Testing Disk Imaging Tools
|
|
|
- Amelia Wright
- 7 years ago
- Views:
Transcription
1 DIGITAL FORENSIC RESEARCH CONFERENCE Testing Disk Imaging Tools By James Lyle Presented At The Digital Forensic Research Conference DFRWS 2002 USA Syracuse, NY (Aug 6 th - 9 th ) DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors technical working groups, annual conferences and challenges to help drive the direction of research and development.
2 NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md
3 Talk Overview Project Background Test methodology Creating the disk imaging specification Testing imaging tools Current CFTT status Future directions DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 2
4 DISCLAIMER Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the products are necessarily the best available for the purpose. DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 3
5 Goals of CFTT Problem: Computer forensic investigators need tools that Work well and Produce results admissible in court Response: Establish a testing methodology by developing for forensic tools Specifications Test procedures Test cases DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 4
6 Why is NIST involved? Mission: Assist federal, state & local agencies NIST is a neutral organization not law enforcement or vendor NIST provides an open, rigorous process DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 5
7 Overview of Methodology CFTT directed by Steering Committee Functionality driven Specifications developed for specific categories of activities, e.g., disk imaging, hard drive write protect, etc. Test methodology developed for each category DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 6
8 Developing a Specification After tool category selected by SC Focus group (law enforcement + ITL) develop tool category specification Spec posted to web for public comment Comments incorporated Develop test environment DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 7
9 Tool Test Process After SC selects a tool Acquire tool & review documentation Select test cases Execute test cases Produce test report DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 8
10 Capabilities to test disk imaging Accuracy of copy Compare disks Initialize disk sectors to unique content Verify source disk unchanged Corrupt an image file Error handling: reliably faulty disk DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 9
11 Test Case Structure: Setup 1. Record details of source disk setup. 2. Initialize the source disk to a known value. 3. Hash the source disk and save hash value. 4. Record details of test case setup. 5. Initialize a destination disk. 6. If the test requires a partition, create and format a partition on the destination disk. 7. If the test uses an image file, partition and format a disk for the image file. DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 10
12 Test Case Structure: Run Tool 8. If required, setup I/O error 9. If required, create image file 10. If required, corrupt image file 11. Create destination DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 11
13 Test Case Structure: Measure 12. Compare Source to Destination 13. Rehash the Source DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 12
14 Disk Imaging Test Parameters Parameter Functions Value Copy, Image, Verify Source interface BIOS to IDE, BIOS to SCSI, ATA, ASPI, Legacy BIOS Dst interface Relative size Errors Object type Remote access Src=Dst, Src<Dst, Src>Dst None, Src Rd, Dst Wt, Img R/W/C Disk, FAT12/16/32, NT, Ext2 Yes, no DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 13
15 Evaluating Test Results If a test exhibits an anomaly 1. Look for hardware or procedural problem 2. Anomaly seen before 3. If unique, look at more cases 4. Examine similar anomalies DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 14
16 Refining the Test Procedure During dd testing some results seemed to indicate that the Linux environment was making a change to the source disk. After investigation we found that the problem was actually the test procedure. DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 15
17 Current Status Test reports for Linux dd & SafeBack 2.18 in final review Developing test cases for software hard drive write protect specification Running EnCase tests DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 16
18 Future Tasks Deleted file recovery specification Hardware hard disk write protect device specification Testing other disk imaging tools DFRWS 7 Aug 02 NIST/ITL/SDCT/CFTT 17
NIST CFTT: Testing Disk Imaging Tools
NIST CFTT: Testing Disk Imaging Tools James R. Lyle, Ph.D. Computer Scientist National Institute of Standards and Technology 1. Introduction There is a critical need in the law enforcement community to
The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary
The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary Jim Lyle National Institute of Standards and Technology 23 October 2006 10/18/2006 1 DISCLAIMER Certain trade names and
Deleted File Recovery Tool Testing Results
Deleted File Recovery Tool Testing Results Jim Lyle NIST 1 AAFS Washington CFTT Develop specifications for testing forensic tools Disk Imaging Write Blocking Drive erase for reuse Metadata based deleted
Digital Forensics at the National Institute of Standards and Technology
NISTIR 7490 Digital Forensics at the National Institute of Standards and Technology James R. Lyle Douglas R. White Richard P. Ayers NISTIR 7490 Digital Forensics at the National Institute of Standards
Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test. Reports; The Computer Forensics Tool Catalog Website: Connecting
Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test Reports; The Computer Forensics Tool Catalog Website: Connecting Forensic Examiners With the Tools They Need U.S. Cyber Crime Conference
Forensic Software Testing Support Tools Test Summary Report
NISTIR 7103-B Forensic Software Testing Support Tools Test Summary Report Serban Gavrila VDG, Inc. Elizabeth Fong Information Technology Laboratory National Institute of Standards and Technology Gaithersburg,
Mobile Device Forensics. Rick Ayers
Mobile Device Forensics Rick Ayers Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately.
Tableau TD3 Forensic Imager 1.3.0. Test Results for Digital Data Acquisition Tool
Tableau TD3 Forensic Imager 1.3.0 Test Results for Digital Data Acquisition Tool July 23, 2014 This report was prepared for the Department of Homeland Security Science and Technology Directorate Cyber
HAVE YOUR COMPUTER FORENSICS TOOLS BEEN TESTED?
Contact: James Lyle Computer Forensics Tool Testing Program Office of Law Enforcement Standards National Institute of Standards and Technology HAVE YOUR COMPUTER FORENSICS TOOLS BEEN TESTED? NIJ, DHS,
The Mobile Forensic Platform
DIGITAL FORENSIC RESEARCH CONFERENCE The Mobile Forensic Platform By Frank Adelstein From the proceedings of The Digital Forensic Research Conference DFRWS 2002 USA Syracuse, NY (Aug 6 th - 9 th ) DFRWS
Computer Forensics Standards:
Computer Forensics Standards: National Software Reference Library Computer Forensics Tool Testing Computer Forensics Reference Data Sets PDA Forensics Research Barbara Guttman bguttman@nist.gov September
Open Source Digital Forensics Tools
The Legal Argument 1 carrier@cerias.purdue.edu Abstract This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a
NISTIR 7276 The Impact of RAID on Disk Imaging
NISTIR 7276 The Impact of RAID on Disk Imaging Steve Mead Software Diagnostics & Conformance Testing Division, ITL National Institute of Standards and Technology NISTIR 7276 The Impact of RAID on Disk
Empirical Analysis of Solid State Disk Data Retention when used with Contemporary Operating Systems
DIGITAL FORENSIC RESEARCH CONFERENCE Empirical Analysis of Solid State Disk Data Retention when used with Contemporary Operating Systems By Christopher King and Timothy Vidas Presented At The Digital Forensic
Automated Windows Event Log Forensics
DIGITAL FORENSIC RESEARCH CONFERENCE Automated Windows Event Log Forensics By Rich Murphey Presented At The Digital Forensic Research Conference DFRWS 2007 USA Pittsburgh, PA (Aug 13 th - 15 th ) DFRWS
Course Title: Computer Forensic Specialist: Data and Image Files
Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements
Disclaimer of Liability: Redistribution Policy:
Disclaimer of Liability: With respect to this document, neither the Marshall University Forensic Science Center nor any of its employees, makes any warranty, express or implied, including the warranty
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION
" - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul
Computer Forensic Tools. Stefan Hager
Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important
DATA RECOVERY FUNCTION TESTING FOR DIGITAL FORENSIC TOOLS
Chapter 21 DATA RECOVERY FUNCTION TESTING FOR DIGITAL FORENSIC TOOLS Yinghua Guo and Jill Slay Abstract Many digital forensic tools used by investigators were not originally designed for forensic applications.
Paragon Backup Retention Wizard
Paragon Backup Retention Wizard User Guide Getting Started with the Paragon Backup Retention Wizard In this guide you will find all the information necessary to get the product ready to use. System Requirements
Digital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
Digital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
Intel ESB2 SATA RAID Setup Guidelines
Intel ESB2 SATA RAID Setup Guidelines Intel ESB2 SATA RAID Setup Guidelines After all the hardware has been installed, you must first configure Intel ESB2 SATA RAID Settings before you install the Windows
Hard Drive Installation Options Ontrack Data Recovery Technical Paper.2004
Hard Drive Installation Options Ontrack Data Recovery Technical Paper.2004 Ontrack Data Recovery and Disk Manager are trademarks or registered trademarks of Kroll Ontrack Inc. in the United States and/or
Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics
Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over
Recover My Files v5.2.1. Test Results for Video File Carving Tool
Recover My Files v5.2.1 Test Results for Video File Carving Tool October 22, 2014 This report w as prepared for the Department of Homeland Security Science and Technology Directorate Cyber Security Division
MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING
ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured
EnCase Endpoint Investigator Fundamentals 5/25/2016
EnCase Endpoint Investigator Fundamentals Guidance Software 1 About Us Tony Balzanto Tony Balzanto is an instructor in the Orlando, FL office of Guidance Software s Professional Development and Training
Integrate Microsoft Windows Hyper V
Integrate Microsoft Windows Hyper V EventTracker v7.x Publication Date: Aug 9, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract Hyper-V in Windows Server 2008 and
Updates Click to check for a newer version of the CD Press next and confirm the disc burner selection before pressing finish.
Backup. If your computer refuses to boot or load Windows or if you are trying to restore an image to a partition the Reflect cannot lock (See here), and then you will have to start your PC using a rescue
2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
A PRELIMINARY INFORMATION MODEL FOR A SUPPLY CHAIN SIMULATION
A PRELIMINARY INFORMATION MODEL FOR A SUPPLY CHAIN SIMULATION Y. Tina Lee 1, Charles McLean 1, Shigeki Umeda 2 1 National Institute of Standards and Technology, Gaithersburg, MD 20899-8260, USA {leet,
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition Objectives Determine the best acquisition method Plan data-recovery contingencies Use MS-DOS acquisition tools
Database Backup and Recovery Guide
Scout Diagnostics Database Backup and Recovery Guide P H 803. 358. 3600 F A X 803. 358. 3636 WWW.AVTECINC.COM 100 I N N O VAT I O N P L ACE, L E X I N G T O N SC 29072 Copyright 2013 by Avtec, Inc. All
Forensics on the Windows Platform, Part Two
1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation
Survey of Disk Image Storage Formats
Survey of Disk Image Storage Formats Version 1.0 Common Digital Evidence Storage Format Working Group Digital Forensic Research Workshop September 1, 2006 Digital data that could be used as evidence are
Linux in Law Enforcement
Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing
Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
How To Set Up Software Raid In Linux 6.2.2 (Amd64)
Software RAID on Red Hat Enterprise Linux v6 Installation, Migration and Recovery November 2010 Ashokan Vellimalai Raghavendra Biligiri Dell Enterprise Operating Systems THIS WHITE PAPER IS FOR INFORMATIONAL
Strategies for Firmware Support of Self-Encrypting Drives
presented by Strategies for Firmware Support of Self-Encrypting Drives UEFI Winter Plugfest February 21-23, 2011 Presented by Jeff Bobzin (Insyde Software, Inc.) Updated 2011-06-01 UEFI Plugfest February
Q-CERT Workshop. Matthew Geiger mgeiger@cert.org. 2007 Carnegie Mellon University
Memory Analysis Q-CERT Workshop Matthew Geiger mgeiger@cert.org 2007 Carnegie Mellon University Outline Why live system forensics? Previous techniques Drawbacks and new thinking Approaches to memory acquisition
Southwest District Health Nomination Narrative
EXECUTIVE SUMMARY Southwest District Health was created by the Idaho Legislature in 1970. The mission of the Health District is to promote and protect the health of people and their environment in Adams,
ITE RAID Controller USER MANUAL
ITE RAID Controller USER MANUAL 120410096E1N Copyright Copyright 2004. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated
Intel ICH7R/ICH9R/ICH10R HostRAID Setup Guidelines
Intel ICH7R/ICH9R/ICH10R HostRAID Setup Guidelines Intel ICH7R/ICH9R/ICH10R HostRAID Setup Guidelines After all hardware has been installed, you must fi rst confi gure the Intel SATA HostRAID settings
BlackLight v2016.1. Test Results for Mobile Device Acquisition Tool
BlackLight v2016.1 Test Results for Mobile Device Acquisition Tool May 25, 2016 This report was prepared for the Department of Homeland Security Science and Technology Directorate Cyber Security Division
WHITE PAPER. HP Guide to System Recovery and Restore
WHITE PAPER January 2003 Prepared By PSG Product Software Engineering Hewlett-Packard Company CONTENTS Purpose3 Using Safe Mode To Diagnose And Correct Problems 4 Using the Recovery Console To Repair Damaged
Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008
Best Practices Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008 Installation and Configuration Guide 2010 LSI Corporation August 13, 2010
Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
Instruction Guide Mentor/Coach Free Play Practice Event November 2015
Instruction Guide Mentor/Coach Free Play Practice Event November 2015 1 San Diego Mayor s Cup Mentor/Coach Practice Round Guide Table of Contents Introduction 3 Tips for Success 3 Round Times 3 Linux Virtual
Is the Open Way a Better Way? Digital Forensics using Open Source Tools
Is the Open Way a Better Way? Digital Forensics using Open Source Tools Dan Manson, Anna Carlin, Steve Ramos, Alain Gyger, Matthew Kaufman, Jeremy Treichelt California State Polytechnic University Computer
winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR
winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR Supervised by : Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT)-Jordan X-Ways Software Technology AG is a stock corporation
Digital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
Evidentiary Integrity for Incident Response (EIIR)
CYBER SECURITY DIVISION 2014 PRINCIPAL INVESTIGATORS MEETING Evidentiary Integrity for Incident Response (EIIR) Exelis Inc., Information Systems December 2014 This material is based on research sponsored
Lab - Dual Boot - Vista & Windows XP
Lab - Dual Boot - Vista & Windows XP Brought to you by RMRoberts.com After completing this lab activity, you will be able to: Install and configure a dual boot Windows XP and Vista operating systems. Explain
National Information Assurance Partnership
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report NetIQ Security Manager Version 5.5 Report Number: CCEVS-VR-07-0058 Dated: 9 August 2007
Case 9:14-cr-80031-KAM Document 135 Entered on FLSD Docket 07/27/2015 Page 1 of 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA
Case 9:14-cr-80031-KAM Document 135 Entered on FLSD Docket 07/27/2015 Page 1 of 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA UNITED STATES OF AMERICA CASE NO. 14-80031-CR-MARRA(s)(s) vs.
EnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
Case Study: Data Recovery Raid 5
Case Study: Data Recovery Raid 5 Software: Getway Raid Recovery 2.0; RAID Type: RAID 5 with 3 drives, 1 drive defect; Factory Type: IBM Malfunction Description: Sudden RAID damaged, all in the state of
Image Verification. Finding Feature Information. Restrictions for Image Verification
The feature allows users to automatically verify the integrity of Cisco IOS images. Thus, users can be sure that the image is protected from accidental corruption, which can occur at any time during transit,
Instruction Guide Practice Round 2 High School August 2015
Instruction Guide Practice Round 2 High School August 2015 1 Maryland Cyber Challenge Practice Round Instruction Guide Table of Contents Introduction 3 Tips for Success 3 Round Times 3 Linux Virtual Machine
RAID Rebuilding. Objectives CSC 486/586. Imaging RAIDs. Imaging RAIDs. Imaging RAIDs. Multi-RAID levels??? Video Time
Objectives 00:13 CSC 486/586 RAID Rebuilding In your previous module, you learned about RAID technology, including hardware and software RAIDs. In this module you will learn about the issues you need to
RAID installation guide for Silicon Image SiI3114
RAID installation guide for Silicon Image SiI3114 Contents Contents 2 1 Introduction 4 1.1 About this Guide 4 1.2 The Basics 4 1.2.1 What is RAID? 4 1.2.2 Advantages of RAID 4 1.2.3 Disadvantages of RAID
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
Understanding NTFS Hard Links, Junctions and Symbolic Links
Understanding NTFS Hard Links, Junctions and Symbolic Links Author: Conrad Chung, 2BrightSparks Introduction Microsoft has implemented linking tools in its NTFS operating file systems since Windows NT
TECHNICAL OPERATIONS DIVISION LESSON PLAN
U.S. DEPARTMENT OF HOMELAND SECURITY FEDERAL LAW ENFORCEMENT TRAINING CENTER OFFICE OF TRAINING OPERATIONS TECHNICAL OPERATIONS DIVISION LESSON PLAN FORENSIC HARDWARE 3245 SEP/10 WARNING This document
Applications of Data Recovery Tools to Digital Forensics: Analyzing the Host Protected Area with the PC-3000
Applications of Data Recovery Tools to Digital Forensics: Analyzing the Host Protected Area with the PC-3000 Richard Leickly and David Angell Circle Hook Data Recovery { Richard, David}@CircleHookDR.com
COWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Prerequisites: Basic
GPT hard Disk Drives. For HP Desktops. Abstract. Why GPT? April 2011. Table of Contents:
GPT hard Disk Drives For HP Desktops April 2011 Table of Contents: Abstract... 1 Why GPT?... 1 GPT vs MBR... 2 Bootable vs Data Drives and UEFI BIOS... 4 OS Support... 6 Storage Driver Support... 6 Imaging
Intel ICH7R/ICH9R HostRAID Setup Guidelines
Intel ICH7R/ICH9R HostRAID Setup Guidelines Intel ICH7R/ICH9R HostRAID Setup Guidelines After all the hardware has been installed, you must fi rst confi gure the Intel SATA HostRAID before you install
PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CAP 2140 COURSE TITLE: Data Forensics I PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120 COREQUISITE(S):
Intel RAID Web Console 2 and StorCLI Command Line Tool
SOLUTIONS Brief Intel RAID Web Console 2 and StorCLI Command Line Tool Powered by LSI* MegaRAID technology Instant access, intuitive configuration/navigation, easy standard storage management and advanced
Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
Digital Forensics for IaaS Cloud Computing
Digital Forensics for IaaS Cloud Computing June 26, 2012 The views expressed in this presentation are mine alone. Reference to any specific products, process, or service do not necessarily constitute or
EMERGENCY DISK RESTORE OPTION (AO-70185 REV EA) OPTION EDR
EMERGENCY DISK RESTORE OPTION (AO-70185 REV EA) OPTION EDR BURNY SERIES 10 OPTION: EMERGENCY DISK RESTORE AO-70185 REV EA Table Of Contents 1 EMERGENCY DISK RESTORE... 3 1.1 INTRODUCTION...3 1.2 OBTAIN
UEFI on Dell BizClient Platforms
UEFI on Dell BizClient Platforms Authors: Anand Joshi Kurt Gillespie This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided
PROTECTING SYSTEMS AND DATA PASSWORD ADVICE
PROTECTING SYSTEMS AND DATA PASSWORD ADVICE DECEMBER 2012 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute
Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive
Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive This guide explains how to create and use a Rescue USB flash drive to reinstall and recover the ExtraHop system. When booting
technical brief Multiple Print Queues
technical brief in HP Overview HP has the ability to create shared printer queues on a remote machine to help ease the task that administrators face on a regular basis. Print queue creation of the following
Intel Matrix Storage Console
Intel Matrix Storage Console Reference Content January 2010 Revision 1.0 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE,
Open Source Data Recovery
Open Source Data Recovery Options and Techniques CALUG MEETING October 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing only myself
Open Vulnerability and Assessment Language (OVAL ) Validation Program Test Requirements (DRAFT)
NIST Interagency Report 7669(Draft) Open Vulnerability and Assessment Language (OVAL ) Validation Program Test Requirements (DRAFT) John Banghart Stephen Quinn David Waltermire NIST Interagency Report
Significance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
Legal Notices. AccessData Corp.
Legal Notices AccessData Corp. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability
Digital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer
New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good
Secure SCADA Communication Protocol Performance Test Results
PNNL-17118 Secure SCADA Communication Protocol Performance Test Results M.D. Hadley K.A. Huston August 2007 Prepared for U.S. Department of Energy Office of Electricity Delivery and Energy Reliability
Monitoring QNAP NAS system
Monitoring QNAP NAS system eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
PRODISC VER. Computer Forensics Family. User Manual. Version 4.8 9/06
PRODISC VER Computer Forensics Family User Manual Version 4.8 9/06 Copyright 2003-2006 Technology Pathways, LLC. All rights reserved. This manual, as well as the software described in it, are furnished
Intel Rapid Storage Technology
Intel Rapid Storage Technology User Guide August 2011 Revision 1.0 1 Document Number: XXXXXX INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
Firmware Update Instructions for Crucial Client SSDs
Firmware Update Instructions for Crucial Client SSDs Overview By using this guide, a user can perform a firmware update on Crucial Client SSDs installed in a personal computing environment, referred to
ELECTRONIC SIGNATURE AGREEMENT
ELECTRONIC SIGNATURE AGREEMENT 1. Agreement If you contract with us electronically or otherwise request documentation or disclosures electronically, you specifically consent and agree that we may provide
Edge-based Virus Scanning
APPLICATION NOTE Edge-based Virus Scanning 658 Gibraltar Court Milpitas, CA 95035 Phone: 408-635-8400 Fax: 408-635-8470 www.servgate.com i Edge-based Virus Scanning APPLICATION NOTE All product names referenced
MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF THE ENTERPRISE DATA WAREHOUSE DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET August 2014 Doug A. Ringler, C.P.A., C.I.A. AUDITOR