Week 2 Flashcards
Spinning Internal Hard Drives (HDD)
-
Used in many computer applications including
Home PCs & laptop computers
▪ Gaming systems
▪ DVR or video recording systems
▪ Can be internal or external (portable,
stand-alone)
▪ Server arrays
Benefits of HDDs
Readily available to consumers
▪ Varying storage sizes, currently 500 GB to 18 TB+
▪ Less expensive than solid state drives
▪ Data recovery generally easier
▪ Can be arranged in a RAID
▪ Redundant Array of Independent Disks
▪ Can be formatted in various ways
▪ Used to increase storage capacity &
Reduce data loss
Downsides
More susceptible to mechanical
failure
▪ Can be heavy, depending on size
▪ Generally less reliable means of
storage
▪ Advanced Data Recovery costly
& time-consuming
▪ If handled improperly, can result in
data damage or loss (static,
magnetic
also these are made in 3/4 places, they come from families which need to be understood in order to recover them properly
Architecture of HDDs
Heads that read platters and transfer Data to the user
Magnetic Platters Or plates where Data is stored
platters can only spin so fast so data only gets read so fast
Interface hardware or ROM (read only memory) helps translate
The data to readable For the user
Solid State Drives
SSDs
same applications as spinning hard drives
but
Generally lower storage capacity
▪ Cost is higher
▪ No moving parts
▪ Can also be set up in a RAID
▪ Multiple different types
Same basic technology is used in USB
thumb drives, phone data storage, etc
SSD Architecture
There are no moving
parts, So the
footprint and weight
Is much less than
spinning hard drives
Connection to
computer is made
via direct connection
to mother/logic
board of computer or
device
Data is stored on
Memory chips in
blocks and pages
Notes: SSDs (and thumb drives, etc.) have a
“shelf life” and can only be written to a specified
number of times before end of life. Some are also
non-removable.
Peripheral Devices
Memory Cards, USBs, Gaming, Alexs
Memory Cards
Come in different sizes…
▪ SD, MiniSD, Micro SD
▪ Used in external storage on
cameras, phones (non-Apple), GPS
devices, etc.
▪ Usually formatted in FAT-32 (will
discuss in later lesson)
▪ Capacity currently up to 1.5TB
▪ Can be formatted to run operating
system or other utility
USB Thumb or Stick drives
Often used for portability & data
Xfer on PCs & gaming systems
▪ Name-brand manufacturers usually
apply a serial number, which is
good forensic evidence
▪ Capacity currently up to 2TB
▪ Can be formatted to run operating
system or other utility
▪ Often used in software licensing
Mobile Phones/Tablets
Two main operating systems: Apple &
Android
Android manufactured by multiple
companies
Newest iterations store up to 2TB of
data, with potential external storage
“Always on” cellular network
connectivity
Stores valuable evidence including
text/app messages, geo-location data,
pictures, video & more.
Other Storage Devices
Stand-alone GPS units, Gaming Systems
Gaming Systems
Usually have network connectivity
▪ Can store videos, pictures, chat
records, etc.
▪ Several have the ability to play Blue
Ray disks
▪ Increasingly relevant in child
exploitation investigations
Stand-alone GPS units
Still in use by truckers, hikers,
motorcyclists, etc.
▪ More modern versions run on
Android operating system
▪ Generally behave as an external
storage device when connected to
PC
▪ Excellent evidence in personal
injury/accident cases, missing
persons, etc.
ASCLD
American Society of Crime Lab Directors - main body of accreditation for crime labs, but it’s not mandatory for all labs to have accreditation
Digital Forensic Lab Physical Requirements
Small room with true floor-to-ceiling walls
▪ Door access with a locking mechanism (limited to
authorized users, including cleaning crews), which can be
a regular key lock, combination lock, or an electronic lock
capable of logging who accessed it
▪ Secure container, such as a safe or heavy-duty file cabinet
with a quality padlock that prevents drawers from
opening
▪ Visitor’s log with legible entries listing all people who have
accessed the lab and showing the date, time in, and time
out
Video Surveillance
▪ Dedicated signal-blocking work area or signal-blocking
device for working
▪ Limited internet access (if any)
▪ Environmental controls conducive to mitigate heat
from high-level processing & electronic use
▪ License access logging
▪ License access area (dongle server optional)
Recommended Additional Equipment
Digital Camera (phone camera not recommended)
▪ Antistatic & signal blocking bags
▪ External CD/DVD/Blue Ray drive
▪ Assorted cables for USB 3.0 to USB-C, Thunderbolt,
hard drive connection cables (SATA, IDE, M.2)
▪ Assorted adapters
▪ A “toaster”
▪ External Hard Drives of varying capacity
▪ Computer/electronics tool kit
Recommended Maintenance
Keep all operating systems up to date…
by putting update and plugging in to computer w/o internet
▪ Keep all forensic tools updated
▪ Keep all peripheral programs updated
▪ MS Office tools
▪ Video & image viewers
▪ Email tools
▪ Scripting tools
Disaster recovery…
▪ Image both OS drive & tools storage drive on a schedule
▪ Image administrative storage medium on a schedule..
▪ Instructor Siewert’s personal “ouch” moment
▪ Plan for equipment upgrades
▪ Budgeting
▪ Workload requirements
▪ Requirements of modern forensic tools & operating systems
▪ Slower computers = longer processing & analysis time
▪ Click & wait……….
Accreditation
Governed by…
▪ American Society of Crime Lab Directors (ASCLD)
▪ Under the principles of…
▪ International Standards Organization (ISO)
▪ One common ISO Standard is ISO/IEC 17025
▪ Governs Accreditation for Forensic Service Providers
▪ Accreditation can be gained by public or private entities
▪ Manuals, documents can be found at:
https://anab.ansi.org/2018-iso-iec-17025-forensicaccreditation-documents-0
What is the purpose ISO/ICE 17025 &
Accreditation?
Provides guidance on standard operation of forensic
labs
▪ Issues some standards of practice for forensics
generally
▪ Gives credibility to the lab
▪ Allows for business to be conducted in uniform matter
no matter the location
▪ Vets QC, policy, practice, personnel & other credentials
Should I create a lab?
Do you have the workload to justify expense?
▪ Expense = Hardware + Software + Training (all takes time)
▪ Can your organization afford the necessary tools &
equipment?
▪ Full or part-time lab? Dedicated personnel?
▪ Accreditation or not?
▪ Infrastructure
space?
