Successfully reported this slideshow.

Forensic imaging tools

11

Share

Jul. 14, 2013
11 likes 18,587 views
Upcoming SlideShare
Forensic imaging
Forensic imaging
Loading in …3
×
1 of 12
1 of 12

Forensic imaging tools

Jul. 14, 2013
11 likes 18,587 views

11

Share

Download to read offline

Technology Entertainment & Humor

This is an extract from ongoing research made available for comments and recommendations. All tools were tested in the same virtual configuration providing a consistent test platform.
** UPDATE ** As it is no longer possible to update a Slideshare presentation I will shortly be posting a more comprehensive set of results as a new presentation and on the www.xtremeforensics.com website.

This is an extract from ongoing research made available for comments and recommendations. All tools were tested in the same virtual configuration providing a consistent test platform.
** UPDATE ** As it is no longer possible to update a Slideshare presentation I will shortly be posting a more comprehensive set of results as a new presentation and on the www.xtremeforensics.com website.

Technology Entertainment & Humor

Recommended

More Related Content

Viewers also liked

Next Generation Memory Forensics
Andrew Case
Bootkits: Past, Present & Future - Virus Bulletin
ESET
Memory forensics
Sunil Kumar
Linux Memory Analysis with Volatility
Andrew Case
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Andrew Case
Dfrws eu 2014 rekall workshop
Tamas K Lengyel
Faults inside System Software
National Cheng Kung University
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON
CNIT 121: 8 Forensic Duplication
Sam Bowne
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Pietro De Nicolao
Fuzzing the Media Framework in Android
E Hacking
Unmasking Careto through Memory Forensics (video in description)
Andrew Case
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
(120513) #fitalk an introduction to linux memory forensics
INSIGHT FORENSIC
Msra 2011 windows7 forensics-troyla
CTIN
Workshop - Linux Memory Analysis with Volatility
Andrew Case
Defeating Windows memory forensics
lmilkovic
Preserving Software at Scale: The Stephen Cabrinety Collection
Michael Olson
Is Linux/Moose endangered or extinct?
ESET

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The World's Largest Man: A Memoir Harrison Scott Key
(4.5/5)
Free
Truth in Advertising: A Novel John Kenney
(4/5)
Free
Dan Gets a Minivan: Life at the Intersection of Dude and Dad Dan Zevin
(4/5)
Free
Coyote V. Acme Ian Frazier
(3.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Truth in Advertising: A Novel John Kenney
(4/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(3/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free

Forensic imaging tools

  1. 1. A high-level review of acquisition times for several popular imaging tools
  2. 2. Background There has been a lot of anecdotal discussion regarding the relative performance of various popular acquisition tools. This document provides an overview of some research currently being undertaken. Once completed the full set of detailed results will be published.
  3. 3. Tools Assessed  EnCase Forensic Imager v7.06  FTK Imager v3.1.2  Adepto v2.1 (Helix3)  EnCase LineN v6.12.0.21  IXImager v3  Raptor v2.5  X-Ways v17.1
  4. 4. Speed Assessment Parameters Each of the acquisition tools used in this research was placed into one of two categories and measured for how quickly the tool could acquire a 160GB virtual drive. The categories were:  ‘Standalone’ – meaning the tool comes with its own bootable environment  ‘Dependant’ – meaning the tool itself is not part of a bootable environment and requires a third-party write-blocking device or bootable system. Within each category the tools were tested in the same virtual configuration. The default image type was selected together with the fastest compression (if available).
  5. 5. ‘Standalone’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) VIRTUAL BOOT CDROM ISO SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 PHYSICAL DISK 3 SATA
  6. 6. ‘Dependant’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 SATA VDI (VIRTUAL SYSTEM DISK) WIN 7 SP1 PHYSICAL DISK 3
  7. 7. Overall Results Tool Time to acquire 160GB Image Size Image type IXImager 17 mins 78.6 GB ASB Xways Forensic 27 mins 74.4 GB E01 FTKI 50 mins 68.3 GB E01 Adepto 56 mins 149 GB RAW EnCase Linen 63 mins 149 GB E01 Raptor 69 mins 68.3 GB E01 EnCase Forensic Imager 74 mins 68.6 GB E01
  8. 8. Standalone Tool Results For tools that don’t require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type IXImager 17 mins 78.6 GB ASB Adepto 56 mins 149 GB RAW EnCase LineN 1hr 03 mins 149 GB E01 Raptor 1hr 09 mins 68.3 GB E01
  9. 9. Dependant Tool Results For tools that require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type X-Ways Forensic 27 mins 74.4 GB E01 FTK Imager 50 mins 68.3GB E01 EnCase Forensic Imager 1hr 14 mins 68.6 GB E01
  10. 10. Scalability Assessment The tools were grouped by their ability to accommodate being deployed in an environment containing multiple source devices. Two groups were identified:  Unrestricted  Restricted
  11. 11. Unrestricted tools Tool Comment IXImager Unlimited number of concurrent acquisitions, one analysis licence required Raptor Unlimited number of concurrent acquisitions, no licence required EnCase LineN Unlimited number of concurrent acquisitions, no licence required Adepto Unlimited number of concurrent acquisitions, no licence required
  12. 12. Restricted tools Tool Comment FTK Imager Requires write-blocker per concurrent acquisition EnCase Forensic Imager Requires write-blocker per concurrent acquisition X-Ways Requires write-blocker per concurrent acquisition, requires dongle per concurrent acquisition

×