![]() Traditional forensic image files, such as DD, AFF or E01 files, typically contain the entire file system structure, including partition data, slack space, unallocated data, full file metadata, etc. Now as to exactly what a ‘forensic image container’ means in this context was the next phase of my research. The AD1 File FormatĪD1 files are an AccessData proprietary format described on their official blog as being a “ forensic image container” 1, meaning that they are not very well documented online, which is to be expected. ![]() Should anyone reading this know of a CLI tool or method that I am not aware of which can perform these extractions, please let me know. Interestingly, even after extensive searching online, I could not find a reliable way to extract AD1 data from the Linux command-line.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |