SlideShare a Scribd company logo

Digital Forensic Tools - Application Specific.

Download as PPT, PDF
G
guestcf6f5b

Based on queries regarding the tools needed for Computer Forensics Investigations. I recommend this presentation. This would help in customizing tools depending upon the requirement of a specific case. This presentation has been presented Jim Lyle. His contact info is available on the first slide. Kindly reach him for further queries. >> ravi

Technology
1 of 38
Computer Forensics Tool Testing at NIST Jim Lyle Information Technology Laboratory Phone: (301) 975-3207 E-mail: [email_address] WWW: http://www.cftt.nist.gov
Computers &The Internet ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A Shocking Revelation . . . ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Outline of an Investigation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Investigators Need … ,[object Object],[object Object],[object Object]
Admissible Results ,[object Object],[object Object],[object Object],[object Object]
Response to Problem ,[object Object],[object Object],[object Object]
Goals of CF at NIST ,[object Object],[object Object]
Why NIST/ITL is involved ,[object Object],[object Object],[object Object]
Project Sponsors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Project Tasks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Current Activities ,[object Object],[object Object],[object Object],[object Object],[object Object]
Challenges ,[object Object],[object Object],[object Object],[object Object]
Overview of Methodology ,[object Object],[object Object],[object Object],[object Object]
Developing a Specification ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tool Test Process ,[object Object],[object Object],[object Object],[object Object],[object Object]
Disk Imaging Test Parameters Value Parameter Yes, no Remote access Disk, FAT12/16/32, NT, Ext2 Object type None, Src Rd, Dst Wt, Img R/W/C Errors Src=Dst, Src<Dst, Src>Dst Relative size Dst interface BIOS to IDE, BIOS to SCSI, ATA, ASPI, Legacy BIOS Source interface Copy, Image, Verify Functions
Capabilities to test disk imaging ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Test Case Structure: Setup ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Test Case Structure: Run Tool ,[object Object],[object Object],[object Object],[object Object]
Test Case Structure: Measure ,[object Object],[object Object]
Test Logging ,[object Object],[object Object],[object Object],[object Object]
Legacy BIOS Quirks ,[object Object],[object Object],[object Object],[object Object]
Evaluating Test Results ,[object Object],[object Object],[object Object],[object Object],[object Object]
Refining the Test Procedure ,[object Object],[object Object]
Hard Drive Write Protect ,[object Object],[object Object],[object Object]
Hard Drive BIOS Access
SWB Tool Operation
Test Harness Operation
HWB Testing CPU Device Send I/O CMD to Device Return result to CPU BUS1 BUS 2 PROTOCOL ANALYZER Monitor Bus Traffic BUS HWB
Impact ,[object Object],[object Object],[object Object],[object Object]
Available Specifications ,[object Object],[object Object],[object Object]
Specifications Under Development ,[object Object],[object Object],[object Object]
Available Test Reports ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Test Reports in Production ,[object Object],[object Object],[object Object]
Available Testing Software ,[object Object],[object Object]
Benefits of CFTT ,[object Object],[object Object],[object Object],[object Object],[object Object]
Contacts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Forensic imaging tools
Forensic imaging tools Forensic imaging tools
Forensic imaging tools Dr. Richard Adams
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)Priyanka Aash
 

Recommended

Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Forensic imaging tools
Forensic imaging tools Forensic imaging tools
Forensic imaging tools Dr. Richard Adams
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)Priyanka Aash
 
(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensics(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensicsPriyanka Aash
 
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell44CON
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Labprimeteacher32
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
File carving tools
File carving toolsFile carving tools
File carving toolsMarco Alamanni
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012Rian Yulian
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsMichael Smith
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the ArchiveGarethKnight
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
3871778
38717783871778
3871778Christiaan Beek
 
Memory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual MachineMemory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual MachineAndrew Case
 
File000173
File000173File000173
File000173Desmond Devendran
 
Scan disk
Scan diskScan disk
Scan diskVon Alvarez
 
Live Memory Forensics on Android devices
Live Memory Forensics on Android devicesLive Memory Forensics on Android devices
Live Memory Forensics on Android devicesNikos Gkogkos
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows SystemsConferencias FIST
 
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRemnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRhydham Joshi
 
Dfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopDfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopTamas K Lengyel
 
CóMo Escribir Un Texto Escrito
CóMo Escribir Un Texto EscritoCóMo Escribir Un Texto Escrito
CóMo Escribir Un Texto EscritoVladimir Humberto Clobares Sánchez
 
Evaluation
EvaluationEvaluation
Evaluationbirch_17
 

More Related Content

What's hot

(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensics(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensicsPriyanka Aash
 
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell44CON
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012Rian Yulian
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsMichael Smith
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the ArchiveGarethKnight
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Memory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual MachineMemory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual MachineAndrew Case
 
Live Memory Forensics on Android devices
Live Memory Forensics on Android devicesLive Memory Forensics on Android devices
Live Memory Forensics on Android devicesNikos Gkogkos
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows SystemsConferencias FIST
 
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRemnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRhydham Joshi
 
Dfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopDfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopTamas K Lengyel
 

What's hot (20)

(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensics(SACON) Dr. Phil Polstra - windows & linux forensics
(SACON) Dr. Phil Polstra - windows & linux forensics
 
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
44CON London 2015 - Old Dog, New Tricks: Forensics With PowerShell
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
File carving tools
File carving toolsFile carving tools
File carving tools
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual Machine
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_system
 
3871778
38717783871778
3871778
 
Memory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual MachineMemory Analysis of the Dalvik (Android) Virtual Machine
Memory Analysis of the Dalvik (Android) Virtual Machine
 
File000173
File000173File000173
File000173
 
Scan disk
Scan diskScan disk
Scan disk
 
Live Memory Forensics on Android devices
Live Memory Forensics on Android devicesLive Memory Forensics on Android devices
Live Memory Forensics on Android devices
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
 
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) FilesRemnux tutorial-1 Statically Analyse Portable Executable(PE) Files
Remnux tutorial-1 Statically Analyse Portable Executable(PE) Files
 
Dfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopDfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshop
 

Viewers also liked

Evaluation
EvaluationEvaluation
Evaluationbirch_17
 
G R U P O V I R T U A L
G R U P O V I R T U A LG R U P O V I R T U A L
G R U P O V I R T U A Leliza19
 
GoogleSky Status at Google
GoogleSky Status at GoogleGoogleSky Status at Google
GoogleSky Status at GoogleAlberto Conti
 
Peligroso Plastico
Peligroso PlasticoPeligroso Plastico
Peligroso PlasticoANACV
 
Introdução ao marketing de busca
Introdução ao marketing de buscaIntrodução ao marketing de busca
Introdução ao marketing de buscaRafael Damasceno
 
Diploma Project - Poster
Diploma Project - PosterDiploma Project - Poster
Diploma Project - Posterercumentsonmez
 
D I G I T A L B E T A
D I G I T A L B E T AD I G I T A L B E T A
D I G I T A L B E T AJose Gaitan
 
PáGina Crianças7 03 09 Pdf[1].Asp
PáGina Crianças7 03 09 Pdf[1].AspPáGina Crianças7 03 09 Pdf[1].Asp
PáGina Crianças7 03 09 Pdf[1].Aspmrvpimenta
 
Reflexionmauriciovelasco
ReflexionmauriciovelascoReflexionmauriciovelasco
Reflexionmauriciovelascomaovelasco
 
Informations Management
Informations ManagementInformations Management
Informations ManagementTamas Csaki
 
Cogigo De Barras Mily
Cogigo De Barras MilyCogigo De Barras Mily
Cogigo De Barras Milymilyxit
 
Grupo3 Henrike 8ºB
Grupo3 Henrike 8ºBGrupo3 Henrike 8ºB
Grupo3 Henrike 8ºBAna Carlão
 

Viewers also liked (20)

CóMo Escribir Un Texto Escrito
CóMo Escribir Un Texto EscritoCóMo Escribir Un Texto Escrito
CóMo Escribir Un Texto Escrito
 
Evaluation
EvaluationEvaluation
Evaluation
 
G R U P O V I R T U A L
G R U P O V I R T U A LG R U P O V I R T U A L
G R U P O V I R T U A L
 
Present
PresentPresent
Present
 
No3
No3No3
No3
 
GoogleSky Status at Google
GoogleSky Status at GoogleGoogleSky Status at Google
GoogleSky Status at Google
 
2
22
2
 
Peligroso Plastico
Peligroso PlasticoPeligroso Plastico
Peligroso Plastico
 
Introdução ao marketing de busca
Introdução ao marketing de buscaIntrodução ao marketing de busca
Introdução ao marketing de busca
 
Diploma Project - Poster
Diploma Project - PosterDiploma Project - Poster
Diploma Project - Poster
 
Techlace
TechlaceTechlace
Techlace
 
D I G I T A L B E T A
D I G I T A L B E T AD I G I T A L B E T A
D I G I T A L B E T A
 
PáGina Crianças7 03 09 Pdf[1].Asp
PáGina Crianças7 03 09 Pdf[1].AspPáGina Crianças7 03 09 Pdf[1].Asp
PáGina Crianças7 03 09 Pdf[1].Asp
 
Abortion - Sensetive
Abortion - SensetiveAbortion - Sensetive
Abortion - Sensetive
 
Reflexionmauriciovelasco
ReflexionmauriciovelascoReflexionmauriciovelasco
Reflexionmauriciovelasco
 
Informations Management
Informations ManagementInformations Management
Informations Management
 
Cogigo De Barras Mily
Cogigo De Barras MilyCogigo De Barras Mily
Cogigo De Barras Mily
 
3 Sesion
3 Sesion3 Sesion
3 Sesion
 
Grupo3 Henrike 8ºB
Grupo3 Henrike 8ºBGrupo3 Henrike 8ºB
Grupo3 Henrike 8ºB
 
Fotos de España
Fotos de EspañaFotos de España
Fotos de España
 

Similar to Digital Forensic Tools - Application Specific.

Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testings
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testingsTetiana Hrybok - Data Recovery Tools – Preparation of the test data for testings
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testingsIevgenii Katsan
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
kbrgwillis.pdf
kbrgwillis.pdfkbrgwillis.pdf
kbrgwillis.pdfKblblkb
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkitsamiable_indian
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Vipin George
 
Introduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi CIntroduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi Cn|u - The Open Security Community
 
Pc maintenance security backup and troubleshooting
Pc maintenance security backup and troubleshootingPc maintenance security backup and troubleshooting
Pc maintenance security backup and troubleshootingTech Day Camp
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Code Instrumentation, Dynamic Tracing
Code Instrumentation, Dynamic TracingCode Instrumentation, Dynamic Tracing
Code Instrumentation, Dynamic TracingMartin Děcký
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revisedpeterchanws
 
Preserving Software at Scale: The Stephen Cabrinety Collection
Preserving Software at Scale: The Stephen Cabrinety CollectionPreserving Software at Scale: The Stephen Cabrinety Collection
Preserving Software at Scale: The Stephen Cabrinety CollectionMichael Olson
 

Similar to Digital Forensic Tools - Application Specific. (20)

Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testings
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testingsTetiana Hrybok - Data Recovery Tools – Preparation of the test data for testings
Tetiana Hrybok - Data Recovery Tools – Preparation of the test data for testings
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
kbrgwillis.pdf
kbrgwillis.pdfkbrgwillis.pdf
kbrgwillis.pdf
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkits
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation
 
Introduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi CIntroduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi C
 
Pc maintenance security backup and troubleshooting
Pc maintenance security backup and troubleshootingPc maintenance security backup and troubleshooting
Pc maintenance security backup and troubleshooting
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
Fs Ch 18
Fs Ch 18Fs Ch 18
Fs Ch 18
 
Evatronix track h
Evatronix track hEvatronix track h
Evatronix track h
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Code Instrumentation, Dynamic Tracing
Code Instrumentation, Dynamic TracingCode Instrumentation, Dynamic Tracing
Code Instrumentation, Dynamic Tracing
 
Workshop 2 revised
Workshop 2 revisedWorkshop 2 revised
Workshop 2 revised
 
intro to forensics
intro to forensicsintro to forensics
intro to forensics
 
Preserving Software at Scale: The Stephen Cabrinety Collection
Preserving Software at Scale: The Stephen Cabrinety CollectionPreserving Software at Scale: The Stephen Cabrinety Collection
Preserving Software at Scale: The Stephen Cabrinety Collection
 
Hardware & softwares
Hardware & softwaresHardware & softwares
Hardware & softwares
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Digital Forensic Tools - Application Specific.

  • 1. Computer Forensics Tool Testing at NIST Jim Lyle Information Technology Laboratory Phone: (301) 975-3207 E-mail: [email_address] WWW: http://www.cftt.nist.gov
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Disk Imaging Test Parameters Value Parameter Yes, no Remote access Disk, FAT12/16/32, NT, Ext2 Object type None, Src Rd, Dst Wt, Img R/W/C Errors Src=Dst, Src<Dst, Src>Dst Relative size Dst interface BIOS to IDE, BIOS to SCSI, ATA, ASPI, Legacy BIOS Source interface Copy, Image, Verify Functions
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Hard Drive BIOS Access
  • 30. HWB Testing CPU Device Send I/O CMD to Device Return result to CPU BUS1 BUS 2 PROTOCOL ANALYZER Monitor Bus Traffic BUS HWB
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.

Editor's Notes

  1. It is my pleasure to be here with you today to describe some of the significant work ongoing at NIST involving information technology and the fairly new concept of computer forensics. NIST is attempting to introduce science into the computer forensics arena by basing our work on first principles of computer science, accepted practice, peer review, and publication of results. &lt;click&gt;