Abstract
Uforia is a simple, flexible and extensible framework for analysis and parsing of file metadata. It has been written in Python and is available under the GPLv2. Uforia traverses a file-system and triggers a configurable set of modules for every file it encounters. Out-of-the-box, Uforia conforms to the NIST standard for forensic hashing by storing the currently most common three cryptographic hashes for each file: the MD5, SHA-1 and SHA-256 hash. Uforia strives for optimal scaling of the metadata-analysis by offering an easily configurable threading model of both its Producers and Consumers. Additionally, the interface is written and intended to be as loosely coupled as possible, as to easily reduce, replace or increase the Producer’s and Consumer’s functionalities to match the specific needs of the user. Uforia also attempts to reduce database redundancy to a minimum in the same way, by only loosely coupling database tables and delegating the relevant parts of the data-model to be handled by the individual modules. Each of these modules will perform its tasks asynchronously of Uforia and is automatically detected, registered and called to handle its specific filetypes. Uforia does not yet come with a front-end interface for viewing the information stored in the database, but the database contents stored could theoretically already be applied to a wide variety of situations, such as searching for specific metadata or information during a forensic investigation, for filesystem-level deduplication or even for creating custom known file hash tables. The interface for creating new database handlers and modules has been simplified as much as possible, allowing for easy extensibility and tailoring to each use-case’s specific requirements.
Similar content being viewed by others
Notes
The Electronic Discovery Reference Model (EDRM), EDRM Stages Explained, Mar 30th 2012.
Digital Forensics Framework, http://www.digital-forensic.org/, retrieved on October 25\({\text{ th}}\) 2012.
AccessData FTK, http://accessdata.com/products/digital-forensics/ftk, retrieved on October 24\({\text{ th}}\) 2012.
Guidance Software Encase, http://www.guidancesoftware.com/, retrieved on October 24\({\text{ th}}\) 2012.
Secure Hashing, Approved Algorithms, Mar 6\({\text{ th}}\) 2012, National Institute of Standards and Technology (NIST).
References
The Electronic Discovery Reference Model (EDRM)EDRM Stages Explained, Mar 30th 2012
Digital Forensics Framework, http://www.digital-forensic.org/, (2012) Retrieved on Oct 25 2012
AccessData FTK, http://accessdata.com/products/digital-forensics/ftk,(2012) Retrieved on Oct 24 2012
Guidance Software Encase, http://www.guidancesoftware.com/, (2012) Retrieved on Oct 24 2012
National Institute of Standards and Technology (NIST): Secure Hashing, Approved Algorithms, Mar 6 2012
Acknowledgments
We would like to acknowledge and thank the following people for their contributions to Uforia: Drs. G.F. de Boer, E. Hoeksema and A. Verstegen for their feedback on the program and database model. C. Baijens, J. Molenaar and C. Goedhart for their development of the initial version. B. van der Wal for his contributions in cleanups, rewrites and documentation of the initial version’s code-base.
Author information
Authors and Affiliations
Corresponding author
Additional information
If you would like to participate in Uforia, please contact the development team by E-mail: uforia@dhcp.net.
Rights and permissions
About this article
Cite this article
Eijkhoudt, A., Suerink, T. Uforia: Universal forensic indexer and analyzer. J Comput Virol Hack Tech 9, 59–63 (2013). https://doi.org/10.1007/s11416-013-0177-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-013-0177-4