3 releases (1 stable)
| 1.0.0 | Jul 24, 2022 |
|---|---|
| 1.0.0-rc.1 | Jul 17, 2022 |
| 1.0.0-beta.4 |
|
| 1.0.0-beta.1 |
|
| 0.1.0 | Feb 18, 2022 |
#32 in #forensics
85KB
1.5K
SLoC
zffanalyze
zffanalyze is a command line utility to analyze zff images.
Installation
Prerequisites
First, you need to install rust and cargo to build or install zffanalyze.
After that you still need the gcc, which you can install as follows (depends on the distribution):
Debian/Ubuntu
$ sudo apt-get install gcc
Fedora
$ sudo dnf install gcc
Then you can easily build this tool yourself by using cargo:
[/home/ph0llux/projects/zffanalyze] $ cargo build --release
Or you can install the tool directly from crates.io:
$ cargo install zffanalyze
Usage
To show the metadata of the given zff file, execute:
zffanalyze -i <YOUR_ZFF_IMAGE.z01>
If you want to perform an integrity check, you can simply execute:
zffanalyze -i <YOUR_ZFF_IMAGE.z01> -c
If you want to determine the authenticity of the data with an existing public key, then execute:
zffanalyze -i <YOUR_ZFF_IMAGE.z01> -k "c9IvuVj4lnGVSXR5Azx8SAyqQBpeHMKpB/4v8/Cj4Ew="
Dependencies
~16MB
~285K SLoC