AFF4: The New Standard in Forensic Image Format, and Why You Should Care

  • Webcast Aired Monday, 17 Apr 2017 3:00PM EDT (17 Apr 2017 19:00 UTC)
  • Speaker: Dr. Bradley Schatz

The traditional approach to forensic imaging hinders forensic workflow, imposing significant delays between evidence identification and meaningful analysis. Practitioners and responders are faced with the unsatisfactory choice of either forensically preserving only a limited amount of evidence while accepting the risk of missing relevant information (triage), or delaying analysis while waiting for full forensic preservation. This seminar will examine why a new forensic imaging format is needed, and outline the ongoing efforts in standardizing the Advanced Forensic Format 4 Forensic Container (AFF4). Originally proposed in 2009 by Michael Cohen, Simson Garfinkel, and Bradley Schatz, the AFF4 forensic container supports a range of next generation forensic image features such as storage virtualisation, extensible metadata, partial, non-linear and discontinuous images, and moreover significant speed improvements. Current AFF4 implementations include Evimetry, Rekall, the Pmem suite of Memory Acquisition tools, and Google Rapid Response. The seminar will present an introduction to the format and outline the current state of adoption within the forensic ecosystem.

To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training.'this training event brings together the most influential group of experts, the highest quality training, and the greatest industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses, and learn how to better protect your organization
  • The opportunity to network with fellow attendees at receptions and community-building events
  • A DFIR NetWars tournament to sharpen your skills and solve incident-related challenges