Alternate Data Storage Forensics Tyler Cohen & Amber Schroader 2007, Syngress Publishing, Inc. ISBN 13: 978-1-59749-163-1.

Slides:

Advertisements

Similar presentations

Lesson 9 Types of Storage Devices.

Advertisements

Types Of Storage Device

CP1610: Introduction to Computer Components Archival Storage Devices.

Professor Michael J. Losacco CIS 1110 – Using Computers Storage Chapter 6.

Win OS & Hardware. Optical Drives Non-Volatile Storage.

Section 5a Types of Storage Devices.

Understanding Storage Discovering Computers 2012: Chapter

Optical Storage CD-ROM Originally for audio 650Mbytes giving over 70 minutes audio Polycarbonate coated with highly reflective coat, usually aluminium.

1 Storing Digital Audio. 2 Storage  There are many different types of storage medium and encoding methods for the storage of digital audio  CD  DVD.

CS 333 Introduction to Operating Systems Class 16 – Secondary Storage Management Jonathan Walpole Computer Science Portland State University.

Introduction to Computers Section 5A. home Storage Involves Two Processes Writing data Reading data.

XP Practical PC, 3e Chapter 12 1 Accessing Databases.

CD, DVD and Sound cards. CD drives Overview optical drive: laser shines on disc and transition from land to pit.laser shines on disc pits and bumps: less.

Storage Devices Momina.

Chapter 1.1. FDD ( Floppy Disk Drive) Needs a data cable for connection Has two 34-pin drive connectors and one 34-pin connector for the drive controller.

Storage device.

Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.

Computer SCIENCE Data Representation and Machine Concepts Section 1.3

Using and Configuring Storage Devices Guide to Operating Systems Third Edition.

Storage Media Asad M. Nafees. Outline DVD/DVD-R/DVD+R/DVD-RW/DVD+RW CD/CD-R/CDRW Flash Disk Portable Hard Drive.

Standard Grade Computing STORAGE DEVICES CHAPTER 18 COMPUTER STUDIES Standard Grade.

STORAGE DEVICES AND MEDIA BY: T.MINH. Backing Up Data Refers to the copying of files and data to different medium in case of problem with the main storage.

Information Technology Storage Devices Prof. Adnan Khalid.

Storage *Several of these slides have been adapted and modified from LUMS CS101 course (Dr Sohaib Khan and Dr Arif Zaman), VU CS101 slides (Dr. Altaf A.

CIS 105 Concepts and Terminology Unit 3 CIS 105 Survey of Computer Information Systems Essential Concepts and Terminology Study Unit Three.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Question 1 To start up, a computer locates

Teaching and Learning with Technology  Allyn and Bacon 2005 Teaching and Learning with Technology  Allyn and Bacon 2002 Teaching and Learning with Technology.

Backing Storage. Backing storage devices allow us to store programs and data so that we can use them later Backing storage devices can be split into 4.

1 Storing And Retrieving Information 2 Mass Storage and Files Programs and information (text, image, audio, video) are stored: –Magnetic Magnetic Tape.

Computers in the real world Objectives Explain the need for secondary storage devices Understand the three main storage types – Optical – Magnetic – Solid.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 17 – The CD-ROM Drive.

Chapter 4 Storage Devices

Secondary Storage Chapter 8 Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. 8-1.

Chapter 2 Working with Disks and Other Removable Media 2.

Computer memory. Bits and bytes  Data can be stored and measured in bytes  One bytes can contains 8 bytes  A bits can only be 0 or 1  A series of.

Content Introduction History Types of optical disc Formats of optical disk Working Features of optical disk Applications Advantages.

Lecture No 11 Storage Devices

AS Computing Storage devices. Primary storage  A computer’s main memory (RAM) is known as primary memory.  Primary memory is volatile; when the computer.

Chapter Two Input and Storage Devices Part II: Storage Devices.

CDs and DVDs  Are types of optical storage media that consists of a flat, round, portable disc made of metal plastic and lacquer.  Store software, data,

Overview of Physical Storage Media

COLLEGE FOR PROFESSIONAL STUDIES TOPIC OF PRESENTATION DVD TECHNOLOGY.

SECONDARY STORAGE DEVICES. Agenda of Today’s Lecture  Introduction to Hardware  Types of hardware devices  Storage Devices  Secondary Storage devices.

Storage Devices Magnetic Storage Optical Storage Digital Storage.

Memory and Storage Computer Technology K. Steere.

Media. Media Compact Disk A Compact Disc (CD) is an optical disc used to store digital data, originally developed for storing digital audio. The CD, introduced.

Chapter 7 Storage. What is storage? Holds data, instructions, and information for future use Storage medium is physical material used for storage Also.

What is a CD-ROM?  5 inch disk  Holds up to 700 MB  Up to 74 minutes of audio  Are coated with aluminum  Most popular media used for software distribution.

Burning CD's and DVD's Every computer built today has an optical drives CD-ROM, CD-R, CD-RW DVD-ROM, DVD/CD-RW, DVD RW/CD-RW.

Chapter 12 Accessing Databases. 2Practical PC 5 th Edition Chapter 12 Getting Started In this Chapter, you will learn: − What’s a database − About database.

How Does Optical Media Technology Work?

Chapter 3: S torage Capacity & Storage Media Abbey Clark & Susan Holl.

STORAGE DEVICES Introduction Comparision Storage Hierarchy Slide 1.

Chapter4: Memory External Memory (2).

Storage devices 1. Storage Storage device : stores data and programs permanently its retained after the power is turned off. The most common type of storage.

Technology Education THE PERSONAL COMPUTER (PC) HARDWARE PART 4.

Disks. ●Circular-shaped storage medium ●Two main types: Magnetic and Optical ●Random access to memory ●The hardware must be controlled by driver software.

ICT Unit 3 Storage Devices and Media. What is backing up of data? Backing up refers to the copying of file to a different medium It’s useful if in case.

Secondary Storage – 1980’s 5 ¼” Floppy Drive – very low storage capacity maxing out at 1.2 Mb Mid-1980’s – 1990’s 3 ½” Floppy Drive – low storage.

Storage 101 Mr. Yip. What is Storage? Input Processing Output Storage Storage refers to the media and methods used to keep information available for later.

STORAGE DEVICES Storage devices are categorized by the method they use to store files.

نظام المحاضرات الالكترونينظام المحاضرات الالكتروني Main Memory Read Only Memory (ROM)

4-1 Copyright Prentice-Hall, Inc Disks & Tape Backup Units CHAPTER4.

What do you mean by external storage devices? External storage devices are the devices that temporarily store information for transporting from computer.

Engr: Sajida Introduction to computing Optical storage The storage devices which use laser to read data from or write data to the reflective surface store.

McGraw-Hill Technology Education

McGraw-Hill Technology Education

McGraw-Hill Technology Education

Disks Magnetic (hard) Disk arrays are used for reliable storage (RAID)

Presentation transcript:

Alternate Data Storage Forensics Tyler Cohen & Amber Schroader 2007, Syngress Publishing, Inc. ISBN 13:

Optical Media CD – Compact Disk DVD Digital Versatile Disk Digital Video Disk Both are organized as a single spiral track CD – 6 kilometers DVD – 12.5 kilometers

Batch Number Manufacturer Code Spindle Hole Clamping Ring Stacking Ring Data Area CD Areas

Sizes CDs 5.25 “ – 120 mm 3.15” – 80 mm Business Card DVDs 5.25” mm Could be different None so far

CD Construction

CD-R Dyes

CD & DVD Types CD CD-Rom CD-R CD-RW DVD DVD-Rom DVD-R DVD+R

Optical Storage CDs CD – R Mbytes CD –RW – 570 Mbytes DVDs Single layer – 4.3 Gbytes Two layer – 8.6 Gbytes Two sided - ?

CD Organization Lead in Container for the TOC for a CD session 1 st has 7,500 sectors (14.65 Mbytes) for lead in Subsequent sessions 4,500 sectors (9 Mbytes) for lead in Multi-session has pointer to next writable location Next pointer is either 0 or 24 binary 1s to finalize the disc

CD Organization Lead out Indicates end of session Audio discs stop playing 1 st session lead out is 6,750 sectors ( 13.5 Mbytes) 2 nd and on 2,250 sectors (4 Mbytes

CD Organization Sector 2,048 bytes for data discs 2,352 bytes for audio discs Track A single (logical) collection of data on the disc Up to 99 tracks on a CD Error Detection - Error Correction Codes Uses Reed – Solomon EDC-ECC

DVD Organization Border Zone / RZone Contains the real content of the disc Similar to a CD track Manufactured DVDs have only 1 border zone Recordable DVDs can have multiple border zones DVD does not have specific TOC A border zone may have the information so that the app can make a TOC

DVD Frame | ID | ID ECC | copyright Management info | User data | EDC | Bytes A 32 Kbyte ECC block Consists of 12 frames together with ECC for the user data Cannot access with consumer DVD Drives

Media at 30,000x CDDVD

Interfaces ATAPI or SATA SCSI USB 1394

Logical Structure Track-at-once CD – data discs Disc-at-once Audio discs DVDs Packet writing Used with drag & Drop writing software –Dangerous for forensic workstations Non-video DVDs

Logical File Systems

ISO 9660 International Standards Organization - $$$ ECMA 119 European Computer Manufacturers Association Free standard

ISO Supported by most computers For example – Elevator Control Systems 8-bit ASCII File System Volume Descriptor Path Table Directory Entry

ISO 9660 Files smaller than 4GB DVD files are less than 1 GB

Volume Descriptor Sector There is an ISO 9660 file system on the disc Then at offset 814 (0x32E0 is the create DTG At offset 575 (0x23F) is the app ID

DTG 4-digit year 2-digit month 2-digit day of month 2-digit hour 2-digit minute 2-digit second 1-digit tenths 1-digit hundredths I-byte time zone

UDF Universal Disk Format Optical Storage Technology Association UDF 1.0 – 1995 Part of DVD – Video, Audio, Recorders Uses packet writing Supports MAC Times 2 64 – 1 File Sizes Supports fragmented files

UDF Structure Anchor Volume Descriptor Point (AVDP) Location –Sector 256 and 512 –Last sector written to disc –256 sectors after beginning of the track –512 sectors after beginning of the track

UDF Structure DTG of disc creation Supports MAC DTG of files Application ID Disc name

UDF Problems Deleted files Fragmented files Nothing is over written until disc is full

Physical Fingerprints Drugs General contamination Removal Solvents Drugs Body fluids

Defects Dirt Distilled water Soap – Ivory Scratches Buffing Filler Cracks Broken

CD/DVD Forensics Hardware Readers – writers CD, DD –R +R etc. DL 2 sided Plextor 12x writers – good Out of production Pioneer MD5 not repeatable LOTS OF TESTING

CD/DVD Forensics Software Free – Sort of ISO Buster –Functional $549 CD/DVD Inspector –Excellent –Complete

Forensic Binary Image Hash code of Optical Media is often not reproducible from the media! Don’t try to demonstrate as with other drives Make an image and never go back to the media

Hash Codes ECD/ECC Causes differing reads at different times Scratches Wear and tear Different drive electronics result in different reads

Binary Image CD/DVD Inspector Makes a complete binary image of the media Image is specific to CD/DVD Inspector

ISO Buster

Drive Characteristics

Recognizing Media

Media Properties

Extract User Data

Create an Image

Media Image