Difference between revisions of "Crazy-fast-image-scan"
Jump to navigation
Jump to search
(file format identification tool for media images) |
Prwheatley (talk | contribs) |
||
| Line 1: | Line 1: | ||
{{Infobox tool | {{Infobox tool | ||
| − | |purpose= | + | |purpose=A script to scan media very quickly to find out what kind of content it contains |
|homepage=https://metacpan.org/pod/distribution/File-FormatIdentification-RandomSampling/bin/crazy_fast_image_scan.pl | |homepage=https://metacpan.org/pod/distribution/File-FormatIdentification-RandomSampling/bin/crazy_fast_image_scan.pl | ||
|license=GNU General Public License 3.0 | |license=GNU General Public License 3.0 | ||
| − | |function=File Format Identification | + | |function=File Format Identification, Content Profiling, Forensic |
}} | }} | ||
{{Infobox tool details}} | {{Infobox tool details}} | ||
| − | |||
== Usage == | == Usage == | ||
<code> | <code> | ||
Latest revision as of 11:35, 8 June 2021
Usage[edit]
perl ./crazy_fast_image_scan.pl --image=/dev/sda
This scans the device /dev/sda.
perl ./crazy_fast_image_scan.pl --percent=0.00001 --image=cdrom.img
This scans the image using 0.00001 (0.001 %) bytes of the image.
Description[edit]
This script scans devices or images very fast using random sampling and reports what kind of content could be found. This is useful to decide which image or media could have stuff of interest and allows to prioritize the order of further examinations.
The script uses random sampling and is based on ideas by Simson Garfinkel in a talk http://simson.net/ref/2014/2014-02-21_RPI_Forensics_Innovation.pdf
It calculates the sectors of a given image or device, select n sector samples, seek to the sector positions and read it.