Forensics
Patchlevel 2 release open computer forensics architecture. Nov 16 2007 08:36AM
Rob Meijer (capibara xs4all nl)
The new 2.0.6pl2 release of the open computer forensics architecture
(ocfa) has been put on sourceforge. The most important patches are:

* More strict configure scripts.
Fixes in configure for 64 bit (suse) platforms.
* Aditional rulelist for SLES 9, to work around the
problem that unzip is compiled without large file
support. As a workaround 7z module is used.
* Workaround for 7z bug that makes it produce its input file
as output if the file names ends with 'aa'
* Added workaround for indexer memory allocation problem.
Clucene grows its memory usage to about 4 times the size of
the largest file it is given to index, the workaround now makes
sure the indexer does not get and/or process large files.

The indexer problem solution, being a workaround is something we will take
as a main priority for upcomming releases. We are considdering dropping
the clucene based indexer and moving to the java version of lucene.
The upcomming 2.0.8 release will include some enhancements (xml based
serialisation for messaging) that should allow more easy integration of
other programming languages based modules, that should help us move more
cleanly to the java implementation of lucene.

CarvFs/LibEwf integration has run into an unexpected delay as a result of
composit memory consumption of carvfs/libewf in situations where numerous
encase images are mounted into the repository and are then iterated.

Rob Meijer

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus