Crazy-fast-image-scan

From COPTR
Revision as of 08:40, 27 May 2021 by Andreas Romeyke (talk | contribs) (file format identification tool for media images)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search



crazy-fast-image-scan is a script to scan media very quickly to find out what kind of content it contains
Homepage:https://metacpan.org/pod/distribution/File-FormatIdentification-RandomSampling/bin/crazy_fast_image_scan.pl
License:GNU General Public License 3.0
Function:File Format Identification




Usage

perl ./crazy_fast_image_scan.pl --image=/dev/sda

This scans the device /dev/sda.

perl ./crazy_fast_image_scan.pl --percent=0.00001 --image=cdrom.img

This scans the image using 0.00001 (0.001 %) bytes of the image.

Description

This script scans devices or images very fast using random sampling and reports what kind of content could be found. This is useful to decide which image or media could have stuff of interest and allows to prioritize the order of further examinations.

The script uses random sampling and is based on ideas by Simson Garfinkel in a talk http://simson.net/ref/2014/2014-02-21_RPI_Forensics_Innovation.pdf

It calculates the sectors of a given image or device, select n sector samples, seek to the sector positions and read it.