Difference between pages "DCO and HPA" and "Joachim Metz"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Tools)
 
 
Line 1: Line 1:
==Tools==
+
Talking about yourself in third person is always awkward, but here I go anyway ;-)
* [http://www.vidstrom.net/stools/taft/ TAFT (The ATA Forensics Tool)] claims the ability to look at and change the HPA and DCO settings.
+
  
* [http://www.softpedia.com/get/Security/Security-Related/SAFE-Block.shtml SAFE-Block], claims the ability to temporarily remove the HPA and remove the DCO and later return it to its original state.
+
Joachim Metz is a digital forensic investigator currently working at Hoffmann Investigations.
 +
Hoffmann Investigations mainly performs digital forensic investigations for corporations (private law).
  
* [http://hddguru.com/content/en/software/2007.07.20-HDD-Capacity-Restore-Tool/ HDD Capacity Restore], a reportedly Free utility that removed the DCO (to give you more storage for your hard drive!)
+
My background is Information Communication Technology (ICT) in multiple disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS).
 +
I have been working in the field of digital forensics for several years now.
  
==References==
+
(Philosophy warning!!!) In my opinion digital forensic investigators should be transparent in both their findings and methods.
* [http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B7CW4-4HR72JM-2&_user=3326500&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000060280&_version=1&_urlVersion=0&_userid=3326500&md5=030e6e2928779b385c76658736d11b98 Methods of discovery and exploitation of Host Protected Areas on IDE storage devices that conform to ATAPI-4], Mark Bedford, Digital Investigation, Volume 2, Issue 4, December 2005, Pages 268-275
+
The statement "the tool provided me with the evidence" just does not cut it for me.
 +
I my experience have seen a lot of serious errors in 'digital forensic software' and corresponding human interpretation.
 +
Therefore I have put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.
  
* [http://www.utica.edu/academic/institutes/ecii/publications/articles/EFE36584-D13F-2962-67BEB146864A2671.pdf Hidden Disk Areas: HPA and DCO], Mayank R. Gupta, Michael D. Hoeschele, Marcus K. Rogers, International Journal of Digital Evidence, Fall 2006, Volume 5, Issue 1
+
(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
 +
 
 +
(Marketing alert!!!) Some recent results are the file format libraries like: [[libewf]], [[libmsiecf]], [[libnk2]], [[libpff]] and recently [[libesedb]]
 +
and the proof-of-concept carving tool called [[ReviveIt (revit)|revit]], that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).
 +
 
 +
But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)
 +
 
 +
[[Category:People]]

Revision as of 15:03, 16 January 2010

Talking about yourself in third person is always awkward, but here I go anyway ;-)

Joachim Metz is a digital forensic investigator currently working at Hoffmann Investigations. Hoffmann Investigations mainly performs digital forensic investigations for corporations (private law).

My background is Information Communication Technology (ICT) in multiple disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS). I have been working in the field of digital forensics for several years now.

(Philosophy warning!!!) In my opinion digital forensic investigators should be transparent in both their findings and methods. The statement "the tool provided me with the evidence" just does not cut it for me. I my experience have seen a lot of serious errors in 'digital forensic software' and corresponding human interpretation. Therefore I have put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.

(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.

(Marketing alert!!!) Some recent results are the file format libraries like: libewf, libmsiecf, libnk2, libpff and recently libesedb and the proof-of-concept carving tool called revit, that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).

But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)