BlockHashLoc

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(New page)
 
(add ForensicsWiki entry link (all details already included))
 
Line 22: Line 22:
  
 
* [https://github.com/MarcoPon/BlockHashLoc BlockHashLoc] GitHub repository
 
* [https://github.com/MarcoPon/BlockHashLoc BlockHashLoc] GitHub repository
 +
 +
== Links ==
 +
* [https://web.archive.org/web/20190911115527/http://www.forensicswiki.org/wiki/BlockHashLoc ForensicsWiki entry]

Latest revision as of 16:02, 28 October 2020

File Format
Name BlockHashLoc
Ontology
Extension(s) .bhl
Reference Implementation https://github.com/MarcoPon/BlockHashLoc
Endianness Big_endian
Developed By Marco Pontello
Released 2017

BHL - BlockHashLoc

The purpose of BlockHashLoc (BHL) is to enable the recovery of files after total loss of File System structure, or without even knowing what FS was used in the first place.

The way it can recover a given file is by keeping a (small) parallel BHL file with a list of crypto-hashes of all the blocks (of selectable size) that compose it. So it's then possible to read blocks from a disk image/volume, calculate their hashes, compare them with the saved ones and rebuild the original file.

With adequately sized blocks (512 bytes, 4KB, etc. depending on the media and File System), this let one recover a file regardless of the FS used, or the FS integrity, or the fragmentation level.

[edit] Identification

A BHL files start with bytes 42 6C 6F 63 6B 48 61 73 68 4C 6F 63 1A, or "BlockHashLoc"+EOF in ASCII.

[edit] Format description

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox