Forensic Hard Drive Imager Comparisons
نویسندگان
چکیده
The current trend of hard drives rapidly increasing in capacity presents a challenge regarding the expedient analysis of digital evidence. Forensic investigators must sift through enormous amounts of data to discover information useful to an investigation. However, before this analysis can be conducted, and authenticated working copy of the suspect hard drive must be obtained. With the size of hard drives increasing, the time taken to produce effective results in greatly increased. This technical report investigates the current state of forensic hard drive practices by conducting a timing analysis of the two foremost hard drive imagers.
منابع مشابه
Time Analysis of Hard Drive Imaging Tools
Computer hard drives often contain evidence that is vital to digital forensic investigations. However, an authenticated working copy or “forensic image” of a suspect hard drive must be created before any data can be analyzed. As the capacities of modern hard drives increase, the time taken to create a forensic image, let alone analyze the data, increases significantly. This paper investigates t...
متن کاملForensic Analysis of a PlayStation 3 Console
The Sony PlayStation 3 (PS3) is a powerful gaming console that supports Internet-related activities, local file storage and the playing of Blu-ray movies. The PS3 also allows users to partition and install a secondary operating system on the hard drive. This “desktop-like” functionality along with the encryption of the primary hard drive containing the gaming software raises significant issues ...
متن کاملIdentification and Analysis of hard disk drive in digital forensic
The dramatic increase in crime relating to the Internet and computers has caused a growing need for computer forensics. Computer forensic tools have been developed to assist computer forensic investigators in conducting a proper investigation into digital crimes. Digital forensics is a growing and important fields of research for current intelligence, law enforcement, and military organizations...
متن کاملHard Disk Storage: Firmware Manipulation and Forensic Impact and Current Best Practice
The most common form of storage media utilized in both commercial and domestic systems is the hard disk drive, consequently these devices feature heavily in digital investigations. Hard disk drives are a collection of complex components. These components include hardware and firmware elements that are essential for the effective operation of the drive. There are now a number of devices availabl...
متن کاملLow Budget Forensic Drive Imaging Using ARM Based Single Board Computers
Traditional forensic analysis of hard disks and external media typically involves a “dead analysis” of a powered down machine. Forensic acquisition of hard drives and external media has traditionally been accomplished by one of several means: standalone forensic duplicator; using a hardware write-blocker or dock attached to a laptop, computer, workstation, etc.; forensic operating systems that ...
متن کامل