An open source (GNU LGPLv3+) library for performing live memory forensics over the IEEE 1394 (“FireWire”) interface. Currently supported under GNU/Linux and Mac OS X, libforensic1394 improves upon existing libraries by providing a simple and clean interface to the the direct memory access functionality available over FireWire. In addition to a C API Python bindings are also available.
Further information can be found in the associated paper memory forensics over the IEEE 1394 interface.
The first public release of libforensic1394, version 0.2, was tagged earlier today. Source tarballs are available from the downloads section.
Available through git libforensic1394 is currently feature complete and undergoing extensive field testing.
A list of known bugs and limitations can be found in the BUGS file in the source distribution.
The following features can be expected in future revisions.
The latest version can always be downloaded from the projects git repository.
Complete Doxygen documentation is available.
libforensic1394 was written as a modern alternative to pythonraw1394 (a Python wrapper around libraw1394) featuring native support for the new “Juju” stack used by many GNU/Linux distributions.