Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 252: Computer Forensics Hard Drive Evidence.

Published byNelson Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "COEN 252: Computer Forensics Hard Drive Evidence."— Presentation transcript:

1 COEN 252: Computer Forensics Hard Drive Evidence

2 Disk Overview  Hard Drives  Removable Devices

3 Hard Drive Overview  Data is stored in sectors of 512B, sectors are completely written and read.  Data stays, unless it is overwritten. In principle, it is possible to read traces of overwritten data with an electron- microscope.  Under most circumstances, this is impractical.

4 Hard Drive Sources of Evidence  Current Files Look for access times and other metadata Location of files (e.g. inode number) allows sometimes reconstruction of events.

5 Hard Drive Sources of Evidence  Contained in deleted files, that have not yet been completely overwritten.

6 Hard Drive Sources of Evidence  (RAM slack) Small portions of memory written to disk with the end of a file.

7 Hard Drive Sources of Evidence  Virtual Memory (VM) paging files.

8 Hard Drive Sources of Evidence  Contained in various metadata associated with the file system or the disk partitioning

9 Hard Drive Sources of Evidence  Data that has been deliberatively hidden. Device Configuration Overlay Host Protected Area Hidden Partition Unallocated portion of disk drive

10 Hard Drive Sources of Evidence  Data that has been deliberatively hidden.

Download ppt "COEN 252: Computer Forensics Hard Drive Evidence."

Similar presentations

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
P3- Represent how data flows around a computer system

P3- Represent how data flows around a computer system
Text Searches Slack Space Unallocated Space

Text Searches Slack Space Unallocated Space
Computer Data Forensics Drive Slack and Format – Lab 2 Concept Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

Computer Data Forensics Drive Slack and Format – Lab 2 Concept Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
SEMINAR ON FILE SLACK AND DISK SLACK

SEMINAR ON FILE SLACK AND DISK SLACK
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Computer Forensics BACS 371

Computer Forensics BACS 371
OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.

OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.
1 Module 10 Managing Partitions. 2  Overview Partitioning a Disk Using Disk Administrator General Maintenance and Troubleshooting.

1 Module 10 Managing Partitions. 2  Overview Partitioning a Disk Using Disk Administrator General Maintenance and Troubleshooting.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
The Sleuth Kit Brian Carrier Set of tools to analyze device images.

The Sleuth Kit Brian Carrier Set of tools to analyze device images.
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Computer Hardware.

Computer Hardware.
Chapter 9 Virtual Memory Produced by Lemlem Kebede Monday, July 16, 2001.

Chapter 9 Virtual Memory Produced by Lemlem Kebede Monday, July 16, 2001.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Use Usb / Flash Memory Drives as RAM Presented by K. Suresh Social teacher www.sureshsrikalahasti.weebly.com www.sureshsrikalahasti.weebly.com Email :

Use Usb / Flash Memory Drives as RAM Presented by K. Suresh Social teacher
 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 

 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 
100 200 300 400 500 System Software Operating System Boot Process Files Misc.

System Software Operating System Boot Process Files Misc.

Similar presentations

Ads by Google