Bug#970202: ITP: forensics-samples -- Set of useful files to help to learn or test forensics tools and techniques
Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho <eriberto@debian.org>
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name : forensics-samples
Version : 1.0
Upstream Author : Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
* URL : https://github.com/eribertomota/forensics-samples
* License : MIT and CC-BY-SA-4.0
Description : Set of useful files to help to learn or test forensics tools and techniques
forensics-samples is a set of useful files to help to learn or test forensics
tools and techniques. These files are examples of pictures, filesystems and
other possible artifacts as memory dumps (not available yet).
forensics-samples is useful for students and CI tests. The main intent of this
work is provide a standardized set of files to avoid time waste in some tasks
when learning about forensics or testing tools.
There are some filesystem images available (currently: ext2, ext4, btrfs,
NTFS, FAT2 (vfat) and extFAT). Inside each filesystem image, all files from
"original-files" directory were copied and, after this, all directories ending
with "2" in their names were deleted. Is possible use tools to analyse the
files and their metadata or carvers to recover deleted files.
On Debian, forensics-samples also is useful to provide files to be used by
other packages in CI tests (autopkgtest), making several source-packages
smallest (e.g.: metacam, ext4magic, foremost, magicrescue, scrounge-ntfs,
etc). All you need is use it as a dependency for your test in
debian/tests/control file.
Reply to: