Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 252: Computer Forensics

Published byYanti Setiawan Modified over 5 years ago

Similar presentations

Presentation on theme: "COEN 252: Computer Forensics"— Presentation transcript:

1 COEN 252: Computer Forensics
Hard Drive Evidence

2 Disk Overview Hard Drives Removable Devices

3 Hard Drive Overview Data is stored in sectors of 512B, sectors are completely written and read. Data stays, unless it is overwritten. In principle, it is possible to read traces of overwritten data with an electron-microscope. Under most circumstances, this is impractical.

4 Hard Drive Sources of Evidence
Current Files Look for access times and other metadata Location of files (e.g. inode number) allows sometimes reconstruction of events.

5 Hard Drive Sources of Evidence
Contained in deleted files, that have not yet been completely overwritten.

6 Hard Drive Sources of Evidence
(RAM slack) Small portions of memory written to disk with the end of a file.

7 Hard Drive Sources of Evidence
Virtual Memory (VM) paging files. Hibernation File –hiberfil.sys

8 Hard Drive Sources of Evidence
Contained in various metadata associated with the file system or the disk partitioning

9 Hard Drive Sources of Evidence
Data that has been deliberatively hidden. Device Configuration Overlay Host Protected Area Hidden Partition Unallocated portion of disk drive

10 Hard Drive Sources of Evidence
Data that has been deliberatively hidden.

Download ppt "COEN 252: Computer Forensics"

Similar presentations

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
P3- Represent how data flows around a computer system

P3- Represent how data flows around a computer system
BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS.

BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS.
Text Searches Slack Space Unallocated Space

Text Searches Slack Space Unallocated Space
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Computer Data Forensics Drive Slack and Format – Lab 2 Concept Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

Computer Data Forensics Drive Slack and Format – Lab 2 Concept Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
SEMINAR ON FILE SLACK AND DISK SLACK

SEMINAR ON FILE SLACK AND DISK SLACK
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Computer Forensics BACS 371

Computer Forensics BACS 371
OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.

OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.
1 Module 10 Managing Partitions. 2  Overview Partitioning a Disk Using Disk Administrator General Maintenance and Troubleshooting.

1 Module 10 Managing Partitions. 2  Overview Partitioning a Disk Using Disk Administrator General Maintenance and Troubleshooting.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
Computer Hardware.

Computer Hardware.
Chapter 9 Virtual Memory Produced by Lemlem Kebede Monday, July 16, 2001.

Chapter 9 Virtual Memory Produced by Lemlem Kebede Monday, July 16, 2001.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Use Usb / Flash Memory Drives as RAM Presented by K. Suresh Social teacher www.sureshsrikalahasti.weebly.com www.sureshsrikalahasti.weebly.com Email :

Use Usb / Flash Memory Drives as RAM Presented by K. Suresh Social teacher
 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 

 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 

Similar presentations

Ads by Google