disk

Data-Acquisition-Methods

Data Acquisition Methods

1 Comment / CHFI, Knowledge Base / By

Data Acquisition Methods in this article explain which of the method using on data acquition and also explain those method which is continuously using in forensic investigation. There are following four methods available for data acquisition: 1. Bit-stream disk-to-image file Forensic investigators commonly use this data acquisition method. It is a flexible method, which allows creation of one or more copies, or bit-for-bit repkations of the suspect drive. ProDiscover, EnCase, FTK, The Sleuth Kit, X-Ways …

Data Acquisition Methods Read More »

Review-Data-Acquisition-and-Duplication-Steps

Review Data Acquisition and Duplication Steps

Leave a Comment / CHFI / By

Review Data Acquisition and Duplication Steps in this Data acquisition is the first pro-active step in the forensic investigation process. The aim of forensic data acquisition is to make a forensic copy of data, which can act as evidence in the court. Forensic data duplication refers to the creation of a file that has every bit of information from the source in a raw bit-stream format. Steps to follow in the process of data acquisition …

Review Data Acquisition and Duplication Steps Read More »

Understand-Static-Data-Acquisition

Understand Static Data Acquisition

Leave a Comment / CHFI, Knowledge Base / By

Understand Static Data Acquisition in this refer to the non-volatile data, which does not change its state after the system shut down. Static data acquisition refers to the process of extracting and gathering the unaltered data from storage media. Sources of non-volatile data include hard drives, DVD-ROMs, USB drives, flash cards, smart-phones, external hard drives, etc. This type of data exists in the form of emails, word processing documents, web activity, spreadsheets, slack space, swap …

Understand Static Data Acquisition Read More »

File-System-Analysis-Using-Autopsy

File System Analysis Using Autopsy

1 Comment / CHFI / By

File System Analysis Using Autopsy is a digital forensics platform and graphical interface to The Sleuth Kite and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Autopsy is an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Some of the …

File System Analysis Using Autopsy Read More »

RAID-Storage-System

What is RAID Storage System?

1 Comment / CHFI / By

Redundant Array of Independent Disks (RAID) may be a technology that uses multiple smaller disks simultaneously, which function as one large volume. It provides a specific method of accessing one or many separate hard disks, thereby decreasing the risk of losing all data if at all a hard disk fails or is susceptible to damages, and it also helps in improving access time. The RAID technology helps users to: Maintain a large amount of knowledge …

What is RAID Storage System? Read More »

Overview-of-ZFS-file-system

Overview of ZFS file system

Leave a Comment / CHFI, Knowledge Base / By

Overview of ZFS file system as well as a logical volume manager developed by Sun Microsystems. The ZFS offers features like high storage capability, data protection, data compression, volume management, copy-on-write clones, data integrity checking, and automatic repair. Features US Pooled Storage Model This file system uses the storage pool model, which defines the storage characteristics and acts as a random data store from the point of creation of file systems. The storage allows the …

Overview of ZFS file system Read More »

An Overview of Encrypting File Systems (EFS)

An Overview of Encrypting File Systems | EFS

Leave a Comment / CHFI / By

In this blog explain The Encrypting File System | EFS is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. To protect files from mishandling and to ensure their security, the system should encrypt them. NTFS has Encrypting File System (EFS) as built-in feature. Encryption in file systems uses symmetric key encryption technology …

An Overview of Encrypting File Systems | EFS Read More »

Understanding-File-Systems

Understanding File Systems

Leave a Comment / CHFI / By

Understanding File Systems in this computer not only computes data but also stores data. The issue of file structure and data storage is of prime concern. To solve this issue, manufacturers employ an effective storing and organization of the data on the computer called as a file system. The file system makes it easy to find and access the data. Data storage devices like hard disks or CD-ROMs can use the file system to store …

Understanding File Systems Read More »

Identifying-GUID-Partition-Table-(GPT)

Identifying GUID Partition Table (GPT)

Leave a Comment / CHFI, Knowledge Base / By

Identifying GUID Partition Table (GPT) in this GPT header will help an investigator analyze the layout of the disk including the locations of the partition table, partition area, and backup copies of the header and partition table. Investigators can use cmdlets given below in Windows PowerShell to identify the presence of GPT: Get-GPT Get-GPT command helps investigator to analyze the GUID Partition Table data structure of the hard disk. It requires the use of the …

Identifying GUID Partition Table (GPT) Read More »

Booting-Process

What is the Booting Process?

Leave a Comment / CHFI / By

Booting is the process of starting or resetting the computer when the user turns the system on. The process includes getting both the hardware and software ready and running. The booting process is of two types: Cold booting: The process happening when we first turn on the computer. Also called as hard boot, this happens when user completely cuts the power supply to the system. Warm booting is the process happening when we reset the …

What is the Booting Process? Read More »