AFF4-L: A scalable open logical evidence container

With the proliferation of cloud-based evidence and locked down physical storage logical imaging is increasingly necessary in digital forensics. In practice closed formats are commonly used, however they lack extensibility and expressiveness, are poorly defined, and suffer from limited interoperability. This work proposes and implements an open logical imaging format based on the AFF4 evidence container, supporting scalable arbitrary metadata storage and deduplicated logical image storage.