Fiwalk and DFXML

From BitCurator
Jump to: navigation, search

Digital Forensics XML (DFXML) is a metadata schema designed to facilitate the sharing of structured information produced by forensic tools. DFXML is an attempt to standardize abstractions by providing a formalized language for describing forensic processes.

The BitCurator project published the first version of the DFXML Tag Library in February 2013. The library contains 72 elements generated by the software program fiwalk. The library describes the constraints of the schema and lists the following: tag name, element name, description, may contain, may occur within, attributes, allowable values, repeatable, mandatory, and an example of the element in use.

In October 2013, the DFXML schema moved into version 1.1.0. The most recent version of BitCurator's DFXML Tag Library can be found here.