1.2 What is AFF4?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

14 minutes
Video Transcription
This is computer forensics file formats. Why, you should be using a f F four.
All right, So what is a f f four? Very simply etc. Advanced forensics format. And it's the fourth version of this particular format. There have been
versions, you know, one through three over the years, and they all have their limitations. FF ores is the newest latest greatest version.
Um, quote Dr Schatz there directly. FF four Forensics container enables new approaches to forensics. Unparalleled forensic acquisition speed. Absolutely true. They're more accurate representation of evidence.
Ah, these are enabled through next generation forensic imaging features such as storage visualization, virtualization, Scuse me, arbitrary metadata and partial nonlinear and discontinuous images. You know, he's a PhD, right? Um, anyway, the form it's been around for a while is originally proposed back in 2009 by
the three of them working together. Michael Cohen. It Google
Ah, Simpson Garfinkel over at NHIS, National Student Standard Technology and Dr Bradley shots out from a tree.
Ah, so they got together and develop this protocol, the first actual standardized specifications for released March 30th of 2017 on dessert for two earlier that the standardization documentation is available on Get up. Everything about
the F F four is open source from the Python code with C code,
too. You know the standards document things like this. There's there's no mystery and what they're doing there. They go into great depth and detail on explaining how it works, which is also benefit of the protocol.
Up Next
Computer Forensics File Formats: Why you Should be Using AFF4

If you’re not using AFF4 (Advanced Forensics File Format v4) then your forensics process is stuck in the past. In this course we’ll be discussing the performance problems associated with the Expert Witness Format (E01/EX01) and raw or DD forensic images.

Instructed By