SlideShare a Scribd company logo

Intro to digital forensic imaging

Download as PPTX, PDF
D
Detectalix

Introduction to the basic concepts of digital forensic image acquisition, hardware/software write-blocking techniques and forensic image formats * * * Subscribe to the YouTube channel: https://youtube.com/channel/UC4bvx2ub2h7F_FrZKF9QGIg

Software
1 of 10
INTRODUCTION TO FORENSIC IMAGING
FORENSIC ACQUISITION • Forensic acquisition is the process of acquiring a forensically sound copy or image of the device or media to analyze. • “Forensically sound” means that the we shall be able to verify that the image is an exact copy of the original and the procedure used to acquire it shall be documented.
FORENSIC IMAGE • A forensic image is a bit by bit copy of the media to acquire and the basis on which the examiner works to extract the evidence. • It’s not simply cloning the file system, it’s a copy of all the raw disk (or partition) sectors. • The original media must not be altered in any way! • The integrity of the image file shall be verified and I/O errors logged.
ACQUISITION SCENARIOS • Two scenarios when acquiring a forensic image: the hard drive can be removed or not from the suspect computer. • In the first case, the drive should be attached to a forensic workstation using a write blocking mechanism. • In the second case, we can use a forensic live cd, booted in forensic mode.
WRITE BLOCKING METHODS • Write blocking mechanisms can be implemented in hardware or software. • Hardware write blockers are devices that protect the drive from writes and could have different type of connectors (SATA,IDE,USB,FireWire...) • Are quite expensive but their use is preferable.
SOFTWARE WRITE BLOCKING • Software write blocking is quite a controversial topic. • Simply mounting a drive as read-only doesn’t fully guarantee that it is not written! • Various techniques have been developed.
SOFTWARE WRITE BLOCKING • An example is the Linux write blocker kernel patch written by M.Suhanov. (https://github.com/msuhanov/Linux- write-blocker) • It blocks the write commands at the device driver level. • But requires the kernel to be recompiled.
FORENSIC IMAGE FORMATS • A raw image is a duplicate of all the sectors of a disk or partition. • It contains no additional metadata. • Can be obtained by tools like dd (Data Dump). Variants of ‘dd’ have been developed for forensics.
FORENSIC IMAGE FORMATS • Another open forensic format is the Advanced Forensic Format (AFF) • It supports compression and encryption of images. • AFFlib package to convert and manage AFF images.
FORENSIC IMAGE FORMATS • Proprietary formats: Expert Witness Format (EWF) and SMART • Both support compression and encryption of images. • libewf package to convert and manage ewf images.

Recommended

Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
voice recognition
voice recognition voice recognition
voice recognition Hemant Jain
 

Recommended

Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
voice recognition
voice recognition voice recognition
voice recognition Hemant Jain
 
Lect 5 computer forensics
Lect 5 computer forensicsLect 5 computer forensics
Lect 5 computer forensicsKabul Education University
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESVenkatesh Pensalwar
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Forensic audio
Forensic audioForensic audio
Forensic audioTejasvi Bhatia
 
Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video ForensicsDipika Sengupta
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Crime scene management
Crime scene managementCrime scene management
Crime scene managementShreyas Patel
 
File000127
File000127File000127
File000127Desmond Devendran
 
Protecting Hosts
Protecting HostsProtecting Hosts
Protecting Hostsprimeteacher32
 

More Related Content

What's hot

Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video ForensicsDipika Sengupta
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Crime scene management
Crime scene managementCrime scene management
Crime scene managementShreyas Patel
 

What's hot (20)

Lect 5 computer forensics
Lect 5 computer forensicsLect 5 computer forensics
Lect 5 computer forensics
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUES
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Data recovery
Data recoveryData recovery
Data recovery
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Forensic audio
Forensic audioForensic audio
Forensic audio
 
Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video Forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptx
 
Data recovery
Data recoveryData recovery
Data recovery
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Crime scene management
Crime scene managementCrime scene management
Crime scene management
 

Similar to Intro to digital forensic imaging

CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationSam Bowne
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
kbrgwillis.pdf
kbrgwillis.pdfkbrgwillis.pdf
kbrgwillis.pdfKblblkb
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
Information Computer Technology Handouts (Part I)
Information Computer Technology Handouts (Part I)Information Computer Technology Handouts (Part I)
Information Computer Technology Handouts (Part I)ella dimaiwat
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Eric Vanderburg
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012peterchanws
 
Accessioning Born-Digital Materials
Accessioning Born-Digital MaterialsAccessioning Born-Digital Materials
Accessioning Born-Digital Materialspeterchanws
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing DevicesGene Carboni
 

Similar to Intro to digital forensic imaging (20)

File000127
File000127File000127
File000127
 
Protecting Hosts
Protecting HostsProtecting Hosts
Protecting Hosts
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
kbrgwillis.pdf
kbrgwillis.pdfkbrgwillis.pdf
kbrgwillis.pdf
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Hard Disk Data Acquisition
Hard Disk Data AcquisitionHard Disk Data Acquisition
Hard Disk Data Acquisition
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic Images
 
Clape n
Clape nClape n
Clape n
 
Information Computer Technology Handouts (Part I)
Information Computer Technology Handouts (Part I)Information Computer Technology Handouts (Part I)
Information Computer Technology Handouts (Part I)
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Securing the Container Pipeline
Securing the Container PipelineSecuring the Container Pipeline
Securing the Container Pipeline
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
 
Accessioning Born-Digital Materials
Accessioning Born-Digital MaterialsAccessioning Born-Digital Materials
Accessioning Born-Digital Materials
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing Devices
 

Recently uploaded

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Recently uploaded (20)

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Intro to digital forensic imaging

  • 2. FORENSIC ACQUISITION • Forensic acquisition is the process of acquiring a forensically sound copy or image of the device or media to analyze. • “Forensically sound” means that the we shall be able to verify that the image is an exact copy of the original and the procedure used to acquire it shall be documented.
  • 3. FORENSIC IMAGE • A forensic image is a bit by bit copy of the media to acquire and the basis on which the examiner works to extract the evidence. • It’s not simply cloning the file system, it’s a copy of all the raw disk (or partition) sectors. • The original media must not be altered in any way! • The integrity of the image file shall be verified and I/O errors logged.
  • 4. ACQUISITION SCENARIOS • Two scenarios when acquiring a forensic image: the hard drive can be removed or not from the suspect computer. • In the first case, the drive should be attached to a forensic workstation using a write blocking mechanism. • In the second case, we can use a forensic live cd, booted in forensic mode.
  • 5. WRITE BLOCKING METHODS • Write blocking mechanisms can be implemented in hardware or software. • Hardware write blockers are devices that protect the drive from writes and could have different type of connectors (SATA,IDE,USB,FireWire...) • Are quite expensive but their use is preferable.
  • 6. SOFTWARE WRITE BLOCKING • Software write blocking is quite a controversial topic. • Simply mounting a drive as read-only doesn’t fully guarantee that it is not written! • Various techniques have been developed.
  • 7. SOFTWARE WRITE BLOCKING • An example is the Linux write blocker kernel patch written by M.Suhanov. (https://github.com/msuhanov/Linux- write-blocker) • It blocks the write commands at the device driver level. • But requires the kernel to be recompiled.
  • 8. FORENSIC IMAGE FORMATS • A raw image is a duplicate of all the sectors of a disk or partition. • It contains no additional metadata. • Can be obtained by tools like dd (Data Dump). Variants of ‘dd’ have been developed for forensics.
  • 9. FORENSIC IMAGE FORMATS • Another open forensic format is the Advanced Forensic Format (AFF) • It supports compression and encryption of images. • AFFlib package to convert and manage AFF images.
  • 10. FORENSIC IMAGE FORMATS • Proprietary formats: Expert Witness Format (EWF) and SMART • Both support compression and encryption of images. • libewf package to convert and manage ewf images.