±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33162
New Yesterday: 0 Visitors: 225

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Tools that can detect differences between two images?

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3  Next 
  

Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 3:43 am

Hi all,

I'm wondering if such a tool exists that can take two forensic images and detect differences between them.

For example, two images from the same system taken a day apart and the tool could highlight the new or changed files/folders between the two.

Thanks!  

engdan
Newbie
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 4:12 am

On MS Windows:

X-Ways Forensics.
Select "Tools -> Compare Data"
Choose two files/images to compare.
Creates a search list of differences (or a very large txt file if you want!)

or on Linux:

Use 'cmp' command.
The output may not be as immediately useful as the X-Ways/Windows option.  

AmNe5iA
Member
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 4:34 am

- engdan
Hi all,

I'm wondering if such a tool exists that can take two forensic images and detect differences between them.

For example, two images from the same system taken a day apart and the tool could highlight the new or changed files/folders between the two.

Thanks!


Mounting both images read-only and then making a "diff" of the drives gives you all answers. Simple solution, isnt it?

best regards,
Robin  

Bunnysniper
Senior Member
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 4:39 am

- Bunnysniper


Mounting both images read-only and then making a "diff" of the drives gives you all answers. Simple solution, isnt it?

best regards,
Robin


Ah! It's so easy to over-complicate these things, eh? Thanks for the advice.  

engdan
Newbie
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 4:40 am

- AmNe5iA
On MS Windows:

X-Ways Forensics.
Select "Tools -> Compare Data"
Choose two files/images to compare.
Creates a search list of differences (or a very large txt file if you want!)

or on Linux:

Use 'cmp' command.
The output may not be as immediately useful as the X-Ways/Windows option.


Thank you! It also looks (from the online manual atleast) that WinHex Free can do this too. I'll check it out, thanks for your advice.  

engdan
Newbie
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 5:53 am

- Bunnysniper

Mounting both images read-only and then making a "diff" of the drives gives you all answers.

What do you suggest (which specific tool/program) would you suggest to make the "diff" of the drives?

Why would you mount them to volumes?

If you mount them to volumes then you can make a DIR (or ls) of each volume and compare the results with diff, still there well might be AFAIK "sync" problems, a tool like -say - Winmerge:
winmerge.org/

might be more suited (I am pretty sure that similar Linux tools do exist)

@AmNe5iA
That would be a "binary compare" , woudn't it?
If yes, it makes not really much sense - with all due respect - if the scope is that of "highlight the new or changed files/folders between the two.".
With a binary compare you will have thousands, maybe millions of single byte differences and a single byte shift may make them millions or billions.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Tools that can detect differences between two images?

Post Posted: Tue Oct 10, 2017 6:07 am

- engdan
Hi all,

I'm wondering if such a tool exists that can take two forensic images and detect differences between them.

For example, two images from the same system taken a day apart and the tool could highlight the new or changed files/folders between the two.

Thanks!


I would use MFT2CSV to produce 2 CSV from the 2 images. And then "diff" the two CSV  

mansiu
Senior Member
 
 

Page 1 of 3
Go to page 1, 2, 3  Next