Investigation - Data Aquisition

The document discusses various aspects of data acquisition, including digital storage formats, methods of acquisition, and validation techniques. It covers raw and proprietary formats, the advantages and disadvantages of each, and specific acquisition methods such as disk to image and RAID recovery. Additionally, it highlights remote network acquisition tools and their functionalities for live data collection.

Uploaded by

kartikambupe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

4 views18 pages

Investigation - Data Aquisition

Uploaded by

kartikambupe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

Data Acquisition

Prof. Zaheed Shaikh

Overview
• Digital Storage formats
• Validating Data acquisition
• Remote Network acquisition tools
Data Acquisition
• Live acquisition
• Static Acquisition
Digital Evidence Storage formats
• Open Source
– RAW
– Advanced Forensic Format
• Proprietary Formats
Raw Format
• Bit by Bit copy
• Sequential Flat file is made of suspect
drive/data set
Raw Format Advantages/Disadvantage
• Fast data transfer
• Requires similar space
• Not collect marginal bad sectors on disk drive
AFF
• Create compressed or uncompressed files
• No size restriction
• Open source for multiple platforms
• Internal consistency checks for self
authentication
Best Acquisition Method
• Static acquisition limitations that encrypted
drives readable only when powered on
• Computers accessible only through network
Acquisition Methods
• Disk to image
• Disk to disk
• Logical disk to disk
• Disk to data file
• Sparse copy of folder or file
Disk to image
• Bit for bit replication
– Pro Discover
– Encase
– FTK
– Smart
• Not possible for cases where software
incompatibilities exist
Disk to Disk
• Older incompatible systems
– Encase
– Safeback
Logical or Sparse
• Logical
– Capture only specific files of interest
– Email investigation
• Sparse
– Also collects fragments of unallocated data
Encrypted data
• Key is with suspect
• Free and slack space are nor altered
Validating Data Acquisition
• Byte by byte comparisons
– X Ways Forensics
– X ways Win Hex
• CRC-32, MD5, SHA-1-SHA-512
• Linux
– dd
– dcfldd
RAID Acquisition
• RAID Random Array of Independent Disks
• RAID 0 Two or more disks seen as one
– Speed
• RAID 1 making data to be written on two disks
simultaneously- mainly for recovery purposes
• RAID 2- similar but uses error correcting codes
for validation
RAID Acquisition
• RAID 3 atleast three disks one is used for
parity checking
• RAID 4 only difference from raid 3 is data
written in blocks not as bytes
• RAID 5 does striping and parity on each disk
• RAID 6, RAID 10, RAID 15- Best speed and data
recovery capabilities
RAID Recovery Tools
• Pro Discover
• X Ways Forensics
• Runtime Software
Remote Network Acquisition Tools
• Pro Discover
– View remote drive when powered on
– Live acquisition- Smear
– Encrypt connection
– Copy Suspects RAM while powered on
– Use stealth mode to hide remote connection

J750 Basic Training Module1 J750 Tester Overview
No ratings yet
J750 Basic Training Module1 J750 Tester Overview
78 pages
EWM CLASS 41 - RF Framework - Configuration
100% (1)
EWM CLASS 41 - RF Framework - Configuration
9 pages
Chapter 3 - Data Acquisition
100% (1)
Chapter 3 - Data Acquisition
58 pages
Lec3 23-3-2024
No ratings yet
Lec3 23-3-2024
35 pages
Data Acquisition: Paul Ssemaluulu (PHD)
100% (2)
Data Acquisition: Paul Ssemaluulu (PHD)
35 pages
Guide To Computer Forensics: 6 Edition
No ratings yet
Guide To Computer Forensics: 6 Edition
31 pages
Dataacquisition
No ratings yet
Dataacquisition
22 pages
Module 2 Webinar Slides - Powerpoint
No ratings yet
Module 2 Webinar Slides - Powerpoint
24 pages
Lec3 18-3-2024
No ratings yet
Lec3 18-3-2024
52 pages
Topic02 Data Acquisition
No ratings yet
Topic02 Data Acquisition
26 pages
Data Formats
No ratings yet
Data Formats
89 pages
CH 04 I C
No ratings yet
CH 04 I C
93 pages
Chapter 4 - Data Acquisition
No ratings yet
Chapter 4 - Data Acquisition
39 pages
Guide To Computer Forensics and Investigations: Data Acquisition
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
21 pages
Digital Forensics Lec4 Spring 2021-2
No ratings yet
Digital Forensics Lec4 Spring 2021-2
59 pages
SCI4201 Lecture 4 - Data Acquistion
No ratings yet
SCI4201 Lecture 4 - Data Acquistion
46 pages
Data Acquisition
No ratings yet
Data Acquisition
29 pages
Lec 2
No ratings yet
Lec 2
23 pages
Digital Forensics: Module 2: Data Acquisition and Recovery
No ratings yet
Digital Forensics: Module 2: Data Acquisition and Recovery
61 pages
CH 04
No ratings yet
CH 04
13 pages
Week 2 Webinar Slides
No ratings yet
Week 2 Webinar Slides
16 pages
Digital Forensics (Data Acquisition and Hashing)
100% (1)
Digital Forensics (Data Acquisition and Hashing)
48 pages
CF Lecture 04-Data Acquisition
100% (1)
CF Lecture 04-Data Acquisition
65 pages
Module 04 - Data Acquisition and Duplication-AG-25-1
No ratings yet
Module 04 - Data Acquisition and Duplication-AG-25-1
29 pages
Unit 04
No ratings yet
Unit 04
24 pages
Lecture 5 APIC 1.2.3
No ratings yet
Lecture 5 APIC 1.2.3
51 pages
Data Acquisition
100% (1)
Data Acquisition
31 pages
Lecture-5&6 Data Acquisition
No ratings yet
Lecture-5&6 Data Acquisition
66 pages
Akuisisi Data: Forensic Computer
No ratings yet
Akuisisi Data: Forensic Computer
76 pages
CH 04
No ratings yet
CH 04
76 pages
Lecture 4 CSNC4583
No ratings yet
Lecture 4 CSNC4583
69 pages
Guide For Digital Forensic
No ratings yet
Guide For Digital Forensic
69 pages
(N0161340W) Case Project 3
No ratings yet
(N0161340W) Case Project 3
4 pages
Guide To Computer Forensics: 6 Edition
No ratings yet
Guide To Computer Forensics: 6 Edition
30 pages
Chap 03
No ratings yet
Chap 03
45 pages
Forensics LEC 2
No ratings yet
Forensics LEC 2
22 pages
Lecture 5 - Data Acquisition
No ratings yet
Lecture 5 - Data Acquisition
26 pages
WINSEM2024-25 BCSE322L TH VL2024250501658 2024-12-17 Reference-Material-I
No ratings yet
WINSEM2024-25 BCSE322L TH VL2024250501658 2024-12-17 Reference-Material-I
68 pages
Acquisition and Tools: Planning Your Investigation
No ratings yet
Acquisition and Tools: Planning Your Investigation
13 pages
DF Unit-2
No ratings yet
DF Unit-2
49 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
56 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
58 pages
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
No ratings yet
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
17 pages
Gcfi6e Im Ch03
No ratings yet
Gcfi6e Im Ch03
14 pages
CH 09
No ratings yet
CH 09
56 pages
Guide To Computer Forensics and Investigations: Data Acquisition
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
17 pages
4680 ch04
No ratings yet
4680 ch04
64 pages
Chapter 8 - Computer Forensics Analysis and Validation
No ratings yet
Chapter 8 - Computer Forensics Analysis and Validation
30 pages
Module 02 Data Acquisition
No ratings yet
Module 02 Data Acquisition
15 pages
Guide To Computer Forensics and Investigations: Data Acquisition
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
13 pages
CSDF Unit 5
No ratings yet
CSDF Unit 5
16 pages
SCI4201 Lecture 9 - Forensics Analysis and Validation
No ratings yet
SCI4201 Lecture 9 - Forensics Analysis and Validation
38 pages
DF Unit 2 My Notes
No ratings yet
DF Unit 2 My Notes
18 pages
Lecture 9 Data Analysis and Validation
No ratings yet
Lecture 9 Data Analysis and Validation
30 pages
Guide To Computer Forensics and Investigations: Data Acquisition
100% (1)
Guide To Computer Forensics and Investigations: Data Acquisition
19 pages
ICT706 Lecture 3
No ratings yet
ICT706 Lecture 3
59 pages
(FINAL) Digital Forensics - Windows Forensic Investigations-200224
No ratings yet
(FINAL) Digital Forensics - Windows Forensic Investigations-200224
10 pages
2.data Acquisition
No ratings yet
2.data Acquisition
42 pages
Data Acquisiton
No ratings yet
Data Acquisiton
9 pages
FreeBSD Mastery: Storage Essentials: IT Mastery, #4
From Everand
FreeBSD Mastery: Storage Essentials: IT Mastery, #4
Michael W. Lucas
No ratings yet
Managing Multimedia and Unstructured Data in the Oracle Database
From Everand
Managing Multimedia and Unstructured Data in the Oracle Database
Marcelle Kratochvil
No ratings yet
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
From Everand
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
Jan Axelson
No ratings yet
MIT6 0001F16 Pset4
No ratings yet
MIT6 0001F16 Pset4
10 pages
Chapter 8 - Software Testing
No ratings yet
Chapter 8 - Software Testing
20 pages
Citrix Workspace App
No ratings yet
Citrix Workspace App
157 pages
Workbench Installation Guide: Create and Customize User Interfaces For Router Control
No ratings yet
Workbench Installation Guide: Create and Customize User Interfaces For Router Control
29 pages
DBMS Journal Guidelines
No ratings yet
DBMS Journal Guidelines
7 pages
ECU REPAIR VOL 2 - Ecu Reprogramming and Immobilizers of Departure PDF
No ratings yet
ECU REPAIR VOL 2 - Ecu Reprogramming and Immobilizers of Departure PDF
96 pages
ZTE Switch
No ratings yet
ZTE Switch
76 pages
Code-Coverage Analysis: Structural Testing and Functional Testing
No ratings yet
Code-Coverage Analysis: Structural Testing and Functional Testing
4 pages
Hadamard Code Sec B Wireless Assignment
No ratings yet
Hadamard Code Sec B Wireless Assignment
5 pages
Name: Sumit Roll No.: 205119101: Q. Solve 8-Queens Problem Using Hill Climbing
No ratings yet
Name: Sumit Roll No.: 205119101: Q. Solve 8-Queens Problem Using Hill Climbing
9 pages
Brochure Hydra DMC en Eng 533781
No ratings yet
Brochure Hydra DMC en Eng 533781
8 pages
SY SEM IV Android Programming
No ratings yet
SY SEM IV Android Programming
3 pages
OptiXstar B650 en
No ratings yet
OptiXstar B650 en
3 pages
Resetting Search Index in SharePoint
No ratings yet
Resetting Search Index in SharePoint
14 pages
Assignment 2pdf
No ratings yet
Assignment 2pdf
1 page
Bakshi
No ratings yet
Bakshi
9 pages
About Me: Jānis Meģis, Mikrotik Jānis (Tehnical, Trainer, Not Sales)
No ratings yet
About Me: Jānis Meģis, Mikrotik Jānis (Tehnical, Trainer, Not Sales)
21 pages
s4 CAM July 2022
No ratings yet
s4 CAM July 2022
2 pages
FOS 313 Chapter 1
No ratings yet
FOS 313 Chapter 1
41 pages
DATA Provisioning & Replication in SAP HANA
No ratings yet
DATA Provisioning & Replication in SAP HANA
5 pages
Istartek VT100 Protocol Sms Gprs Protocol 20211204
No ratings yet
Istartek VT100 Protocol Sms Gprs Protocol 20211204
38 pages
Optimization Problem
No ratings yet
Optimization Problem
21 pages
Syllabus For IOT
No ratings yet
Syllabus For IOT
11 pages
Advanced Excel Top 9 Report
No ratings yet
Advanced Excel Top 9 Report
19 pages
Java Cheatsheet
No ratings yet
Java Cheatsheet
17 pages
Sepm 2020
No ratings yet
Sepm 2020
3 pages
Hitachi VSP g400 g600 Quick Start Guide 04062015
No ratings yet
Hitachi VSP g400 g600 Quick Start Guide 04062015
4 pages
Unit 1 Three Level Architecture
No ratings yet
Unit 1 Three Level Architecture
19 pages

Investigation - Data Aquisition

Uploaded by

Investigation - Data Aquisition

Uploaded by

Data Acquisition

Prof. Zaheed Shaikh

You might also like