c-aff4 icon indicating copy to clipboard operation
c-aff4 copied to clipboard

Published 20 hours ago verified publisher icon Velocidex

Create example that enumerates a disk image

Open simsong opened this issue 5 years ago • 2 comments

I have a long-standing issue on bulk_extractor to add AFF4 support. To do this, I need an example that allows me to enumerate all of the bytes in an AFF4 volume.

  • Is there an example of how to do this?
  • If not, is this worth doing?

simsong avatar Feb 16 '20 00:02 simsong

Presumably you will use the C API? In that case it is really simple and it is described in the header

https://github.com/Velocidex/c-aff4/blob/master/aff4/libaff4-c.h

But to keep it simple this API only exposes the first stream (AFF4 files may contain multiple streams)

scudette avatar Feb 16 '20 00:02 scudette

Correct, that API only exposes the first stream, and AFF4 allows multiple streams and fragmented files. I want to iterate all streams, and then for each stream, I want to get all bytes. Except if stream A consists of a map of streams B and C, and B⋂C=∅, then want an iterator that gives me B and C, but not A.

simsong avatar Feb 16 '20 01:02 simsong