Disclaimer of Liability: Redistribution Policy:

Similar documents
Disclaimer of Liability: Redistribution Policy:

Disclaimer of Liability: Redistribution Policy:

This version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems

Drive Side. Host Side. Power. USB Mode Switch

Copyright PFU LIMITED

Scientific Working Group on Digital Evidence

CRU WiebeTech Forensic UltraDock

WipeDrive Home 9. IMPORTANT! PLEASE READ CAREFULLY:... 3 General Information... 3 WipeDrive Overview... 3 System Requirements...

Copyright PFU LIMITED 2016

Scientific Working Group on Digital Evidence

Digital Forensics Validation, Performance Verification And Quality Control Checks. Crime Scene/Digital and Multimedia Division

CRU WiebeTech Forensic ComboDock

Kingston SSD Manager. User Guide (V )

HAVE YOUR COMPUTER FORENSICS TOOLS BEEN TESTED?

Introduction to Volume Analysis, Part I: Foundations, The Sleuth Kit and Autopsy. Digital Forensics Course* Leonardo A. Martucci *based on the book:

ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY

USER MANUAL Revised April 3, 2012

Test Results for Disk Imaging Tools: EnCase 3.20

Fujitsu ScandAll PRO V2.1.5 README

TotalShredder USB. User s Guide

Data rate - The data rate is the number of bytes per second that the drive can deliver to the CPU.

Synchronizer Installation Notes and Examples

CRU WiebeTech UltraDock UDv5.5. User Manual. Features

WD Red Drives in a third party enclosure User Interface may display a failed message

Mass-Storage Systems

CyberBlock SATA. User Manual. Meiya Pico Information Co., Ltd.

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations

User Manual & Installation Guide

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

White Paper Western Digital Comments on Sector Sizes Larger than 512 Bytes

A+ Guide to Hardware, 4e. Chapter 7 Hard Drives

A+ Guide to Managing and Maintaining your PC, 6e. Chapter 8 Hard Drives

Already in Data Recovery? Improve DR Success Rate & Expand Business

CASPER SECURE DRIVE BACKUP

Scientific Working Group on Digital Evidence

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

Acronis Disk Director 11 Home. Quick Start Guide

Disk Geometry and Layout

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 6 Supporting Hard Drives

AccessData Imager Release Notes

Forensic Quest User s Manual

C A S P E R GUIDE SMARTSTART S ERVER E DITION 8.0

v02.54 (C) Copyright , American Megatrends, Inc.

KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer

CASPER SECURE DRIVE BACKUP

AccessData Imager Release Notes

User Manual. Date Aug 30, Enertrax DAS Download Client

Copyright 2016 ForensicSoft Inc. SAFE Block Win10 To Go User s Guide

Hyperscaler Storage. September 12, 2016

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Samsung SSD Data Migration v.3.1. User Manual

Open Source and Standards: A Proposal for Collaboration

DNS-340L Compatible List

Scientific Working Group on Digital Evidence

Partner Pre-Install Checklist: Common Service Platform Collector (CSP-C) for Smart Portal 0.5

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 6 Supporting Hard Drives

Intel Stress Bitstreams and Encoder (Intel SBE) 2017 AVS2 Release Notes (Version 2.3)

C A S P E R USER GUIDE V ERSION 10

Scientific Working Group on Digital Evidence

HDD Data Recovery Training

200ways Pdf Hard Drive

Ecma International Policy on Submission, Inclusion and Licensing of Software

Upgrade your IsatPhone

Advancements in SSD Forensics

TCG. TCG Storage Interface Interactions Specification. Specification Version 1.0. January 27, Contacts:

RE-ISSUE OF INVITATION FOR BIDS IN TWO BID SYSTEM FOR PROCUREMENT, INSTALLATION, MAINTENANCE AND TRAINING OF PORTABLE FORENSIC KITS AT MUMBAI.

[The BSD License] Copyright (c) Jaroslaw Kowalski

Digital Forensics Lecture 02- Disk Forensics

DAP Controller FCO

Introduction SMB FTP DHCP. More than a NAS

Mini Series M.2/SSD NVMe SATA Duplicator. User Manual V1.0

esata II 2-Port ExpressCard Quick Installation Guide

Samsung Magician v4.8 Introduction and Installation Guide

Serial ATA (SATA) Interface. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Kinetis Updater User's Guide

TECHNICAL PROCEDURE. Click here if your Personal Storage 3000LE looks like this. Click here if your Personal Storage 3000LE looks like this.

Recommended DVR Device List (Rev4.4) : S-ATA HDD

This file includes important notes on this product and also the additional information not included in the manuals.

CRU Configurator. User Manual for Windows. Features

Incident Response Data Acquisition Guidelines for Investigation Purposes 1

AD Summation. Environment Setup and Installation Guide. Version: 5.7 Published 2010

Forensic Dossier User s Manual

Hammer. User s Guide. Version 5.0. Helping You Find What You re Looking For 905 Industrial Blvd LaBelle, FL

Ecma International Policy on Submission, Inclusion and Licensing of Software

TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.02 Revision December, 2011 TCG

Upgrade Squirrel V1.5 to V6.0. July 17, 2012

1 Drobo 8D User Guide Before You Begin Product Features at a Glance Checking Box Contents... 9

Use in High-Safety Applications

Scientific Working Groups on Digital Evidence and Imaging Technology

3.5" USB 2.0 to SATA Enclosure

SuperImager TM -Rugged USB Display Touch Screen SAS Drive Slots A Computer Forensic- Field Analysis Platform Unit

PTZ Control Center Operations Manual

Scientific Working Groups on Digital Evidence and Imaging Technology. SWGDE/SWGIT Recommended Guidelines for Developing Standard Operating Procedures

Technics Audio Player User Guide

Source:

User s Manual CONTENT. Nano NAS Server for USB storages. 1. Product Information Product Specifications System requirements..

CASPER SECURE SERVER EDITION 3.0 USER GUIDE

USB 3.0 to 2.5" SATA HDD/SSD Mini Docking Quick Installation Guide

DP SATA 6Gb/s 2S1P PCIe Installation Guide

Avigilon Control Center Server User Guide. Version 5.8

Transcription:

Disclaimer of Liability: With respect to this document, neither the Marshall University Forensic Science Center nor any of its employees, makes any warranty, express or implied, including the warranty of fitness for a particular purpose, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed. Any mention of commercial products within the following documents is intended for information purposes only and is not intended to be used as a substitute and/or replacement for an external laboratory s own test validation. It is advised to independently verify any information prior to reliance thereon. Redistribution Policy: MISDE grants permission for the redistribution and use of the following posted document created by MISDE, provided that the following conditions are met. 1) Redistributions of documents, or parts of the documents, must retain the MUFSC/MISDE cover and disclaimer of liability page. 2) Neither the name of the Marshall University Forensic Science Center nor the Information Security and Digital Evidence Laboratory (MISDE) may be used to endorse or promote products derived from the following document. 3) Any reference or quote obtained from the following MISDE document must be properly annotated in the document that the reference is contained therein.

TEST PLAN Test Number: Test Title: FastBlocSE-01 FastBloc Software Edition (SE). Test Date: 4/19/2006 to Purpose and Scope: Guidance Software s FastBloc Software Edition (SE) is a software-based write-blocking and write-protection device that is designed to allow the safe viewing and acquisition of source media for forensic examination purposes. FastBloc SE accommodates writeblock and write-protection for USB, FireWire, SCSI, and IDE enabled devices. FastBloc Software Edition (SE) also possesses the ability to detect and access device configuration overlays (DCO) and host protected areas (HPA) of a source hard disk, making these areas of the hard disk visible to the examiner. This test plan will test the ability of the FastBloc Software Edition (SE) to allow normal hard disk write-block and write-protect operation to occur to source media. This test plan will consist of test scenarios: Requirements: 1) The FastBloc Software Edition (SE) should successfully compute an of a source hard disk attached to the IDE channel/controller of a PC. 2) The FastBloc Software Edition (SE) should allow normal hard disk write-block operation of a source hard disk attached to the IDE channel/controller of a PC. 3) The FastBloc Software Edition (SE) should successfully access any detected DCO and/or HPA that is contained within the source hard disk attached to the IDE channel/controller of a PC. 4) The FastBloc Software Edition (SE) should successfully compute an of a source hard disk attached to attached via USB 2.0 to a PC. 5) The FastBloc Software Edition (SE) should allow normal hard disk write-block and writeprotect operation of a source hard disk attached via USB 2.0 to a PC. 6) The FastBloc Software Edition (SE) should successfully access any detected DCO and/or HPA that is contained within the source hard disk attached via USB 2.0 to a PC. Page 1 of 8

Description of Methodology: An 18.6 GB parallel-ata (PATA) source hard disk will be attached to a PC via the secondary IDE channel/controller. Guidance Software s EnCase Forensic Edition v.5.05a will then be opened and FastBloc Software Edition (SE) will be launched in WRITE BLOCK IDE CHANNEL mode. After recognition of the source disk and write-block status is obtained after a restart of the operating system (Windows XP), an will be the disk using EnCase v.5.05a. Upon successful completion of the hash, the file Test Document.doc will be added to the disk in Windows Explorer. The operating system will then be shutdown and restarted to determine if a write operation was persistent or write-blocked. The PATA disk will then be attached to the PC via USB 2.0 external drive controller. EnCase Forensic Edition v.5.05a will then be opened and FastBloc SE will be launched in WRITE BLOCK USB, FIREWIRE, SCSI DRIVE mode. After recognition of the source disk and writeblock status is obtained, an will be the disk using EnCase v.5.05a. Upon successful completion of the hash, the file Test Document.doc will be added to the disk in Windows Explorer. The unit will then be powered down and write-blocking removed within FastBloc SE; FastBloc SE will then be re-launched and the USB-powered disk will be restarted to determine if a write operation was persistent or write-blocked. A 200 GB serial-ata (SATA) source hard disk (with a 181.4 GB HPA and only 18.6 GB: 39,102,335 sectors of viewable disk space) will be attached to a PC via the secondary IDE channel/controller using the cloning adapter. EnCase Forensic Edition v.5.05a will then be opened and FastBloc Software Edition (SE) will be launched in WRITE BLOCK IDE CHANNEL mode. After recognition of the source disk and write-block status is obtained after a restart of the operating system (Windows XP), an will be the disk using EnCase v.5.05a. Upon successful completion of the hash, the file Test Document.doc will be added to the disk in Windows Explorer. The operating system will then be shutdown and restarted to determine if a write operation was persistent or write-blocked. The SATA disk will then be attached to the PC via USB 2.0 external drive controller and the cloning adapter. EnCase Forensic Edition v.5.05a will then be opened and FastBloc SE will be launched in WRITE BLOCK USB, FIREWIRE, SCSI DRIVE mode. After recognition of the source disk and write-block status is obtained, an will be the disk using EnCase v.5.05a. Upon successful completion of the hash, the file Test Document.doc will be added to the SATA disk in Windows Explorer. The unit will then be powered down and write-blocking removed within FastBloc SE; FastBloc SE will then be re-launched and the USB-powered disk will be restarted to determine if a write operation was persistent or write-blocked Page 2 of 8

Expected Results: 1) The Guidance Software FastBloc SE will successfully allow of an value for the PATA and SATA source hard-disks while attached to the PC via USB 2.0. 2) The Guidance Software FastBloc FE write-block device will successfully prevent hard disk modification to the PATA and SATA source hard disks while attached to the PC via USB 2.0. 3) An the PATA and SATA source hard disks attached via USB 2.0 after the write attempt will match the original of the disk. 4) The Guidance Software FastBloc SE will successfully allow of an value for the PATA and SATA source hard-disks while attached to the PC via the IDE channel/controller. 5) The Guidance Software FastBloc FE write-block device will successfully prevent hard disk modification to the PATA and SATA source hard disks while attached to the PC via the IDE channel/controller. 6) An the PATA and SATA source hard disks attached via IDE channel/controller after the write attempt will match the original of the disk. Test Scenarios: Test Number Environment: Actions: Assigned Reqt s 01-01 Source PATA Disk 01-02 Source PATA Disk Folder added to ; FastBloc SE restarted 01-03 Source PATA Disk Expected Results: PATA hard disk 01-04 N/A Compare hash 01-05 Source PATA Disk Page 3 of 8

01-06 Source PATA Disk Folder added to ; FastBloc SE restarted 01-07 Source PATA Disk 01-08 N/A Compare hash 01-09 Source SATA Disk 01-10 Source SATA Disk 01-11 Source SATA Disk Folder added to ; FastBloc SE restarted 01-12 N/A Compare hash 01-13 Source SATA Disk 01-14 Source SATA Disk 01-15 Source SATA Disk Folder added to ; FastBloc SE restarted PATA hard disk SATA hard disk SATA hard disk Page 4 of 8

01-16 N/A Compare hash Test Data Description: Test Data Set: Parallel-ATA (PATA) Hard Disk Drive: Seagate Barracuda ATA III Model: ST320414A Serial Number: 7eC0AS9Y Part Number: 9R3004-301 Firmware Number: 3.05 20 Gigabyte Ultra ATA HDD Drive Parameters: Cylinders: 16383 Heads: 16 Sectors: 63 Addressable Sectors: 39,102,336 Installed Software: Windows XP 32 Bit O/S w/ SP2 Microsoft Office 2003 Pro Dell GX270 Drivers and Utilities Disk Serial-ATA (SATA) Hard Disk Drive: Maxtor Diamondmax 10 Model: SATA/150 Serial Number: B41AV2BH 200 Gigabyte SATA-150 HDD 18.6 GB Viewable Disk Space 181.4 GB Host Protected Area (unallocated/hidden) LBA: 398297088 Page 5 of 8

SUMMARY REPORT Test Number: Test Title: FastBlocSE-01 FastBloc Software Edition (SE). Test Date: 2/15/2006 to 2/17/2006 Test Description: This test documents the ability of the FastBloc Software Edition (SE) to successfully prevent write-attempts to parallel-ata and serial-ata hard disk drives. This test will document the ability of FastBloc SE software write-blocker to produce consistent algorithm s. Additionally, the test will document the software s ability to detect the presence and successfully access an HPA or DCO contained within the disk. Forensic Tool: Title: Manufacturer: Model Number: Serial Number: FastBloc Software Edition (SE) Guidance Software N/A N/A Test Results: Test Number Environment: Actions: Assigned Reqt s 01-01 Source PATA Disk 01-02 Source PATA Disk Folder added to ; FastBloc SE restarted 01-03 Source PATA Disk 01-04 N/A Compare hash 01-05 Source PATA Disk Expected Results: PATA hard disk Results: Page 6 of 8

01-06 Source PATA Disk Folder added to ; FastBloc SE restarted 01-07 Source PATA Disk 01-08 N/A Compare hash 01-09 Source SATA Disk 01-10 Source SATA Disk 01-11 Source SATA Disk Folder added to ; FastBloc SE restarted 01-12 N/A Compare hash 01-13 Source SATA Disk 01-14 Source SATA Disk 01-15 Source SATA Disk Folder added to ; FastBloc SE restarted PATA hard disk SATA hard disk SATA hard disk Page 7 of 8

01-16 N/A Compare hash Requirements: 1) The FastBloc Software Edition (SE) should successfully compute an of a source hard disk attached to the IDE channel/controller of a PC. 2) The FastBloc Software Edition (SE) should allow normal hard disk write-block operation of a source hard disk attached to the IDE channel/controller of a PC. 3) The FastBloc Software Edition (SE) should successfully access any detected DCO and/or HPA that is contained within the source hard disk attached to the IDE channel/controller of a PC. 4) The FastBloc Software Edition (SE) should successfully compute an of a source hard disk attached to attached via USB 2.0 to a PC. 5) The FastBloc Software Edition (SE) should allow normal hard disk write-block and writeprotect operation of a source hard disk attached via USB 2.0 to a PC. 6) The FastBloc Software Edition (SE) should successfully access any detected DCO and/or HPA that is contained within the source hard disk attached via USB 2.0 to a PC. Observations: N/A Limitations: N/A Recommendations: N/A Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback