SlideShare une entreprise Scribd logo

Digital Forensics in the Archive

Télécharger en tant que PPT, PDF
G
GarethKnight

Presentation gave by Gareth Knight at the Digital Preservation Coalition event on digital forensics in Oxford on June 28th 2011.

Technologie
1  sur  21
Digital Forensics in the Archive Using open source & free software to capture and curate archival digital records Gareth Knight, FIDO Project Manager DPC: Digital Forensics for Preservation, The Oxford Centre, Oxford, 28 th June 2011
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Forensic tools in the archive
Forensic tools in the archive
Forensic Investigation of Digital Objects (FIDO) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Daubert standard & Open Source ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Archival Scenarios ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Broad issues to consider ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Forensic hardware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Do not (currently) possess H/W write blocker – mount media as read-only
Data Acquisition ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Data Imaging formats/types ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Acquisition tools Booting from floppy Dc3dd and dcfldd (if booting from floppy disk, wish to create Raw images, & unafraid of CLI) Booting from CD/USB OSFClone Guymager (pronounced: GUI-mager) and Automatic Image & Restore (Raw only) Windows-based tools FTK Imager & OSForensics are free commercial tools that may also be used
What type of data do you wish to retrieve? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identifying origin of data files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Data Carving ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Img source: http://www.flickr.com/photos/jwthompson2/160835456/
Data Carving Examples ,[object Object],[object Object],[object Object],[object Object],[object Object]
Integrated Forensic toolsets (1) Sleuthkit & Autopsy (or PTK) Set of command line tools for identifying file systems, performing file/keyword search, hash generation and look-up (via NSRL, HashKeeper, etc) and timeline mapping. Web client interface via Autopsy (free) or PTK (ajax-based, commercial) Digital Forensic Framework Cross-platform QT/Python tool. Modular design through plug-ins. Supports Raw/DD and EWF. Support for FAT, NTFS, EXTFS 2/3/4 file systems. Hash generation & check of selected files & comparison to NSRL hash dataset. However, data carving can be slow & does not begin to extract files until it has analysed entire disk
Integrated Forensic toolsets (2) PyFlag Web-based framework written in Python dev. by Australian Department of Defence. Supports raw, sgzip, AFF, EnCase, etc. Support for keyword/file search of active/inactive files, timelines, hash and compare using Hashkeeper. OSForensic Commercial, but free at moment. Mount range of formats ( Raw, AFF, EWF, SMART, IMG, ISO, BIN). F ile/keyword search, hash generation and look-up (via NSRL, HashKeeper, etc) and timeline mapping. Also: OSS distributions, including SIFT Workstation, BackTrack, Penguin Sleuth, DEFT Linux, CAINE and others
Current/future challenges for the forensic curator ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Gareth Knight Centre for e-Research, King’s College London gareth.knight@kcl.ac.uk @gknight2000 020 7848 1979 http://fido.cerch.kcl.ac.uk/ @jiscfido Questions

Recommandé

Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
GarethKnight
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
Patricia M Watson
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery Perspective
CSCJournals
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
John Bambenek
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
Organizing EEG data using the Brain Imaging Data Structure
Organizing EEG data using the Brain Imaging Data Structure Organizing EEG data using the Brain Imaging Data Structure
Organizing EEG data using the Brain Imaging Data Structure
Robert Oostenveld
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
Alchemist095
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 

Recommandé

Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
GarethKnight
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
Patricia M Watson
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery Perspective
CSCJournals
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
John Bambenek
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
Organizing EEG data using the Brain Imaging Data Structure
Organizing EEG data using the Brain Imaging Data Structure Organizing EEG data using the Brain Imaging Data Structure
Organizing EEG data using the Brain Imaging Data Structure
Robert Oostenveld
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
Alchemist095
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
Jyothishmathi Institute of Technology and Science Karimnagar
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
nCircle - a Tripwire Company
 
DIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGDIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVING
IJCI JOURNAL
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsf
Brad Houston
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
guest66dc5f
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
ParminderKaurBScHons
 
DICTIONARY
DICTIONARYDICTIONARY
DICTIONARY
gina paola garzon
 
Study on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical MemoryStudy on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical Memory
IOSR Journals
 
A SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVINGA SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVING
IJCSES Journal
 
Data management plans
Data management plansData management plans
Data management plans
Brad Houston
 
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
Paolo Nesi
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435
Manuel Garza
 
Research data management: course 0HV90, Behavioral Research Methods
Research data management: course 0HV90, Behavioral Research MethodsResearch data management: course 0HV90, Behavioral Research Methods
Research data management: course 0HV90, Behavioral Research Methods
Leon Osinski
 
Introduction to Information Retrieval
Introduction to Information RetrievalIntroduction to Information Retrieval
Introduction to Information Retrieval
Carsten Eickhoff
 
Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval
Jean Brenda
 
Teaching systems and fundamentals
Teaching systems and fundamentalsTeaching systems and fundamentals
Teaching systems and fundamentals
Houston ISD
 
Tutorial 1 (information retrieval basics)
Tutorial 1 (information retrieval basics)Tutorial 1 (information retrieval basics)
Tutorial 1 (information retrieval basics)
Kira
 
Responsible Conduct of Research: Data Management
Responsible Conduct of Research: Data ManagementResponsible Conduct of Research: Data Management
Responsible Conduct of Research: Data Management
Kristin Briney
 
Data management (newest version)
Data management (newest version)Data management (newest version)
Data management (newest version)
Graça Gabriel
 
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogueseROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
e-ROSA
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 

Contenu connexe

Tendances

Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
nCircle - a Tripwire Company
 
DIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGDIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVING
IJCI JOURNAL
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsf
Brad Houston
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
guest66dc5f
 
A SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVINGA SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVING
IJCSES Journal
 
Data management plans
Data management plansData management plans
Data management plans
Brad Houston
 
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
Paolo Nesi
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435
Manuel Garza
 
Teaching systems and fundamentals
Teaching systems and fundamentalsTeaching systems and fundamentals
Teaching systems and fundamentals
Houston ISD
 

Tendances (20)

Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
 
DIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGDIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVING
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsf
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
DICTIONARY
DICTIONARYDICTIONARY
DICTIONARY
 
Study on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical MemoryStudy on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical Memory
 
A SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVINGA SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVING
 
Data management plans
Data management plansData management plans
Data management plans
 
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
NLP on Hadoop: A Distributed Framework for NLP-Based Keyword and Keyphrase Ex...
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435
 
Research data management: course 0HV90, Behavioral Research Methods
Research data management: course 0HV90, Behavioral Research MethodsResearch data management: course 0HV90, Behavioral Research Methods
Research data management: course 0HV90, Behavioral Research Methods
 
Introduction to Information Retrieval
Introduction to Information RetrievalIntroduction to Information Retrieval
Introduction to Information Retrieval
 
Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval
 
Teaching systems and fundamentals
Teaching systems and fundamentalsTeaching systems and fundamentals
Teaching systems and fundamentals
 
Tutorial 1 (information retrieval basics)
Tutorial 1 (information retrieval basics)Tutorial 1 (information retrieval basics)
Tutorial 1 (information retrieval basics)
 
Responsible Conduct of Research: Data Management
Responsible Conduct of Research: Data ManagementResponsible Conduct of Research: Data Management
Responsible Conduct of Research: Data Management
 
Data management (newest version)
Data management (newest version)Data management (newest version)
Data management (newest version)
 
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogueseROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
 

Similaire à Digital Forensics in the Archive

computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics report
yash sawarkar
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)
softwaresatish
 

Similaire à Digital Forensics in the Archive (20)

Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Fs Ch 18
Fs Ch 18Fs Ch 18
Fs Ch 18
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics report
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Introduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi CIntroduction to Forensics and Steganography by Pardhasaradhi C
Introduction to Forensics and Steganography by Pardhasaradhi C
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)
 
intro to forensics
intro to forensicsintro to forensics
intro to forensics
 

Plus de GarethKnight

Plus de GarethKnight (16)

Supporting Open Science in Research
Supporting Open Science in ResearchSupporting Open Science in Research
Supporting Open Science in Research
 
Making Sense of a Digital Collection
Making Sense of a Digital CollectionMaking Sense of a Digital Collection
Making Sense of a Digital Collection
 
Building Sustainability: Preserving research data without breaking the bank
Building Sustainability: Preserving research data without breaking the bankBuilding Sustainability: Preserving research data without breaking the bank
Building Sustainability: Preserving research data without breaking the bank
 
GIS: A project by project prospective
GIS: A project by project prospectiveGIS: A project by project prospective
GIS: A project by project prospective
 
Complying with EPSRC policy: An LSHTM case study
Complying with EPSRC policy: An LSHTM case studyComplying with EPSRC policy: An LSHTM case study
Complying with EPSRC policy: An LSHTM case study
 
Data Management for Librarians: An Introduction
Data Management for Librarians: An IntroductionData Management for Librarians: An Introduction
Data Management for Librarians: An Introduction
 
Challenges in setting up an RDM Support Service
Challenges in setting up an RDM Support ServiceChallenges in setting up an RDM Support Service
Challenges in setting up an RDM Support Service
 
Research Data Management: What is it and why is the Library & Archives Servic...
Research Data Management: What is it and why is the Library & Archives Servic...Research Data Management: What is it and why is the Library & Archives Servic...
Research Data Management: What is it and why is the Library & Archives Servic...
 
Doing research better: The role of meta‐data
Doing research better: The role of meta‐dataDoing research better: The role of meta‐data
Doing research better: The role of meta‐data
 
Laying the Foundation: Establishing an institutional RDM Support Service for ...
Laying the Foundation: Establishing an institutional RDM Support Service for ...Laying the Foundation: Establishing an institutional RDM Support Service for ...
Laying the Foundation: Establishing an institutional RDM Support Service for ...
 
Preservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategyPreservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategy
 
Introduction to digital curation
Introduction to digital curationIntroduction to digital curation
Introduction to digital curation
 
Keep Calm and Curate
Keep Calm and CurateKeep Calm and Curate
Keep Calm and Curate
 
Same as it ever was? Significant Properties and the preservation of meaning o...
Same as it ever was? Significant Properties and the preservation of meaning o...Same as it ever was? Significant Properties and the preservation of meaning o...
Same as it ever was? Significant Properties and the preservation of meaning o...
 
Who Decides? Reinterpreting archival processes for the management of digital ...
Who Decides? Reinterpreting archival processes for the management of digital ...Who Decides? Reinterpreting archival processes for the management of digital ...
Who Decides? Reinterpreting archival processes for the management of digital ...
 
Establishing the significant properties of digital research
Establishing the significant properties of digital researchEstablishing the significant properties of digital research
Establishing the significant properties of digital research
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Dernier (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Digital Forensics in the Archive

  • 1. Digital Forensics in the Archive Using open source & free software to capture and curate archival digital records Gareth Knight, FIDO Project Manager DPC: Digital Forensics for Preservation, The Oxford Centre, Oxford, 28 th June 2011
  • 2.
  • 3. Forensic tools in the archive
  • 4. Forensic tools in the archive
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Acquisition tools Booting from floppy Dc3dd and dcfldd (if booting from floppy disk, wish to create Raw images, & unafraid of CLI) Booting from CD/USB OSFClone Guymager (pronounced: GUI-mager) and Automatic Image & Restore (Raw only) Windows-based tools FTK Imager & OSForensics are free commercial tools that may also be used
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Integrated Forensic toolsets (1) Sleuthkit & Autopsy (or PTK) Set of command line tools for identifying file systems, performing file/keyword search, hash generation and look-up (via NSRL, HashKeeper, etc) and timeline mapping. Web client interface via Autopsy (free) or PTK (ajax-based, commercial) Digital Forensic Framework Cross-platform QT/Python tool. Modular design through plug-ins. Supports Raw/DD and EWF. Support for FAT, NTFS, EXTFS 2/3/4 file systems. Hash generation & check of selected files & comparison to NSRL hash dataset. However, data carving can be slow & does not begin to extract files until it has analysed entire disk
  • 18. Integrated Forensic toolsets (2) PyFlag Web-based framework written in Python dev. by Australian Department of Defence. Supports raw, sgzip, AFF, EnCase, etc. Support for keyword/file search of active/inactive files, timelines, hash and compare using Hashkeeper. OSForensic Commercial, but free at moment. Mount range of formats ( Raw, AFF, EWF, SMART, IMG, ISO, BIN). F ile/keyword search, hash generation and look-up (via NSRL, HashKeeper, etc) and timeline mapping. Also: OSS distributions, including SIFT Workstation, BackTrack, Penguin Sleuth, DEFT Linux, CAINE and others
  • 19.
  • 20.
  • 21.