COEN 252: Computer Forensics

Slides:



Advertisements
Similar presentations
Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.
Advertisements

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
P3- Represent how data flows around a computer system
BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS.
Text Searches Slack Space Unallocated Space
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Computer Data Forensics Drive Slack and Format – Lab 2 Concept Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
SEMINAR ON FILE SLACK AND DISK SLACK
BACS 371 Computer Forensics
Computer Forensics BACS 371
OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.
1 Module 10 Managing Partitions. 2  Overview Partitioning a Disk Using Disk Administrator General Maintenance and Troubleshooting.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Section 3.2: Operating Systems Security
Exploring the UNIX File System and File Security
Computer Hardware.
Chapter 9 Virtual Memory Produced by Lemlem Kebede Monday, July 16, 2001.
Guide To UNIX Using Linux Third Edition
Use Usb / Flash Memory Drives as RAM Presented by K. Suresh Social teacher
 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 
System Software Operating System Boot Process Files Misc.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
Capturing Computer Evidence Extracting Information.
COEN 152 Computer Forensics Introduction to Computer Forensics.
TRUECRYPT.
2. Memory. Main memory – speed & types Organization of RAM RAM – Random Access Mem Static RAM [SRAM] - In SRAM, a bit of data is stored using the state.
BACS 371 Computer Forensics
Configuration.
Cells By: Aspen Pennington.
Computer Forensics Principles and Practices
Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.
Guide to Computer Forensics and Investigations Fourth Edition
Inside your computer. Hardware Review Motherboard Processor / CPU Bus Bios chip Memory Hard drive Video Card Sound Card Monitor/printer Ports.
Inside your computer. Hardware Motherboard Processor / CPU Bus Bios chip Memory Hard drive Video Card Sound Card Monitor/printer Ports.
3 Computing System Fundamentals
Operating Systems Lesson Objective: Understanding the functions of an operating system. Learning Outcome: Answer some basic questions on operating systems.
Computer Data Expert The following slides are from a presentation developed to support/explain a Data Forensics expert testimony. Click or hit spacebar.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
English and computing. Да Нет Question 1 Is a computer an electronic machine which can accept data and give the results of the processing in a format.
By Ellen Glennie & Bella Pearce. The motherboard The motherboard is the main compartment of the computer. The motherboard is the source that everything.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
COEN 252: Computer Forensics Hard Drive Evidence.
Chapter 8 File Systems FAT 12/16/32. Defragmentation Defrag a hard drive – Control Panel  System and Security  Administration tools  Defrag hard drive.
Storage of Data Letts Chapter 6. Introduction Any system needs to store both programs and data and requires: n a main store for fast access storage; n.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Virtual Memory By CS147 Maheshpriya Venkata. Agenda Review Cache Memory Virtual Memory Paging Segmentation Configuration Of Virtual Memory Cache Memory.
OPERATING SYSTEM REVIEW. System Software The programs that control and maintain the operation of the computer and its devices The two parts of system.
VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.
Digital Forensics Anthony Lawrence. Overview Digital forensics is a branch of forensics focusing on investigating electronic devises. Important in for.
GCSE COMPUTER SCIENCE Computers 1.2 Memory, Storage and Binary.
4.1 Machines and Computational Models
STORAGE DEVICES Towards the end of this unit you will be able to identify the type of storage devices and their storage capacity.
Operating System Review
Operating Systems Overview
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Create A Virtual Machine
Operating System Review
STORAGE DEVICES Towards the end of this unit you will be able to identify the type of storage devices and their storage capacity.
Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-
Forensic Concept of Data
Virtualization Techniques
Normal deletion Shift deletion
Operating System Review
COEN 252: Computer Forensics
COMP1321 Digital Infrastructures
Understanding Forensic Images
Digital Forensics Andrew Schierberg, Fort Mitchell Police, Schierberg LAw Jay Downs, Kenton County Police.
Secondary Storage Devices
FAT File System.
Presentation transcript:

COEN 252: Computer Forensics Hard Drive Evidence

Disk Overview Hard Drives Removable Devices

Hard Drive Overview Data is stored in sectors of 512B, sectors are completely written and read. Data stays, unless it is overwritten. In principle, it is possible to read traces of overwritten data with an electron-microscope. Under most circumstances, this is impractical.

Hard Drive Sources of Evidence Current Files Look for access times and other metadata Location of files (e.g. inode number) allows sometimes reconstruction of events.

Hard Drive Sources of Evidence Contained in deleted files, that have not yet been completely overwritten.

Hard Drive Sources of Evidence (RAM slack) Small portions of memory written to disk with the end of a file.

Hard Drive Sources of Evidence Virtual Memory (VM) paging files. Hibernation File –hiberfil.sys

Hard Drive Sources of Evidence Contained in various metadata associated with the file system or the disk partitioning

Hard Drive Sources of Evidence Data that has been deliberatively hidden. Device Configuration Overlay Host Protected Area Hidden Partition Unallocated portion of disk drive

Hard Drive Sources of Evidence Data that has been deliberatively hidden.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.