Live View. A New View On Forensic Imaging. Matthiew Morin Champlain College

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Live View. A New View On Forensic Imaging. Matthiew Morin Champlain College"

Transcription

1 Live View A New View On Forensic Imaging Matthiew Morin Champlain College

2 Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View. This analysis will include an introduction to the program, a demonstration and description of the functionality of the program and finally the benefits of this program and how it will have a future impact on the digital forensics industry. This paper will also include a brief overview of past and current forensic imaging techniques and how they compare with the use of Live View to conduct a forensic analysis of a system. The concept of virtualization of computer systems has been around for a number of years now, but it has been quickly gaining popularity throughout various computer-related industries. In many industries virtualization can help reduce energy costs and save space, however virtualization is able to support an entirely different role in the forensic field. Running a computer system in a virtual environment can be extremely beneficial from a forensic perspective, mainly because the system can be easily isolated from many variables as well as easily restored to a previous state. Live View takes the convenience and efficiency of virtualization and takes it one step further by allowing current forensic imaging tools and practices to interface with a virtual environment, such as one found in VMware. Live View allows for a raw disk image or a physical disk to be converted to a virtual image and accessed through VMware just as if the system was actually running, all without modifying any of the data found on the disk or image.

3 Morin 2 Acknowledgments This paper is a product of research and testing scenarios; however, it may also act as an introduction and guide to the Live View software. For the scope of this paper, the only operating system that was tested and analyzed was Microsoft Windows XP Service Pack 2; however, Live View supports versions of Microsoft Windows 98 to Microsoft Windows Server 2008; this also includes the Microsoft Server operating systems. The Live View version used during the research for this paper was 0.7b, the most current version at the time of research. The imaging software used was FTK Imager Version and the version of VMware used was Version 7.0. The Microsoft Windows XP machine was configured as a VMware machine in order to keep the size of the forensic image low to reduce the amount of time needed to create the initial image. In addition, the machine was imaged in a live environment; however, no changes were documented, as there was to be no forensic analysis of the machine. The image was only used to verify that Live View would convert a raw disk image to a virtual machine.

4 Morin 3 Disk Imaging Perhaps one of the most important steps in the process of digital forensics is the process of data mirroring, more commonly known as disk imaging. While all of the steps in the forensic process need to function together to correctly conduct a forensic investigation, the process of disk imagining acts as the most pivotal role in the entire process. There are many ways to define disk imagining; however, a few widely accepted definitions have emerged as the field of digital forensics has grown. Jim Bates, the Technical Director of Computer Forensics Ltd, defines disk imaging as; An image of the whole disk [copied]. This [is] regardless of any software on the disk and the important point [is] that the complete content of the disk [is] copied including the location of the data. Disk imaging takes a sector-by-sector copy usually for forensic purposes and as such it will contain some mechanism to prove that the copy is exact and has not been altered. It does not necessarily need the same geometry as the original as long as arrangements are made to simulate the geometry if it becomes necessary to boot into the acquired image (Saudi 3). It is the process of disk imaging that allows a forensic investigator to view the contents of a storage media or computer without altering the original data in anyway. The process of disk imaging can be described in three general steps. The first step is to first acquire the original storage media, this storage media can be any number of pieces of evidence that are acquired from a secure crime scene. The storage media can be a Compact Disk (CD), a USB flash drive, an internal hard drive or any other hardware that can be used to store digital data. The next step in the process is to create an image of the storage media. At this step, the forensic investigator can approach the imaging process in one of two ways; the investigator can create a bit-for-bit copy or the investigator can create a bit-stream copy of the original storage media. The details of these two options will be discussed at a later point in this paper. Additionally at this stage, the forensic investigator should also choose the proper storage media that will contain the forensic image. When deciding this, the investigator should take into account the size of the image file, the time needed to image the file and the duration of the investigation. The third and final step of the disk imaging process is to verify the image of the original storage media. In this step the forensic investigator will compare the encrypted hash values of both the original storage media and the newly created image. In addition, the

5 Morin 4 investigator will also verify the chain of custody. The phrase chain of custody refers to the accurate auditing and control of original evidence material that could potentially be used for legal purposes there should be accurate logs tracking the movement and possession of evidence material at all times (Gast). As aforementioned, there are two options that the forensic investigator must decide upon when creating a forensic image. The investigator must decide between the use of a bit-for-bit image of the original data or a bit-stream image of the original data. It is important to note that while the ways in which these images are created differ slightly from one another, they are both acceptable methods as defined by the National Institute of Standards and Technology (NIST). The first option, a bit-for-bit image, is perhaps the most ideal way to create an image of the storage media. A bit-for-bit image is an exact clone of the original storage media, the tool used to forensically image the storage media duplicates each individual bit and creates a file of raw data commonly known as a dd image. This form of image is commonly used for any time of storage media as well as for computers that were not found powered off at the crime scene. The second option, the bit-stream image, requires a different process of imaging. Instead of duplicating the original storage media bit-for-bit, it duplicates the original storage media cylinder-by-cylinder or sectorby-sector. While both of these methods provide an exact clone of the storage media, the bitstream image, commonly known as a live image, is used to image a computer system that is powered on at the crime scene. This form of imaging becomes extremely useful when the storage media or system that needs to be imaged cannot be powered off or taken offline.

6 Morin 5 While there are many ways to simply copy files on computer systems; however, tools used to create a forensic image of a disk must meet specific requirements that have been adopted by NIST. The required features of a forensic imaging tool. (NIST) These requirements are created to help establish a standard of forensic imaging tools within the digital forensic field. These requirements aim to ensure that forensic tools on the market are both technically and legally unflawed. They also ensure that forensic tools that are released are able to obtain as much data as possible to aid the investigative and analytics of the acquired data.

7 Morin 6 Concerns and Issues As the practice of digital forensics continues to grow throughout the industry, many professionals and individuals are gaining a deeper understanding of how a computer system operates and how the process of forensic imaging applies to the investigation; however, there are still issues and concerns about the forensic imaging process. One of the most pressing and important issues to address in regards to the forensic imaging process is the integrity and validity of the cloned image. [The main concern with a] disk imaging tool is whether it produces a copy that is exactly the same as the original. Users scare that if they use disk imaging tools, it might alter the layout of the copy in computer forensics, priority and emphasis are on accuracy and evidential integrity and security it is essential to have a forensically sound copy from original evidence (Saudi 4). It is possible for much of the digital data collected from a crime scene to be dangerously volatile, in which the data could easily become corrupt or altered. As such, NIST and other leading forensic organizations have created strict guidelines for a forensic investigation, which must be adhered to at all times. Not only do these guidelines ensure that the evidence stays secure and unaltered but they also ensure that the investigation is legally flawless. As the field of digital forensics has progressed over the past few years, there have been many advances in the techniques and tools used to protect the security and integrity of data acquired from a crime scene. These new tools and practices are constantly being reviewed and revised as new technologies are developed and current technologies and methods are being adapted to fulfill the needs of the forensic investigators. One such example of a tool on the forefront of the digital forensics field is the forensic tool Live View.

8 Morin 7 Live View In short, Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk, [allowing] the forensic examiner to boot up the image (Live View). The Live View program features a simple and intuitive interface that accomplishes a vital technical task. The program can be extremely useful to a forensic investigator as it allows them to run the computer system that is being examined exactly as it existed when it was imaged. The examiner is able to do all this without ever altering the forensic image. This unprecedented access is granted by a unique file that Live View generates when the VMware virtual machine is created from the image. When the VMware virtual machine is powered on, all of the changes that are made to the virtual machine are written to a temporary cover file. VMware interprets this file as part of the original image and as a result, no information is changed, written to or deleted from the forensic image. If the forensic investigator needs to revert back to the original image, they need only to clear the cover file generated by Live View. Additionally, Live View includes many other benefits and functionality to a forensic investigator; Live View is not only able to create a virtual machine from a dd image, such as one created by a bit-for-bit clone but it is also able to create a virtual machine from a physical disk image, such as one created from a bit-stream clone. In addition to an array of image options, Live View is also able to complete many technical tasks dealing with hardware compatibility and boot sectors. Some of these [tasks] include: resolving hardware conflicts resulting from booting on hardware other than that on which the OS was originally installed; created a customized MBR for partition-only images; and correctly specifying a virtual disk to match the original image or physical disk (Live View). Live View features a clean and intuitive interface that provides all of the necessary configuration options to ensure that the virtual machine is successfully created and the forensic image is in no way altered.

9 Morin 8 The Main Live View Window The main Live View window presents all of the configuration options needed to create a virtual machine from the forensic image. Live View allows the investigator to manually set the amount of Random Access Memory (RAM) used on the virtual machine; this option helps mimic the original system as closely as possible. The system time option allows the examiner to set the time of the virtual machine to any desired time. This option is particularly important as it can thwart any attempts of an attack triggered by the system time reaching a certain point; this attack is commonly known as a time bomb attack. Live View is also equipped with an operating system automatic detection feature; this feature detects the operating system present on the forensic image and creates the virtual machine based on that detection. Additionally the investigator can manually select the operating system to install on the virtual machine.

10 Morin 9 The next feature allows the investigator to select the source of the image; this can be either a raw dd image or an image on a physical disk. The next option prompts the investigator for the output location of the VMware virtual machine files, this location can be anywhere on the host system or the network that it is connected to. The final option allows the investigator to create the virtual machine files and launch the virtual machine or just create the virtual machine files and choose to launch it later. The final step is to click the Start button. When the start button is clicked the investigator is prompted with this dialogue box: Live View Read-Only Setting Dialogue Box This prompted option provides an additional layer of security in addition to the cover file. In the unlikely case that the forensic image would be accessed, this option will make writing or changing the forensic image impossible, although, all changes are written to the cover file above the virtual machine so it is unlikely that the forensic image would ever be accessed.

11 Morin 10 After the virtual machine configuration options are properly set, Live View will commence the creation of the VMware virtual machine. The box entitled Messages at the lower part of the main Live View window displays the current configuration step as well as any errors that occurred during the creation of the virtual machine. Live View Message Window Once Live View has successfully created the virtual machine configuration files, it will automatically launch the VMware application and power on the created virtual machine

12 Morin 11 One of the most useful and intriguing features of the Live View program is its ability to easily revert back to the original state of the forensic image that the virtual machine was created from. When a forensic investigator configures a virtual machine using Live View, the program searches the host system for other instances of virtual machines created with that forensic image and prompts the investigator with the options to continue working with the virtual machine or to start over. Previously Launched Image Dialogue Box The Continue option will launch the last instance of a virtual machine created with that image from the point it was terminated. The Start Over option will clear the cover file that the changes were written to, giving the forensic investigator a new, unaltered instance of the forensic image.

13 Morin 12 Comparison As mentioned earlier in this paper, the tool set used to conduct a digital forensic investigation using a virtual environment is limited and very specific. There are only a few tools available that can create a virtual machine out of an acquired forensic image and maintain a precise level of data integrity. In terms of comparison to the functionality of Live View, there are two tools in particular that are worth mentioning: Mount Image Pro and Virtual Forensic Computing (VFC), both developed by Get Data Software Development Company. Mount Image Pro is not specifically a virtual environment in that it does not create a virtual machine that can be started and examined; rather, it mounts a forensic image as a readable disk on the host machine. With an image mounted in such away, the host operating system is able to interact with it as if it were a secondary disk physically attached to the computer. This technique provides many advantages for a forensic examiner; for example, the examiner could browse through the file structure looking for any suspiciously named files and retrieve them from the image. Additionally, other forensic tools and programs can be run pointed toward the mounted image; such programs can include virus and malware scanners and file recovery tools. Similar to Live View, Mount Image Pro is able to mount a full array of file types including Encase images, DD images as well as virtual machine files such as VMware and Microsoft Virtual PC. Additional functionality comes from the ability to mount a Redundant Array of Independent Disks (RAID) configuration, to display unallocated disk space and to show deleted files present within the forensic image. Of course, Mount Image Pro is able to provide this functionality while still maintaining the complete integrity of the data; however, the ability to run tools against and examine the file structure at a fairly basic level is the upper limit of functionality that the program can provide. In order to create an environment comparable to Live View the VFC program must work in conjunction with Mount Image Pro. Additionally, Mount Image Pro is a commercial piece of software developed and distributed exclusively by Get Data Software Development Company. As a result of this, it is necessary to pay a fee to obtain a license to use the program; this also

14 Morin 13 means that the source code of Mount Image Pro is not readily available and cannot be accessed or modified. As mentioned above; two programs, Mount Image Pro and VFC, must be used to create an environment that is comparable to Live View. The second component, VFC, is the software that interprets the mounted image and creates a virtual machine file from that data. VFC is a quick and responsive program that can start an image that has been mounted by Mount Image Pro utilizing VMware. Just as with Live View, the forensic data remains completely unaltered and allows the examiner to change various settings about the virtual machine to create an optimal investigation environment. In addition to many features similar to Live View, VFC offers a few extra features that can greatly increase the efficiency of a forensic investigation. One such feature is the ability to overwrite the password of a user account on the virtual machine. This saves a large amount of time as it eliminates the need for the investigator to get the password from the suspect or spend the time cracking the password with a third-party program. However, similar to Mount Image Pro, VFC requires a commercial licensed that is purchased through Get Data and it does not have its source code readily available. Taking all of these facts into consideration, it is apparent that both Live View and Get Data s two programs are reputable platforms from which to conduct a forensic investigation. When determining what set of software to use, there are a few important points to remember; first, Live View is an open source program licensed under the GNU Public License. This means that Live View s source code can be examined and tweaked by members of the professional community to provide further enhancements to the program; additionally, Live View is available at no cost to the user. Second, VFC contains an extra set of features over Live View that may be desirable to some forensic investigators. Such features can overcome some of the most difficult problems encountered during a forensic investigation. Finally, Live View is able to run without any supporting software, with the exception of Java and VMware. VFC requires Mount Image Pro to even begin examining a forensic image; both of which have to be activated with a commercial license.

15 Morin 14 Conclusion There has been much skepticism and caution taken around the forensic imaging process, as it is crucial to ensure that no evidence is destroyed or modified in the collection and analysis of the evidence. As the digital forensics field continues to grow and the demand for digital forensic investigations increases, forensic investigators are forced to find more efficient and secure ways of collecting and analyzing the data involved with the investigation. One such tool that is at the forefront of forensic analysis is the program Live View. This tool allows a forensic investigator to create a VMware virtual machine from a forensic image and access the image without ever changing any data in the forensic image, providing the investigator with unprecedented access to the image.

16 Morin 15 Definitions Digital Forensics: A sub-division of forensic science, also known as computer and network forensics, is considered to be the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a string chain of custody for the data. Disk image: A virtual representation of a real disk drive. Forensic Science: is generally defined as the application of science to the law. Host Machine: The physical computer hardware and operating system that a virtual machine is run on. Master Boot Record (MBR): The data found at the beginning of a storage device that initiates the startup process of a computer system. Random Access Memory (RAM): A piece of computer hardware that is responsible for temporarily storing data that is to be quickly accessed by other hardware components. Redundant Array of Independent Disks (RAID): A configuration of two or more disks that stores data across all disks present in the array. This configuration can be used to perform quicker read and write times as well as to create a redundant set of data. Storage Media: Any form of electronic device that can contain or store electronic data. Storage Media is a general term for a large variety of devices which include, but are not limited to: hard drives, USB storage devices, CD-ROMs, DVD-ROMs, Floppy Disks, etc. The National Institute of Standards and Technology (NIST): The NIST is a federal technology agency that works with industry to develop and apply technology, measurements and standards.

17 Morin 16 Virtual Machine: A simulated environment created by virtualization. Virtualization: The simulation of the software and/or hardware upon which other software runs. This simulated environment is called a virtual machine (VM).

18 Morin 17 Works Cited Brown, Christopher L. T. "Imaging Methodologies." Computer Evidence: Collection and Preservation. 2nd ed. Boston, MA: Charles River Media/Cengage Learning, Print. Digital Data Acquisition Tool Specification. Tech. National Institute of Standards and DDA-Require.pdf>. Gast, Ty. "Forensic Data Handling." Forensic Data Handling. Cybertrust, Inc. Web. 10 Dec < Kent, Karen, Suzanne Chevalier, Tim Grance, and Hung Dang. "Guide to Integrating Forensic Techniques into Incident Response." Nist.gov. The National Institute of Standards and Technology, Aug Web. 21 July < Mamoun, Sitalakshmi Venkatraman, and Paul Watters. "Effective Digital Forensic Analysis of the NTFS Disk Image." UbiCC Journal 4.3 (2009). Ubiquitous Computing and Communication Journal. UbiCC, Web. 10 Dec < "Mount Image Pro V5 - Forensic Software (Released May 2012)." Computer Forensics Software: Mount EnCase Images and DD Images. Get Data Software Development Company, n.d. Web. 26 July < Technology, 4 Oct Web. 10 Dec < Saudi, Madihah Mohd. An Overview of Disk Imaging Tool in Computer Forensics. Tech. System Administration, Networking, and Security Institute, Web. 10 Dec <

19 Morin 18 Scarfone, Karen, Murugiah Souppaya, and Paul Hoffman. "Guide to Security for Full Virtualization Technologies." Nist.gov. The National Institute of Standards and Technology, Jan Web. 21 July < "Virtual Forensic Computing (VFC): Boot Mounted EnCase Images." Virtual Forensic Computing. Use VFC to Boot EnCase or DD Forensic Evidence Files. Get Data Software Development Company, n.d. Web. 01 Aug <

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows : Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows

More information

Live System Forensics

Live System Forensics Live System Forensics By: Tim Fernalld & Colby Lahaie Patrick Leahy Center for Digital Investigation Champlain College 2/22/12 Contents Contents... 1 1 Introduction... 2 1.1 Research Statement... 2 1.2

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Steven Kaplan, CISSP, CISA Accuvant skaplan@accuvant.com Sandra Bittner, CISSP Arizona Public Service Palo Verde Nuclear Generating Station

Steven Kaplan, CISSP, CISA Accuvant skaplan@accuvant.com Sandra Bittner, CISSP Arizona Public Service Palo Verde Nuclear Generating Station Steven Kaplan, CISSP, CISA Accuvant skaplan@accuvant.com Sandra Bittner, CISSP Arizona Public Service Palo Verde Nuclear Generating Station The Challenge: Commercial generation facilities must identify

More information

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013) 1 Laplink DiskImage 7 Professional Laplink Software, Inc. Customer Service/Technical Support: Web: http://www.laplink.com/contact E-mail: CustomerService@laplink.com Laplink Software, Inc. 600 108th Ave.

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

System Recovery in Next to No Time by Jürgen Heyer

System Recovery in Next to No Time by Jürgen Heyer Product Test : Storagecraft ShadowProtect Server Edition 3.3 System Recovery in Next to No Time by Jürgen Heyer The advantages of an image-based backup system become obvious when a server fails to start

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

Forensic Acquisition and Analysis of VMware Virtual Hard Disks

Forensic Acquisition and Analysis of VMware Virtual Hard Disks Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology

More information

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can

More information

Retrospect 7.7 User s Guide Addendum

Retrospect 7.7 User s Guide Addendum Retrospect 7.7 User s Guide Addendum 2011 Retrospect, Inc. All rights reserved. Retrospect 7.7 Users Guide Addendum, first edition. Use of this product (the Software ) is subject to acceptance of the license

More information

Installing and Upgrading to Windows XP

Installing and Upgrading to Windows XP Installing and Upgrading to Windows XP Although Windows XP was released many years ago, you will still see it in the field and might need to install it as well, or upgrade older Windows computers to XP.

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information

How to recover a failed Storage Spaces

How to recover a failed Storage Spaces www.storage-spaces-recovery.com How to recover a failed Storage Spaces ReclaiMe Storage Spaces Recovery User Manual 2013 www.storage-spaces-recovery.com Contents Overview... 4 Storage Spaces concepts and

More information

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University Security Consultant Scenario INFO 517-900 Term Project Drexel University Author Note This paper was prepared for INFO-517-900 taught by Dr. Scott White. Table of Contents ABSTRACT.1 THE INTERVIEW...2 THE

More information

Land Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation

Land Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation Land Information New Zealand (LINZ) SALT Database Migration from original hardware to virtualised hardware: Process Documentation Contents Migration from original hardware to virtualised hardware: Process

More information

USB Bare Metal Restore: Getting Started

USB Bare Metal Restore: Getting Started USB Bare Metal Restore: Getting Started Prerequisites Requirements for the target hardware: Must be able to boot from USB Must be on the same network as the Datto device Must be 64 bit hardware Any OSs

More information

How to Encrypt your Windows 7 SDS Machine with Bitlocker

How to Encrypt your Windows 7 SDS Machine with Bitlocker How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly

More information

RECOVERING FROM SHAMOON

RECOVERING FROM SHAMOON Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past

More information

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0 UltraBac Documentation UBDR Gold Bare Metal Disaster Recovery Administrator Guide UBDR Gold v8.0 UBDR Administrator Guide UBDR Gold v8.0 The software described in this guide is furnished under a license

More information

Acronis True Image 2015 REVIEWERS GUIDE

Acronis True Image 2015 REVIEWERS GUIDE Acronis True Image 2015 REVIEWERS GUIDE Table of Contents INTRODUCTION... 3 What is Acronis True Image 2015?... 3 System Requirements... 4 INSTALLATION... 5 Downloading and Installing Acronis True Image

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

NovaBACKUP. User Manual. NovaStor / November 2011

NovaBACKUP. User Manual. NovaStor / November 2011 NovaBACKUP User Manual NovaStor / November 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without

More information

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

Windows Server 2008 R2 Essentials

Windows Server 2008 R2 Essentials Windows Server 2008 R2 Essentials Installation, Deployment and Management 2 First Edition 2010 Payload Media. This ebook is provided for personal use only. Unauthorized use, reproduction and/or distribution

More information

Windows 8 Backup, Restore & Recovery By John Allen

Windows 8 Backup, Restore & Recovery By John Allen Windows 8 Backup, Restore & Recovery By John Allen Restore and recovery options for Windows 8 are different to earlier versions of Windows, and, of course, the terminology has changed. These are a lot

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation

More information

Quick Start - Virtual Server idataagent (Microsoft/Hyper-V)

Quick Start - Virtual Server idataagent (Microsoft/Hyper-V) Page 1 of 31 Quick Start - Virtual Server idataagent (Microsoft/Hyper-V) TABLE OF CONTENTS OVERVIEW Introduction Key Features Complete Virtual Machine Protection Granular Recovery of Virtual Machine Data

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

SOS Suite Installation Guide

SOS Suite Installation Guide SOS Suite Installation Guide rev. 8/31/2010 Contents Overview Upgrading from SOS 2009 and Older Pre-Installation Recommendations Network Installations System Requirements Preparing for Installation Installing

More information

Pervasive PSQL Product Authorization

Pervasive PSQL Product Authorization Pervasive PSQL Product Authorization A Pervasive Software Whitepaper 7/21/2011 Table of Contents Pervasive PSQL Product Authorization... 3 Introduction... 3 Product Authorization Basics... 3 Key Generation

More information

Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0

Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0 Technical Note Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0 This technical note describes the process for migrating an existing Windows PC to run as a virtual machine with VMware Fusion

More information

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection www.starwindsoftware.com Copyright 2008-2011. All rights reserved. COPYRIGHT Copyright

More information

Symantec Drive Encryption for Windows

Symantec Drive Encryption for Windows Symantec Drive Encryption for Windows Technical Note 10.3 Released January 2014. Legal Notice Copyright (c) 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo,

More information

Reviewer s Guide. EaseUS Backup Solution. EaseUS Todo Backup Reviewer s Guide 1. Contents Introduction... 2. Chapter 1...3

Reviewer s Guide. EaseUS Backup Solution. EaseUS Todo Backup Reviewer s Guide 1. Contents Introduction... 2. Chapter 1...3 EaseUS Todo Backup Reviewer s Guide Reviewer s Guide Contents Introduction... 2 Chapter 1...3 What is EaseUS Todo Backup?...3 Versions Comparison... 4 Chapter 2...7 Using EaseUS Todo Backup...7 Backup...7

More information

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

Recover Tab & RecoverAssist User Guide

Recover Tab & RecoverAssist User Guide Recover Tab & RecoverAssist User Guide Contents 1. Introduction... 2 Documentation... 2 Licensing... 2 Overview... 2 2. Creating a RecoverAssist recovery media... 3 Considerations... 3 The media creation

More information

How to enable Disk Encryption on a laptop

How to enable Disk Encryption on a laptop How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data

More information

Computer Forensic Analysis in a Virtual Environment

Computer Forensic Analysis in a Virtual Environment Computer Forensic Analysis in a Virtual Environment Derek Bem Ewa Huebner University of Western Sydney, Australia Abstract In this paper we discuss the potential role of virtual environments in the analysis

More information

Oracle Server Backup User Guide

Oracle Server Backup User Guide Oracle Server Backup User Guide TABLE OF CONTENTS Introduction... 2 Oracle Server Backup... 3 Features... 3 Requirements for Oracle server backup... 3 How to enable ARCHIVELOG Mode... 3 System Requirements...

More information

Digital Forensics, ediscovery and Electronic Evidence

Digital Forensics, ediscovery and Electronic Evidence Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics

More information

Introduction to BitLocker FVE

Introduction to BitLocker FVE Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk

More information

Integrate Microsoft Windows Hyper V

Integrate Microsoft Windows Hyper V Integrate Microsoft Windows Hyper V EventTracker v7.x Publication Date: Aug 9, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract Hyper-V in Windows Server 2008 and

More information

Best Practice Document Hints and Tips

Best Practice Document Hints and Tips Marshal Ltd. Date: 02/06/2007 Marshal EndPoint Security From Best Practice Document Hints and Tips Marshal Software Ltd CSL 005 Marshal EndPoint Security Best Practice (2) Privacy Control: None Version:

More information

2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12

2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12 USER'S GUIDE Table of contents 1 Introduction...3 1.1 What is Acronis True Image 2015?... 3 1.2 New in this version... 3 1.3 System requirements... 4 1.4 Install, update or remove Acronis True Image 2015...

More information

Click to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4.

Click to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4. Chapter 8 Objectives Chapter 8 Operating Systems and Utility Programs Identify the the types types of of system software Summarize the the startup process on on a a personal computer Describe the the functions

More information

Installing and Upgrading to Windows 7

Installing and Upgrading to Windows 7 Installing and Upgrading to Windows 7 Before you can install Windows 7 or upgrade to it, you first need to decide which version of 7 you will use. Then, you should check the computer s hardware to make

More information

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science

More information

Using. Microsoft Virtual PC. Page 1

Using. Microsoft Virtual PC. Page 1 Using Microsoft Virtual PC T4 Page 1 Microsoft Virtual PC Microsoft Virtual PC allows multiple Guest Operating Systems (Virtual Machines) to run using the resources of the Host Operating System (The PC

More information

Incident Response & Forensics In The Cloud 2013 SANS

Incident Response & Forensics In The Cloud 2013 SANS MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFE, GCFA, GSEC, VCP4/5, vexpert Senior SANS Instructor - phenry@sans.org 1 A Lot To Cover In ½ An Hour We simply can not cover all cloud

More information

Survey of the Operating Landscape Investigating Incidents in the Cloud

Survey of the Operating Landscape Investigating Incidents in the Cloud Survey of the Operating Landscape Investigating Incidents in the Cloud SESSION ID: CSV-T09 Paul A. Henry Security & Forensics Analyst vnet Security, LLC @phenrycissp Jacob Williams Chief Scientist CSRgroup

More information

Lecture 6: Operating Systems and Utility Programs

Lecture 6: Operating Systems and Utility Programs Lecture 6: Operating Systems and Utility Programs Chapter 8 Objectives Identify the types of system software Summarize the startup process on a personal computer Summarize the features of several stand-alone

More information

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE. Computer Basics and Virtual Machines. www.uscyberpatriot.

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE. Computer Basics and Virtual Machines. www.uscyberpatriot. AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE Computer Basics and Virtual Machines www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER

More information

Applications of Data Recovery Tools to Digital Forensics: Analyzing the Host Protected Area with the PC-3000

Applications of Data Recovery Tools to Digital Forensics: Analyzing the Host Protected Area with the PC-3000 Applications of Data Recovery Tools to Digital Forensics: Analyzing the Host Protected Area with the PC-3000 Richard Leickly and David Angell Circle Hook Data Recovery { Richard, David}@CircleHookDR.com

More information

Cloning Utility for Rockwell Automation Industrial Computers

Cloning Utility for Rockwell Automation Industrial Computers Technical Data Cloning Utility for Rockwell Automation Industrial Computers Topic Page About the Cloning Utility 2 Recovery Partition Considerations 2 Prepare to Boot from the Accessories CD 3 Start the

More information

Digital Forensics for IaaS Cloud Computing

Digital Forensics for IaaS Cloud Computing Digital Forensics for IaaS Cloud Computing June 26, 2012 The views expressed in this presentation are mine alone. Reference to any specific products, process, or service do not necessarily constitute or

More information

Availability Guide for Deploying SQL Server on VMware vsphere. August 2009

Availability Guide for Deploying SQL Server on VMware vsphere. August 2009 Availability Guide for Deploying SQL Server on VMware vsphere August 2009 Contents Introduction...1 SQL Server 2008 with vsphere and VMware HA/DRS...2 Log Shipping Availability Option...4 Database Mirroring...

More information

LOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011

LOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011 LOCKSS on LINUX Installation Manual and the OpenBSD Transition 02/17/2011 1 Table of Contents Overview... 3 LOCKSS Hardware... 5 Installation Checklist... 7 BIOS Settings... 10 Installation... 11 Firewall

More information

MS Exchange Server Backup - User Guide

MS Exchange Server Backup - User Guide MS Exchange Server Backup - User Guide TABLE OF CONTENTS Introduction...2 Features...2 System Requirements...4 Exchange Server 2010... 4 Exchange Server 2007... 4 Exchange Server 2003... 4 Exchange Server

More information

VirtualXP Users Guide

VirtualXP Users Guide VirtualXP Users Guide Contents Chapter 1: Introduction... 2 Chapter 2: Install and Uninstall VirtualXP... 3 2.1 System Requirement... 3 2.2 Installing VirtualXP... 3 2.3 Uninstalling VirtualXP... 3 Chapter

More information

A review of BackupAssist within a Hyper-V Environment. By Brien Posey

A review of BackupAssist within a Hyper-V Environment. By Brien Posey A review of BackupAssist within a Hyper-V Environment By Brien Posey 2 Contents Introduction... 3 An Introduction to BackupAssist... 4 Testing Methodologies... 5 Test 1: Restore a Virtual Machine s Configuration...

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Digital Forensics Fundamentals

Digital Forensics Fundamentals Digital Forensics Fundamentals 1 P a g e Table of Contents 1. Overview of Digital Forensics... 3 2. Evaluation of Digital forensic tools... 5 2.1 Encase Digital forensic tool... 5 2.1.1 Benefits with Encase

More information

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) User s Reference Guide Internal IBM Use Only This document only applies to the software version listed above and information provided may not

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose

More information

virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06

virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06 virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06 SWsoft Virtuozzo 3.5.1 (for Windows) Review 2 Summary 0. Introduction 1. Installation 2. VPSs creation and modification

More information

Acronis Backup & Recovery 10 Workstation. Installation Guide

Acronis Backup & Recovery 10 Workstation. Installation Guide Acronis Backup & Recovery 10 Workstation Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent for Windows...

More information

Developing Computer Forensics Solutions for Terabyte Investigations

Developing Computer Forensics Solutions for Terabyte Investigations Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of

More information

System Planning, Deployment, and Best Practices Guide

System Planning, Deployment, and Best Practices Guide www.novell.com/documentation System Planning, Deployment, and Best Practices Guide ZENworks Application Virtualization 9.0 February 22, 2012 Legal Notices Novell, Inc., makes no representations or warranties

More information

Determining VHD s in Windows 7 Dustin Hurlbut

Determining VHD s in Windows 7 Dustin Hurlbut Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for

More information

Bare Metal Recovery Quick Start Guide

Bare Metal Recovery Quick Start Guide Bare Metal Recovery Quick Start Guide Revisions Document Control Version 5.4.3 Status Changes Date Final Created. August 2014 Copyright 2003-2014 Intronis, Inc. All rights reserved. 1 Table of Contents

More information

Installing Windows XP Professional

Installing Windows XP Professional CHAPTER 3 Installing Windows XP Professional After completing this chapter, you will be able to: Plan for an installation of Windows XP Professional. Use a CD to perform an attended installation of Windows

More information

Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By:

Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By: Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer By: Senior Special Agent Ernest Baca United States Customs Service Office of Investigations Resident Agent in

More information

Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response

Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response Special Publication 800-86 (Draft) Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response Recommendations of the National Institute of Standards and Technology Tim

More information

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED. VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *If you are using

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Management Challenge. Managing Hardware Assets. Central Processing Unit. What is a Computer System?

Management Challenge. Managing Hardware Assets. Central Processing Unit. What is a Computer System? Management Challenge Managing Hardware Assets What computer processing and storage capability does our organization need to handle its information and business transactions? What arrangement of computers

More information

A review of BackupAssist within a Hyper-V Environment

A review of BackupAssist within a Hyper-V Environment A review of BackupAssist within a Hyper-V Environment By Brien Posey Contents Introduction... 2 An Introduction to BackupAssist... 3 Testing Methodologies... 4 Test 1: Restore a Virtual Machine s Configuration...

More information

Symantec File Share Encryption Quick Start Guide Version 10.3

Symantec File Share Encryption Quick Start Guide Version 10.3 Symantec File Share Encryption Quick Start Guide Version 10.3 What is Symantec File Share Encryption? Symantec File Share Encryption is a software tool that provides multiple ways to protect and share

More information

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A Exam A Microsoft_70-680_v2011-06-22_Kat QUESTION 1 You have a computer that runs Windows 7. The computer has a single volume. You install 15 applications and customize the environment. You complete the

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

Microsoft SMB File Sharing Best Practices Guide

Microsoft SMB File Sharing Best Practices Guide Technical White Paper Microsoft SMB File Sharing Best Practices Guide Tintri VMstore, Microsoft SMB 3.0 Protocol, and VMware 6.x Author: Neil Glick Version 1.0 06/15/2016 @tintri www.tintri.com Contents

More information

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.

More information

Total Backup Recovery 7

Total Backup Recovery 7 7 TM 7 Automat backup and restore management for all networked laptops & workstations from a centralized administrating console 7 Advanced Workstation assures that critical business information is well

More information

C6 Easy Imaging Total Computer Backup. User Guide

C6 Easy Imaging Total Computer Backup. User Guide C6 Easy Imaging Total Computer Backup User Guide Clickfree and the Clickfree logo are trademarks or registered trademarks of Storage Appliance Corporation. Other product names used in this guide are recognized

More information

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:

More information

EaseUS Partition Master

EaseUS Partition Master Reviewer s Guide Contents Introduction... 2 Chapter 1... 3 What is EaseUS Partition Master?... 3 Versions Comparison... 4 Chapter 2... 5 Using EaseUS Partition Master... 5 Partition Manager... 5 Disk &

More information

MS SQL Server Backup - User Guide

MS SQL Server Backup - User Guide MS SQL Server Backup - User Guide TABLE OF CONTENTS Introduction... 1 Features... 1 System Requirements... 1 MS SQL Server Backup... 2 Accessing SQL Server Backup... 2 MS SQL Server Restore... 6 Accessing

More information

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage TECHNICAL PAPER Veeam Backup & Replication with Nimble Storage Document Revision Date Revision Description (author) 11/26/2014 1. 0 Draft release (Bill Roth) 12/23/2014 1.1 Draft update (Bill Roth) 2/20/2015

More information