The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency [KLPD/Dutch]. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface.
Please visit our WIKI to find out about the technical information and how to use ocfa. The Project Page gives access to the download page.
Download the source packages ocfa-2.x.xplx-gpl.tar.bz2 from the project files section.
There are two documents prefarable to read:
We encourage people interested in ocfa and involved in computer forensics to join our mailinglist
We are also looking for third party contributors to extend our module base. We are very happy with contributers like the University College Dublin UCD (REAPER), Karlstad University (FIVES), New Bulgarian University Sofia (module fivesfaces), Belgian Federal Police (Debian forensics packages)
Ocfa is build on top of the Linux operating system. To use and install ocfa, knowledge of Linux is required. To operate ocfa, also knowledge of the SQL query language is preferable. Since ocfa is a digital forensics framework, the user needs some knowledge about computer forensics.