A Strategy for Testing Hardware Write Block Devices James R Lyle National Institute of Standards and Technology.

Slides:

Advertisements

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Advertisements

COEN 252 Computer Forensics Hard Drive Geometry. Drive Geometry Basic Definitions: Track Sector Floppy.

Write Blocking CSC 485/585.

Testing Write Blockers James R Lyle CFTT Project NIST/ITL/SDCT November 06, 2006.

Jim Lyle National Institute of Standards and Technology.

Deleted File Recovery Tool Testing Results Jim Lyle NIST 2/21/13AAFS -- Washington 1.

Creating Deleted File Recovery Tool Testing Images Jim Lyle National Institute of Standards and Technology.

Lecture 11: Operating System Services. What is an Operating System? An operating system is an event driven program which acts as an interface between.

Software Quality Assurance Plan

EQUIPMENT VALIDATION.

Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation.

The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.

14 May 2010Montana Supreme Court Spring Training Conference 1 Verification of Digital Forensic Tools Jim Lyle Project Leader: Computer Forensic Tool Testing.

Forensic Tool Testing Results Jim Lyle National Institute of Standards and Technology.

Computer & Mobile Forensics Standards Barbara Guttman October 1, 2009.

Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test Reports; The Computer Forensics Tool Catalog Website: Connecting Forensic Examiners.

Guide to Computer Forensics and Investigations Fourth Edition

1 CA201 Word Application Collaborating with Others Week # 8 By Tariq Ibn Aziz Dammam Community college.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Testing - an Overview September 10, What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.

Graphic File Carving Tool Testing Jenise Reyes-Rodriguez National Institute of Standards and Technology AAFS - February 19 th, 2015.

Accident Investigation.

Ambulance Patient Compartment Design Guidebook Jennifer Marshall Office of Special Programs National Institute of Standards and Technology.

Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Mobile Device Forensics - Tool Testing Richard Ayers.

Maintaining Windows Server 2008 File Services

Installing Linux Redhat: A how to guide in installing and configuring Redhat 6.2.

COEN 252 Computer Forensics

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Computer Forensics Tool Catalog: Connecting Users With the Tools They Need AAFS –February 21, 2013 Ben Livelsberger NIST Information Technology Laboratory.

This material was produced under grant number SH SH-1 from the Occupational Safety and Health Administration, U.S. Department of Labor. It does not.

Quirks Uncovered While Testing Forensic Tool Jim Lyle Information Technology Laboratory Agora March 28, 2008.

NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md.

Leaders Manage Daily Operations

Ben Livelsberger NIST Information Technology Laboratory, CFTT Program

Module 1.  Objectives - Provide information about worker rights under OSHA law - Learn how to file a complaint, and rights against discrimination and.

1. Chapter 25 Protecting and Preparing Documents.

Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or.

Guide to Computer Forensics and Investigations Fourth Edition

Access-Lists Securing Your Router and Protecting Your Network.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Operating Systems Networking for Home and Small Businesses – Chapter.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.

PLANNING ENGINEERING AND PROJECT MANAGEMENT By Lec. Junaid Arshad 1 Lecture#03 DEPARTMENT OF ENGINEERING MANAGEMENT.

COEN 252 Computer Forensics Hard Drive Geometry. Drive Geometry Basic Definitions: Track Sector Floppy.

NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.

Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.

IST 222 Day 3. Homework for Today Take up homework and go over Go to Microsoft website and check out their hardware compatibility list.

Interoperability Testing. Work done so far WSDL subgroup Generated Web Service Description with aim for maximum interoperability between various SOAP.

Securing and Sharing Workbooks Lesson 11. The Review Tab Microsoft Excel provides several layers of security and protection that enable you to control.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

2: Operating Systems Networking for Home & Small Business.

Briefing for the EAC Public Meeting Boston, Massachusetts April 26, 2005 Dr. Hratch Semerjian, Acting Director National Institute of Standards and Technology.

Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.

Mobile Device Data Population for Tool Testing Rick Ayers.

Defining, Measuring and Mitigating Errors for Digital Forensic Tools Jim Lyle, Project Leader NIST Computer Forensics Tool Testing Feb 25, 2016AAFS - Las.

Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.

JTAG Tool Testing Jenise Reyes-Rodriguez National Institue of Standards and Technology AAFS – February 25 th, 2016.

SUBJECT : DIGITAL ELECTRONICS CLASS : SEM 3(B) TOPIC : INTRODUCTION OF VHDL.

Security Checklists for IT Products

Chapter Objectives In this chapter, you will learn:

Maintaining Windows Server 2008 File Services

Pre-Execution Process Review Presentation

Installing Linux Redhat:

Digital Forensics Dr. Bhavani Thuraisingham

Bethesda Cybersecurity Club

CSE 1020:Software Development

Introduction An introduction to the organization of the Networks Course and the Internet Lab.

Accident Investigation.

Presentation transcript:

A Strategy for Testing Hardware Write Block Devices James R Lyle National Institute of Standards and Technology

DISCLAIMER Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the products are necessarily the best available for the purpose.

Project Sponsors NIST/OLES (Program management) National Institute of Justice (Major funding) FBI (Additional funding) Department of Defense, DCCI (Equipment and support) Homeland Security (Technical input) State & Local agencies (Technical input) Internal Revenue, IRS (Technical input)

Protection Goals Prevent any change to data Allow access to entire user area Preserve the configuration of the drive May change a drive configuration – e.G., To access HPA or DCO

Prohibit Change by … Prohibit changes by a malicious program Prohibit accidental change (blunder) Prohibit change by operating system Prohibit damage to a drive Prohibit any changes to a hard drive

Write Block Strategies Block unsafe commands, allow everything else +Always can read, even if new command introduced -Allows newly introduced write commands Allow safe commands, block everything else +Writes always blocked - Cannot use newly introduced read commands

Creating a Specification Specification (informal) vs Standard (Formal ISO process) Steering committee selects topic NIST does research: tools, vendors, users NIST drafts initial specification Post specification on web for public comment Resolve comments, post final version

Writing the Specification Specification for a single forensic function Describe technical background, define terms. Identify core requirements all tools must meet. Identify requirements for optional features related to the function being specified.

Develop Test Assertions Each test assertion should be a single testable statement (or condition) Pre-condition: establish conditions for the test Action: the operation under test Post-condition: measurement of the results after the operation

Develop Test Cases A test case is an execution of the tool under test Each test case should be focused on a specific test objective Each test case evaluates a set of test assertion

Develop Test Harness A set of tools or procedures to measure the results of each test assertion Must be under strict version control Must measure the right parameter (validated) Must measure the parameter correctly (verified)

Blocking Device Actions The device forwards the command to the hard drive. The blocking device substitutes a different command The device simulates the command If a command is blocked, the device may return either success or failure back to the host Present the drive as a read-only device May issue commands without a command from the host

Write Commands Issued by OS (Unix)

Write Commands Issued by OS (MS)

Notable Blocker Behaviors allow the volatile SET MAX ADDRESS, block if non-volatile cached the results IDENTIFY DEVICE substituted READ DMA for READ MULTIPLE allowed FORMAT TRACK Depending on OS version, might no be able to preview NTFS partition

Contacts Jim LyleDoug White Barbara Guttman Sue Ballou, Office of Law Enforcement Standards