cards. It will attempt to recover the original image and preserve metadata. Currently it only recovers JPG files. Soon it will it will recover most raw formats.

DMZS-Biatchux Bootable CD Distro

  •    C

Bootable CD Forensics/Virus Scanning/Recovery/PenTesting platform

autopsy - Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools

  •    Java

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Installers can be found at: http://www.sf.net/projects/autopsy/files/autopsy

container-structure-test - validate the structure of your container images

  •    Go

The Container Structure Tests provide a powerful framework to validate the structure of a container image. These tests can be used to check the output of commands in an image, as well as verify metadata and contents of the filesystem. Tests can be run either through a standalone binary, or through a Docker image.

vinetto

  •    Python

Vinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.

johm - JOhm is a Object-hash mapping library for Java for storing objects in Redis

  •    Java

JOhm is a blazingly fast Object-Hash Mapping library for Java inspired by the awesome Ohm. The JOhm OHM is a modern-day avatar of the old ORM's like Hibernate with the difference being that we are not dealing with an RDBMS here but with a NoSQL rockstar.JOhm is a library for storing objects in Redis, a persistent key-value database. JOhm is designed to be minimally-invasive and relies wholly on reflection aided by annotation hooks for persistence. The fundamental idea is to allow large existing codebases to easily plug into Redis without the need to extend framework base classes or provide excessive configuration metadata.

mig - Distributed & real time digital forensics at the speed of the cloud

  •    Go

MIG is Mozilla's platform for investigative surgery of remote endpoints.You can spin up a local-only MIG setup using docker. The container is not suitable for production use but lets you experiment with MIG quickly.

Emails Outlook Mac Recovery Software That Is Provenly Better Than Others

  •    

Recover OLM Emails with Outlook Mac Recovery Software that restore Mac OLM files as well as Convert OLM files in EML and DBX file format.

icloudaccess - A class that simplifies working with iCloud.

  •    Objective-C

iCloud Access is a simple class that makes it easier to work with iCloud, hiding details such as file coordination and metadata queries. It is much more like accessing a web service with a Cocoa networking class, which most developers are more used to. The class was originally developed as part of the Ensembles Core Data Sync framework, and has been extracted for easier integration in projects not using Ensembles.

nar - node

  •    LiveScript

Idiomatic application packager utility for node.js to create self-contained executable applications that are ready-to-ship-and-run.nar provides built-in support for creating, extracting, installing and running applications easily from a simple configuration through a featured command-line interface or evented programmatic API.

S2 Services Excel Recovery

  •    

MS recommended Excel recovery methods in one GUI - adds 4 of its own.

Fugenschnitzer

  •    C

Fugenschnitzer is a quick and easy to use Seam Carving program. Fugenschnitzer -- Seam Carving for everyone.