[Forensics-changes] [SCM] debian-forensics/aimage branch, debian, updated. upstream/3.2.4-9-g7f1fec6

Fri Mar 26 21:14:49 UTC 2010

The following commit has been merged in the debian branch:
commit 7f1fec6bbac681b881098c9ae45143fe81fa6803
Author: Christophe Monniez <christophe.monniez at fccu.be>
Date:   Fri Mar 26 22:11:21 2010 +0100

    Adding an initial man page.

diff --git a/debian/aimage.manpages b/debian/aimage.manpages
new file mode 100644
index 0000000..2fb19fb
--- /dev/null
+++ b/debian/aimage.manpages
@@ -0,0 +1 @@
+debian/manpages/*
diff --git a/debian/manpages/aimage.1 b/debian/manpages/aimage.1
new file mode 100644
index 0000000..e196616
--- /dev/null
+++ b/debian/manpages/aimage.1
@@ -0,0 +1,91 @@
+.\" 
+.TH "AIMAGE" "1" "2010-03-26" "" "create a forensic image in aff format"
+.SH "NAME"
+aimage \- tool to create forensic copy of a device in aff format.
+
+.SH "SYNOPSIS"
+\fBaimage\fR \fIINPUT1\fR \fR[OUTFILE1.aff] \fR[INPUT2] \fR[OUTPUT2.aff]
+
+.SH "DESCRIPTION"
+aimage is a tool to create copies of devices in a forensic manner.
+The resulting image can be in raw format, like a dd, or in aff format.
+AFF stands for Advanced Forensic Format which is an open format with multiple advantages:
+.TP
+.IP "\(bu" 4
+It can store arbitrary metadata.
+.IP "\(bu" 4
+The image can be compressed with a high compression level.
+.IP "\(bu" 4
+The resulting image can be encrypted.
+.IP "\(bu" 4
+The resulting image can be sliced into smaller pieces to fit on medias or filesystems than cannot hold large files.
+.SH "PARAMETERS"
+.IP "\fBINPUT1\fR device name or a file name that you want to create a forensic image from." 4
+.IP "\fBOUTFILE1\fR a filename for the output file. This parameter is mandatory unless you use the -o option." 4
+.PP
+You can specify more than one input and output files.
+.SH "CONFIGURATION FILE"
+A configuration file can be used to add metadata to the AFF file.
+This configration file contains questions to ask to the user of aimage just before the copy and the correspondig fields to store in AFF file.
+.SH "OPTIONS"
+.IP "\fB\-q, \-\-quiet\fR No interactive statistics." 4
+.IP "\fB\-Y, \-\-batch\fR Batch output, continuously print statistics to standard ouput instead of a static screen." 4
+.IP "\fB\-Q, \-\-silent\fR No output at all except for errors." 4
+.IP "\fB\-R nnnn, \-\-readsectors=nnnn\fR set number of sectors to read at once (default 32768)." 4
+.IP "\fB\-v, \-\-version\fR print version number and exit." 4
+.IP "\fB\-k nn[s], \-\-skip=nn[s]\fR skip nn bytes from the start of the input. Use nns to skip sectors instead of bytes." 4
+.IP "\fB\-B, \-\-no_beeps\fR Don't beep when imaging is finished." 4
+.IP "\fB\-l LOGFILE, \-\-logfile=LOGFILE\fR Specify a log filename (no log file is written by default)." 4
+.IP "\fB\-G, \-\-logAFF\fR Log AFF operations." 4
+.IP "\fB\-p, \-\-preview\fR view some of the data as it goes by. This option does not work when \fB\-q or \-Y\fR is specified." 4
+.IP "\fB\-b, \-\-verify\fR verify the input against the output file." 4
+.IP "\fB\-w, \-\-wipe\fR verify after imaging, and, if valid, wipe the source. BE CARREFUL."
+.IP "\fB-C 'COMMAND', \-\-exec 'COMMAND'\fR Execute the command COMMAND after imaging (before wiping). Use the '%s' variable for image name." 4
+.IP "\fB\-z, \-\-zap\fR Erase ouput file(s) before writing them."
+.IP "\fB\-o FILENAME, \-\-outfile=FILENAME\fR Specify the output file name as FILENAME." 4
+.IP "\fB\-S nnnn, \-\-image_pagesize=nnnn\fR Specify the AFF page size as nnnn (default to 16777216) (number can be suffixed with b, k, m or g)." 4
+.IP "\fB\-m, \-\-make_config\fR Make a sample config file if it doesn't exist.
+Config file is aimage.cfg by default and can be overridden by the AIMAGE_CONFIG enviroment variable.
+If the config file doesn't exists, it's created and the programs exits right after.
+If the config file exists, the programs directly starts the copy." 4
+.IP "\fB\-D, \-\-no_dmesg\fR Do not put dmesg into the AFF file." 4
+.IP "\fB\-x, \-\-no_compress\fR Do not compress. Useful on slow machines." 4
+.IP "\fB\-Xn, \-\-compression=n\fR Set the compression level to n." 4
+.IP "\fB\-L, \-\-lzma_compress\fR Use LZMA compression (slow but better)." 4
+.IP "\fB\-A, \-\-auto_compress\fR Write as fast as possible, with compression if it helps. Sets compression level 1." 4
+.IP "\fB\-Mn, \-\-maxsize=n\fR Sets the maximum size of output file to be n megabytes if no suffix is specified." 4
+self explanatory suffixes maybe 'g', 'm', 'k' or 'b'.
+.PP
+.IP "Replace n by :" 4
+.IP "\'cd\' for a 650MB CD." 4
+.IP "\'bigcd\' for a 700MB CD." 4
+.IP "\'dvd\' for a DVD." 4
+.IP "\'dvddl\' for a DVD-DL." 4
+.IP "\fB\-g name=value, \-\-setseg name=value\fR" 4
+Create segment 'name' and give it 'value'. The purpose of this option is to insert an arbitrary metadata into th AFF file.
+This option may be repeated.
+.IP "\fB\-H,  \-\-no_hash\fR Do not calculate MD5, SHA1 and SHA256 of image." 4
+.IP "\fB\-e0, \-\-error_mode=0\fR Standard error recovery:" 4
+ Read disk 256KiB at a time until there are 5 errors in a row, then go to the end of the disk and read backwards until there are 5 erros in a row. Then stop.
+.IP "\fB\-e1, \-\-error=1\fR Stop reading at first error." 4
+.IP "\fB\-tnn, \-\-retry=nn\fR Change retry count from 5 to nn" 4
+.IP "\fB\-V, \-\-reverse\fR Scan in reverse to the beginning." 4
+.IP "\fB\-c, \-\-recover-scan\fR Starting with an AFF file that has been partially acquired, try to read each page, 8 sectors at a time (implies --append)." 4
+.IP "\fB\-h, \-\-help\fR Give an help message." 4
+.IP "\fB\-Z, \-\-fast_quit\fR When you hit \'^c\', just exit immediately." 4
+.IP "\fB\-E, \-\-allow_regular\fR Allow the imaging of a regular file instead of a device." 4
+.IP "\fB\-T, \-\-title=s\fR Change title to s (from IMAGING) and disable blink." 4
+.IP "\fB\-d n, \-\-debug=n\fR Set debug code n (-d0 for list)." 4
+.IP "\fB\-y, \-\-use_timers\fR Use timers for compressing, reading & writing times." 4
+.IP "\fB\-i, \-\-ident\fR Just print the ident information and exit (for testing)." 4
+.SH EXAMPLES
+.SS "Create image.aff from /dev/sd0:"
+.IP
+aimage /dev/sd0 image.aff
+aimage \fB\-o\fR image.aff /dev/sd0
+.SS "Create image0.aff from /dev/sd0 and image1 from /dev/sd1:"
+.IP
+aimage /dev/sd0 image0.aff /dev/sd1 /image1.aff
+.SH "AUTHOR"
+This manual page was written by Christophe Monniez <christophe.monniez at fccu.be>
+for the Debian project (but may be used by others).

-- 
debian-forensics/aimage

