Open Computer Forensics Architecture

---

Welcome

The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency [KLPD/Dutch]. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface.

Please visit our WIKI to find out about the technical information and how to use ocfa. The Project Page gives access to the download page.

Tested installations

At the moment two Linux installations are tested:

• Suse Linux Enterprise Server SLES 9.3 and SLES 10. (Recommended if HP support is required)
• Ubuntu 8.10 and 9.04, 32 and 64 bit. (Recommended for easy install)

Download source package

Download the source packages ocfa-2.x.xplx-gpl.tar.bz2 from the project files section.

Documentation

There are two documents prefarable to read:

• Installation howto: InstallingOcfaOnUbuntu.pdf
• Practical usage howto: PracticalUseOCFA.pdf

Get involved!

We encourage people interested in ocfa and involved in computer forensics to join our mailinglist

We are also looking for third party contributors to extend our module base. We are very happy with contributers like the University College Dublin UCD (REAPER), Karlstad University (FIVES), New Bulgarian University Sofia (module fivesfaces), Belgian Federal Police (Debian forensics packages)

Required knowledge

Ocfa is build on top of the Linux operating system. To use and install ocfa, knowledge of Linux is required. To operate ocfa, also knowledge of the SQL query language is preferable. Since ocfa is a digital forensics framework, the user needs some knowledge about computer forensics.