Digital Forensics XML explained

Digital Forensics XML (DFXML) is an XML language used to automate digital forensics processing. DFXML contains information about both the results of forensic processing and the tools used to perform the processing (provenance). Currently there is no Digital Forensics XML standard and there is no fixed schema. There is a draft schema available from NIST.

References

  1. Simson Garfinkel, Digital Forensics XML and the DFXML toolset, Digital Investigation, 2012.
  2. Simson L. Garfinkel, Automating Disk Forensic Processing with SleuthKit, XML and Python, Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22)

See also