A Feature-Based of IT Automation using kaseya’s agent procedure called the wiping of unallocated disk space using cipher.exe Developed By: Estuardo Fernandez.

Slides:

Advertisements

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 6 Optimizing Your Hard Disk.

1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.

This presentation will take a look at to prevent your information from being discovered by and investigator.

System Optimization Agent Procedures using Kaseya Developed By: Jason Aparcana Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Lesson 3: File Management. 2 Learning Objectives After studying this lesson, you will be able to:  Browse files on the computer  Open files from a folder.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.

Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

A Feature-Based Analysis & Comparison of IT Automation Tools: Comparing Kaseya to Developed By: & Advisor : Dr. S. Masoud Sadjadi School of Computing and.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

Recovering Stolen Computers and Laptops Omari Grant Danlil Perelshteyn Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences Florida.

Chapter 4: Operating Systems and File Management 1 Operating Systems and File Management Chapter 4.

Chapter 7 Installing and Using Windows XP Professional.

Setting IE Home Page and Starting IE after User Logins Using Kaseya Developed By: Paola Nunez Advisor : Dr. S. Masoud Sadjadi School of Computing and Information.

Test Review. What is the main advantage to using shadow copies?

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 14 Windows XP Professional 1.

Checking Network/Port Connectivity using Kaseya Agent Procedures Developed By: Emmanuel Giboyeaux Advisor : Dr. S. Masoud Sadjadi School of Computing and.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.

Antivirus Decommission and Deployment using Kaseya Developed By: Celia McFadden Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences.

Disk Fragmentation 1. Contents What is Disk Fragmentation Solution For Disk Fragmentation Key features of NTFS Comparing Between NTFS and FAT 2.

C HAPTER 7 Managing Disk and File System. I NTRODUCING DISK MANAGEMENT 2 types of hard disk storage supported by Windows XP are: basic hard disk & dynamic.

Managing Disks and Drives Chapter 13 powered by dj.

Multiboot System under Windows XP – Ubuntu – Windows 7 Qiong LIN - 28 April 2012.

ASM August 2, Hot off the press AOL planning on ad-supported model "In recognition of the fact that its subscriber-based revenues continue to plummet,

A Feature-Based of IT Automation using Kaseya Developed By: Gregory Hayes Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences.

A Feature-Based of IT Automation using Kaseya andAuslogics Registry Cleaner Developed By: Krystle Crawford Advisor : Dr. S. Masoud Sadjadi School of Computing.

Lesson 12: Using the Recycle Bin deleting files or folders what the Recycle Bin is restoring files from the Recycle Bin emptying the Recycle Bin identifying.

Operating Systems. Overview What is an Operating System (OS) What is an Operating System (OS) What Operating Systems do. What Operating Systems do. Operating.

Kill and Uninstall Multiple Running Anti-Virus Programs using Kaseya Developed By: Jasmine English Advisor : Dr. S. Masoud Sadjadi School of Computing.

IST 222 Day 3. Homework for Today Take up homework and go over Go to Microsoft website and check out their hardware compatibility list.

ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.

Microsoft Windows XP Professional MCSE Exam

Module 5: Configuring and Managing File Systems. Overview Working with File Systems Managing Data Compression Securing Data by Using EFS.

Managing Applications, Services, Folders, and Libraries Lesson 4.

Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.

1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.

A Feature-Based of IT Automation using Remote Control on Safe Mode Developed By: Fernando Perez Advisor : Dr. S. Masoud Sadjadi School of Computing and.

A Feature-Based of IT Automation using Developed By: & Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences Florida International.

1 Introduction to Shared Folders Shared folders provide network users access to files. Users connect to the shared folder over the network. Users must.

Hyper-V Recovery Software Ideal Application to Get Data from VHD v2.1.

The Future With Windows XP Microsoft announced that after April 16, 2014 it will not longer support Windows XP. No statement on continued inclusion of.

Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.

DIT314 ~ Client Operating System & Administration CHAPTER 7 MANAGING DISKS AND FILE SYSTEM Prepared By : Suraya Alias.

Configuring Encryption and Advanced Auditing

Lesson 4 0x Operating Systems.

Introduction to Computers

Disable/Enable CD-ROM devices using Kaseya-Agent Procedures

Normal deletion Shift deletion

Creating and Managing Folders

Presentation transcript:

A Feature-Based of IT Automation using kaseya’s agent procedure called the wiping of unallocated disk space using cipher.exe Developed By: Estuardo Fernandez Advisor : Dr. S. Masoud Sadjadi School of Computing and Information Sciences Florida International University

Agenda Problem and Motivation Solution Behind the Scene Customizing the Solution Disclaimer Progress Report

Problem: When you delete files or folders, the data is not initially removed from the hard disk. Instead the space on the disk that was occupied by the deleted data is “deallocated” After it Is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, you can recover the deleted data using a low-level disk editor or data- recovery software.

Motivation: A company named Investigators “R” Us has it’s investigators use company laptops to write reports that contain confidential information gathered from interviews. The investigators are required to store their Microsoft word reports in an encrypted folder for 30 days and then delete the folder once the client has paid and is satisfied with the result of the report. It has been discovered that the encrypted files containing the deleted confidential reports were retrieved and published on the internet! The company has had to refund the client and has been embarrassed by their lack of security

Motivation: The company has had to refund the client and has been embarrassed by their lack of security. According to the company’s I.T. department, it is believed that the criminal’s used data recovery software to retrieve the information contained in the encrypted folder that was deleted from the recycle bin.

Solution: To address this issue, the confidential data contained in the report needs to be wiped out of the hard drive completely. The company has come up with the solution of using kaseya’s services and running the agent procedure called “ the wiping of unallocated disk space”.

Behind the Scene Kaseya uses the agent procedure called “ The Wiping of unallocated disk space” This procedure takes advantage of the Cipher.exe command. The Cipher.exe command is an external command that is available in windows 2000, XP, Vista and Windows 7 it alters the encryption of directories and files on NTFS partitions. There are many syntax switches that allow you to encrypt data, decrypt data and manage file/folder encryption. In this case we are using the /w syntax switch which removes data from available unused disk space on the entire volume.

Behind the Scene The agent procedure called “ the Wiping of unallocated disk space” works by creating an if statement that is always returning as “true” so that it will always execute the two then statements. The 1 st then statement creates a named procedure variable (local) named agenttempt, which is assigned the value retrieved by the managed machine that has the agent installed. The 2 nd then statement executes the sell command. In this case it is typing Cipher/w:c:\>> #agenttemp#wipe.log.txt on the command line, which cause the Cipher command to start writing 1’s and 0’s on the C: that contained the confidential information.

Customizing the Solution The solution will be customized by adding statements to the agent procedure to check if there if there are any users login into the system before the procedure is run. The agent procedure will ask the user’s permission before running the procedure. The user will receive a message box explaining what the procedure does and for the user to save their work.

Disclaimer The shortcomings of this solution is that cipher.exe command only runs on the following windows platforms such as windows 2000, XP, Vista, Windows 7 and NTFS file systems. If the company decides to purchase Macintosh computers or Linux based computers another agent procedure would have to be created that runs a different command or program.

Progress Report So far I have researched and read about using the Cipher command and it’s syntax. I have read the help files for the kaseya built in Agent procedure. I have created a fake confidential report and I have encrypted the folder that contains the file, I have deleted the file from the recycle bin. I have down loaded a recovery software to test bringing the encrypted folder back to life. I still have to run tests on a virtual machine and run the agent procedure on the machine.