Hard Disk Storage: Firmware Manipulation and Forensic Impact and Current Best Practice
نویسندگان
چکیده
The most common form of storage media utilized in both commercial and domestic systems is the hard disk drive, consequently these devices feature heavily in digital investigations. Hard disk drives are a collection of complex components. These components include hardware and firmware elements that are essential for the effective operation of the drive. There are now a number of devices available, intended for data recovery, which can be used to manipulate the firmware components contained within the drive. It has been previously shown that it is possible to alter firmware for malicious purposes, either to conceal information or to prevent the drive’s correct operation. We review the general construction of a hard disk drive. In particular we examine the error handling process present within hard disk drives for dealing with failed or failing sectors and detail how this can be manipulated. The potential forensic impact on an investigation of manipulating firmware is then explored. We propose best practice considerations when analyzing a hard drive where firmware manipulation is suspected and detail a possible method to detect this form of modification.
منابع مشابه
The Impact of Hard Disk Firmware Steganography on Computer Forensics
The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible ...
متن کاملManipulation of hard drive firmware to conceal entire partitions
Tools created by the computer hacking community to circumvent security protection on hard drives can have unintentional consequences for digital forensics. Tools originally developed to circumvent Microsoft’s Xbox 360 hard drive protection can be used, independently of the Xbox 360 system, to change the reported size/model of a hard drive enabling criminals to hide data from digital forensic so...
متن کاملIdentification and Analysis of hard disk drive in digital forensic
The dramatic increase in crime relating to the Internet and computers has caused a growing need for computer forensics. Computer forensic tools have been developed to assist computer forensic investigators in conducting a proper investigation into digital crimes. Digital forensics is a growing and important fields of research for current intelligence, law enforcement, and military organizations...
متن کاملCaveat-Scriptor: Write Anywhere Shingled Disks
The increasing ubiquity of NAND flash storage is forcing magnetic disks to accelerate the rate at which they lower price per stored bit. Magnetic recording technologists have begun to pack tracks so closely that writing one track cannot avoid disturbing the information stored in adjacent tracks [13]. Specifically, the downstream track will be at least partially overwritten, or shingled by each ...
متن کاملSolid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?
Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, ...
متن کامل