Computer Forensic Tools. Stefan Hager
|
|
- Damon Manning
- 8 years ago
- Views:
Transcription
1 Computer Forensic Tools Stefan Hager
2 Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2
3 Important policies for computer forensic tools evidence must not get compromised or contaminated during investigation disk imaging necessary ensure data integrity hashing (MD5, SHA-1...) digital evidence must be permitted during litigation adheres to the standards of evidence that are admissible in a court of law SS 2007 Advanced Computer Networks 3
4 Typical Workflow for analyzing evidence SS 2007 Advanced Computer Networks 4
5 Categories of Computer Forensic Tools Disk Imaging Memory Imaging Data and Disk Analysis Special OS Live Distributions Network Forensics SS 2007 Advanced Computer Networks 5
6 Disk Imaging Hardware imagers e.g. handhelds that clone source drives write blocker to protect data on source drive fast: up to 4GB/min (SCSI) usually no additional software necessary SS 2007 Advanced Computer Networks 6
7 Disk Imaging multiple interfaces supported e.g. IDE, SATA, PATA, SCSI, USB, Firewire, Flash Cards... SS 2007 Advanced Computer Networks 7
8 Disk Imaging Software imagers Unix-based imagers dd, dcfldd, AIR, rdd, sdd Windows-based imagers ProDiscovery (images FAT12,16,32 and NTFS) AccessData (read, aquire, decrypt, analyze) calculate hashes (MD5, SHA-1) checksumming SS 2007 Advanced Computer Networks 8
9 Memory Imaging making an image of physical memory linux: dd captures the contents of physical memory using device file /dev/mem windows: hibernation c:\hiberfil.sys SS 2007 Advanced Computer Networks 9
10 Data and Disk Analysis Tools Purpose: extract, manipulate, validate data Partition Recovery (e.g. gpart) recover deleted/corrupt partitions guess partition tables recover boot sector (e.g. fdisk /mbr restores boot code in MBR, but not the partition Data Evaluation and Recovery (e.g. autopsy) restore deleted/corrupt files RAID reconstruction (RAID level 0 - striping, level 5) Password Recovery / Breaking open files that are password protected SS 2007 Advanced Computer Networks 10
11 Data and Disk Analysis Tools Carving (e.g. foremost) search an input for files or other kinds of objects based on content recover files when directory entries missing/corrupt, deleted files, damaged media look for file headers and footers "carving out" blocks between these two boundaries usually executed on a disk image and not on the original disk SS 2007 Advanced Computer Networks 11
12 Data and Disk Analysis Tools Metadata Extraction extract Metadata from different file formats (Microsoft Office Documents, PDF, Binary files,...) MAC times (Modification, Access, Creation - UNIX) WAC times (Written, Accessed, Created WINDOWS) file type User ID, Group ID SS 2007 Advanced Computer Networks 12
13 Data and Disk Analysis Tools Evaluation of timelines (e.g. Zeitline) analyzing and evaluating data for event reconstruction sources: MAC times, WAC times, system logs, firewall logs, application data timelines consist of events (time spans) events belonging to the same action grouped together events can have sub- and superevents (hierarchy) SS 2007 Advanced Computer Networks 13
14 Data and Disk Analysis Tools Evaluation of timelines e.g. events: access program gcc access file x access library y grouped together to compile program x super event of this group could be install rootkit z SS 2007 Advanced Computer Networks 14
15 Special OS Live Distributions Free Distributions DEFT Linux (built upon Kubuntu) Helix (built upon Knoppix) Commerial Distributions SMART Linux (by ASR Data) MacQuisition Boot CD (for imaging Macintosh Systems) SS 2007 Advanced Computer Networks 15
16 Network forensics Network vulnerability scanners (e.g. NESSUS) based on security vulnerability database detects remote as well as local flaws Network protocol analyzers (e.g. wireshark, ethereal) many protocols supported Live Capture / Offline Analysis VoIP analysis SS 2007 Advanced Computer Networks 16
17 Network forensics Search for rootkits (e.g. chkrootkit) scripts for checking system binaries for rootkit information checks for signs of trojans checks whether the interface is in promiscuous mode SS 2007 Advanced Computer Networks 17
18 Demo SS 2007 Advanced Computer Networks 18
19 References Vacca, J. R.: Computer Forensics: Computer Crime Scene Investigation. Hingham, Mass.: Charles River Media Forensic_Tools SS 2007 Advanced Computer Networks 19
20 References ter_forensics _works.aspx SS 2007 Advanced Computer Networks 20
21 Tools esc.php /tct.html SS 2007 Advanced Computer Networks 21
22 Tools rensics/timeline.php /tct.html elix SS 2007 Advanced Computer Networks 22
23 Questions 1. Explain shortly 3 tasks of disk analysis tools (Slides 10-14) 2. What are important policies for computer forensic tools? (Slide 3) SS 2007 Advanced Computer Networks 23
24 Thank you for your attention! SS 2007 Advanced Computer Networks 24
2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationComputer Forensics using Open Source Tools
Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands
More informationOpen Source and Incident Response
Open Source and Incident Response Joe Lofshult, CISSP, GCIH 1 Agenda Overview Open Source Tools FIRE Demonstration 2 Overview Incident Adverse event that threatens security in computing systems and networks.
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements
More informationINCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION
" - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationDefining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationEnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net
هللامسب EnCase v7 Essential Training What s in this course Explore the most notable features of the new version. Everything you need to know about EnCase v7 to conduct basic investigations. Create Cases
More informationDigital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics
Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationChapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014
Chapter Contents Operating Systems and File Management Section A: Operating System Basics Section B: Today s Operating Systems Section C: File Basics Section D: File Management Section E: Backup Security
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationForensics Book 2: Investigating Hard Disk and File and Operating Systems. Chapter 5: Windows Forensics II
Forensics Book 2: Investigating Hard Disk and File and Operating Systems Chapter 5: Windows Forensics II Objectives Understand event logs Understand other audit events Understand forensic analysis of event
More informationCYBER FORENSICS (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information
More informationCapturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013
Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the
More informationGNU/LINUX Forensic Case Study (ubuntu 10.04)
GNU/LINUX Forensic Case Study (ubuntu 10.04) Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License wim.bertels@khleuven.be FCCU Federal Computer Crime Unit of Belgium Assistance house
More informationCOWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Prerequisites: Basic
More informationState of the art of Digital Forensic Techniques
State of the art of Digital Forensic Techniques Enos K. Mabuto 1, H. S Venter 2 Department of Computer Science University of Pretoria, Pretoria, 0002, South Africa Tel: +27 12 420 3654 Email: nasbutos@yahoo.co.uk
More informationITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT
ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationIntelligent disaster recovery. Dell DL backup to Disk Appliance powered by Symantec
Intelligent disaster recovery Dell DL backup to Disk Appliance powered by Symantec The PowerVault DL Backup to Disk Appliance Powered by Symantec Backup Exec offers the industry s only fully integrated
More informationData Storage and Backup. Sanjay Goel School of Business University at Albany, SUNY
Data Storage and Backup Sanjay Goel School of Business University at Albany, SUNY Data Backup 2 Data Backup Why? Files can be accidentally deleted Mission-critical data can become corrupt. Natural disasters
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationAcronis Disk Director 11 Advanced Server. Quick Start Guide
Acronis Disk Director 11 Advanced Server Quick Start Guide Copyright Acronis, Inc., 2000-2010. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis, Inc. "Acronis Compute
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More information10 Ways to Not Get Caught Hacking On Your Mac
10 Ways to Not Get Caught Hacking On Your Mac Three18 is a Comprehensive Technology Solutions Provider Apple Certified Partner Microsoft Gold Partner Symantec Security Solutions Partner Novell and RedHat
More informationCDFE Certified Digital Forensics Examiner (CFED Replacement)
Course: CDFE Certified Digital Forensics Examiner (CFED Replacement) Description: Price: $3,450.00 Category: Popular Courses Duration: 5 days Schedule: Request Dates Outline: COURSE OVERVIEW Computer Forensics
More informationActive @ UNDELETE Users Guide
Active @ UNDELETE Users Guide Contents 2 Contents Legal Statement...5 Active@ UNDELETE Overview... 6 Getting Started with Active@ UNDELETE... 7 Active@ UNDELETE Views And Windows... 7 Recovery Explorer
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationComputing forensics: a live analysis
April 18th, 2005 1 2 3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras
More informationCHAPTER 17: File Management
CHAPTER 17: File Management The Architecture of Computer Hardware, Systems Software & Networking: An Information Technology Approach 4th Edition, Irv Englander John Wiley and Sons 2010 PowerPoint slides
More informationUnix/Linux Forensics 1
Unix/Linux Forensics 1 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines,
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationUSB 2.0 Flash Drive User Manual
USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6
More informationZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016
ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationQ. If I purchase a product activation key on-line, how long will it take to be sent to me?
Page 1 of 6 Frequently Asked Questions (FAQ) Q. If I purchase a product activation key on-line, how long will it take to be sent to me? A. When you purchase on-line your product activation key is provided
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationFORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres
FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE
More informationDigital Forensics Tutorials Acquiring an Image with Kali dcfldd
Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can
More informationDiscovery of Electronically Stored Information ECBA conference Tallinn October 2012
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation
More informationITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York
INSTRUCTOR INFORMATION Name: Sanjay Goel Email: goel@albany.edu Phone: (518) 442-4925 Office Location: BA 310b, University at Albany Office Hours: TBD CLASS INFORMATION Time: N/A Location: Online Dates:
More informationOpen Source Data Recovery
Open Source Data Recovery Options and Techniques CALUG MEETING October 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing only myself
More informationTELE 301 Lecture 7: Linux/Unix file
Overview Last Lecture Scripting This Lecture Linux/Unix file system Next Lecture System installation Sources Installation and Getting Started Guide Linux System Administrators Guide Chapter 6 in Principles
More informationIntroduction to BitLocker FVE
Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk
More informationComputer Forensic Specialist. Course Title: Computer Forensic Specialist: Storage Device & Operating Systems
Course Title: Computer Forensic Specialist: Storage Device & Operating Systems Page 1 of 14 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify,
More informationForensic Acquisition and Analysis of VMware Virtual Hard Disks
Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationOperating System Today s Operating Systems File Basics File Management Application Software
Lecture Content Operating System Today s Operating Systems File Basics File Management Application Software Operating Systems and File Management 2 Operating Systems and File Management 3 Operating System
More informationA STUDY OF FORENSIC IMAGING IN THE ABSENCE OF WRITE-BLOCKERS
A Study of Forensic Imaging in the Absence of JDFSL V9N3 This work is licensed under a Creative Commons Attribution 4.0 International License. A STUDY OF FORENSIC IMAGING IN THE ABSENCE OF WRITE-BLOCKERS
More informationENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING
ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured
More informationUpdate: About Apple RAID Version 1.5 About this update
apple Update: About Apple RAID Version 1.5 About this update This update describes new features and capabilities of Apple RAID Software version 1.5, which includes improvements that increase the performance
More informationNSS Volume Data Recovery
NSS Volume Data Recovery Preliminary Document September 8, 2010 Version 1.0 Copyright 2000-2010 Portlock Corporation Copyright 2000-2010 Portlock Corporation Page 1 of 20 The Portlock storage management
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationICANWK401A Install and manage a server
ICANWK401A Install and manage a server Release: 1 ICANWK401A Install and manage a server Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationLesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment
Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4
More informationSTUDY GUIDE CHAPTER 4
STUDY GUIDE CHAPTER 4 True/False Indicate whether the statement is true or false. 1. A(n) desktop operating system is designed for a desktop or notebook personal computer. 2. A(n) mirrored user interface
More informationActive @ UNDELETE Users Guide
Active @ UNDELETE Users Guide Contents 2 Contents Legal Statement...5 Active@ UNDELETE Overview... 6 Getting Started with Active@ UNDELETE... 7 Active@ UNDELETE Views And Windows... 7 Recovery Explorer
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More informationCOURCE TITLE DURATION CompTIA A+ Certification 40 H.
COURCE TITLE DURATION CompTIA A+ Certification 40 H. Overview: The target student is anyone with basic computer user skills who is interested in: obtaining a job as an IT professional or PC technician.
More informationHARD DISK MANAGER 14 / FULL FEATURES LIST. HDM 14 Suite. Features. HDM 14 Pro. Drive Partitioning. Data Backup & Restore
Features HDM 14 Suite HDM 14 Pro Drive Partitioning Create Partition Express Create Partition Format Partition Delete Partition Undelete Partition Move/Resize Partition Express Resize Partition Redistribute
More informationEaseUS Partition Master
Reviewer s Guide Contents Introduction... 2 Chapter 1... 3 What is EaseUS Partition Master?... 3 Versions Comparison... 4 Chapter 2... 5 Using EaseUS Partition Master... 5 Partition Manager... 5 Disk &
More information70-271. Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Q&A. DEMO Version
Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Q&A DEMO Version Copyright (c) 2007 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration
More informationFile System & Device Drive. Overview of Mass Storage Structure. Moving head Disk Mechanism. HDD Pictures 11/13/2014. CS341: Operating System
CS341: Operating System Lect 36: 1 st Nov 2014 Dr. A. Sahu Dept of Comp. Sc. & Engg. Indian Institute of Technology Guwahati File System & Device Drive Mass Storage Disk Structure Disk Arm Scheduling RAID
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics Objectives Understand Internet fundamentals Understand network basics Acquire data on a Linux computer Guide
More informationAcronis True Image 10 Home Reviewer s Guide
Acronis True Image 10 Home Reviewer s Guide Introduction This guide is designed for members of the media who will be evaluating Acronis True Image disk imaging, backup and bare-metal recovery software.
More informationForensically Determining the Presence and Use of Virtual Machines in Windows 7
Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.
More informationNISTIR 7276 The Impact of RAID on Disk Imaging
NISTIR 7276 The Impact of RAID on Disk Imaging Steve Mead Software Diagnostics & Conformance Testing Division, ITL National Institute of Standards and Technology NISTIR 7276 The Impact of RAID on Disk
More informationDigital Forensics with Open Source Tools
Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
More informationComputer Forensics. Securing and Analysing Digital Information
Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live
More informationBackupAssist Common Usage Scenarios
WHITEPAPER BackupAssist Version 5 www.backupassist.com Cortex I.T. Labs 2001-2008 2 Table of Contents Introduction... 3 Disaster recovery for 2008, SBS2008 & EBS 2008... 4 Scenario 1: Daily backups with
More informationLinux in Law Enforcement
Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing
More informationipod Forensics Update
Abstract ipod Forensics Update Matthew Kiley Tim Shinbara Marcus Rogers Purdue University Cyber Forensics Laboratory Department of Computer and Information Technology Purdue University From student to
More information2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12
USER'S GUIDE Table of contents 1 Introduction...3 1.1 What is Acronis True Image 2015?... 3 1.2 New in this version... 3 1.3 System requirements... 4 1.4 Install, update or remove Acronis True Image 2015...
More informationWindows Server 2008 Essentials. Installation, Deployment and Management
Windows Server 2008 Essentials Installation, Deployment and Management Windows Server 2008 Essentials First Edition. This ebook is provided for personal use only. Unauthorized use, reproduction and/or
More informationSSD Guru. Installation and User Guide. Software Version 1.4
SSD Guru Installation and User Guide Software Version 1.4 Contents Welcome!............................................................................. 1 Key features.........................................................................
More informationPCI Express SATA / esata 6Gb/s RAID Card User Manual
PCI Express SATA / esata 6Gb/s RAID Card User Manual Specifications : - 2 x SATA 6Gb/s Port (SATA version) - 2 x esata 6Gb/s Port (esata version) - Max. 6Gb/s transfer rate per port - Supports both SATA
More informationCOMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
More informationForensic Decryption of FAT BitLocker Volumes
Forensic Decryption of FAT BitLocker Volumes P. Shabana Subair, C. Balan (&), S. Dija, and K.L. Thomas Centre for Development of Advanced Computing, PO Box 6520, Vellayambalam, Thiruvananthapuram 695033,
More informationGetting Physical with the Digital Investigation Process
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
More informationUSB Bare Metal Restore: Getting Started
USB Bare Metal Restore: Getting Started Prerequisites Requirements for the target hardware: Must be able to boot from USB Must be on the same network as the Datto device Must be 64 bit hardware Any OSs
More informationis605 Dual-Bay Storage Enclosure for 3.5 Serial ATA Hard Drives FW400 + FW800 + USB2.0 Combo External RAID 0, 1 Subsystem User Manual
is605 Dual-Bay Storage Enclosure for 3.5 Serial ATA Hard Drives FW400 + FW800 + USB2.0 Combo External RAID 0, 1 Subsystem User Manual (English/Deutsch/ 中 文 ) v1.0 August 23, 2007 Table of Contents CHAPTER
More informationQUICK RECOVERY FOR RAID
Quick Recovery for RAID Features File Systems Supported Who suffers most Recovery Modes De-Stripper File Recovery Frequently Asked Questions QUICK RECOVERY FOR RAID Quick Recovery for RAID 0, RAID 5. Quick
More informationIBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)
IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) User s Reference Guide Internal IBM Use Only This document only applies to the software version listed above and information provided may not
More informationWhite Paper: Whole Disk Encryption
How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................
More informationInstalling, Configuring and Administering Microsoft Windows
Unit 21: Installing, Configuring and Administering Microsoft Windows Learning Outcomes A candidate following a programme of learning leading to this unit will be able to: Perform and troubleshoot an attended
More informationFull Drive Encryption Security Problem Definition - Encryption Engine
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles
More informationEncrypting stored data. Tuomas Aura T-110.4206 Information security technology
Encrypting stored data Tuomas Aura T-110.4206 Information security technology Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications
More informationRECOVERING DELETED DATA FROM FAT PARTITIONS WITHIN MOBILE PHONE HANDSETS USING TRADITIONAL IMAGING TECHNIQUES
RECOVERING DELETED DATA FROM FAT PARTITIONS WITHIN MOBILE PHONE HANDSETS USING TRADITIONAL IMAGING TECHNIQUES KEVIN MANSELL CONTROL-F LTD. KEVIN.MANSELL@CONTROLF.CO.UK DARREN LOLE & FIONA LITCHFIELD SERVICE
More informationScene of the Cybercrime Second Edition. Michael Cross
Scene of the Cybercrime Second Edition Michael Cross Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying
More informationParagon Backup Retention Wizard
Paragon Backup Retention Wizard User Guide Getting Started with the Paragon Backup Retention Wizard In this guide you will find all the information necessary to get the product ready to use. System Requirements
More informationFull Disk Encryption Agent Reference
www.novell.com/documentation Full Disk Encryption Agent Reference ZENworks 11 Support Pack 3 May 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or
More information