Crazy-fast-image-scan

From COPTR
Revision as of 11:35, 8 June 2021 by Prwheatley (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search




A script to scan media very quickly to find out what kind of content it contains
Homepage:https://metacpan.org/pod/distribution/File-FormatIdentification-RandomSampling/bin/crazy_fast_image_scan.pl
License:GNU General Public License 3.0
Function:File Format Identification,Content Profiling,Forensic




Usage[edit]

perl ./crazy_fast_image_scan.pl --image=/dev/sda

This scans the device /dev/sda.

perl ./crazy_fast_image_scan.pl --percent=0.00001 --image=cdrom.img

This scans the image using 0.00001 (0.001 %) bytes of the image.

Description[edit]

This script scans devices or images very fast using random sampling and reports what kind of content could be found. This is useful to decide which image or media could have stuff of interest and allows to prioritize the order of further examinations.

The script uses random sampling and is based on ideas by Simson Garfinkel in a talk http://simson.net/ref/2014/2014-02-21_RPI_Forensics_Innovation.pdf

It calculates the sectors of a given image or device, select n sector samples, seek to the sector positions and read it.

Retrieved from ‘https://coptr.digipres.org/index.php?title=Crazy-fast-image-scan&oldid=5032