Difference between pages "Upcomingevents......I" and "Private Information In Disk Images"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (Private Information)
 
Line 1: Line 1:
Follow-up Workshop for Digital Forensics Educators
+
Disk images potentially contain a lot of information. Below is a list of information on disk images that we consider private and information that we do not consider private. Please feel free to edit this list as appropriate. Where possible, please provide references for your claims.
  
 
  
 +
==Private Information==
 +
* File names in general should be considered private.
 +
* File contents.
 +
* User account Names.
 +
* Geolocation information
 +
* MAC addresses and IP addresses extracted from the disk.
 +
** Note: Multi-case MAC addresses and private address space IP addresses are '''not''' privacy-sensitive.
 +
* Serial number of the drive (currently there are no publicly available databases of serial numbers, but such a database could later be released, making serial numbers private).
 +
* Hash of the hard drive.
 +
* Wireless networks to which you have associated.
 +
* File names and executables that are from applications that are contraband, sensitive, or not widely available.
  
This is a short note to invite you back to the Follow-up Workshop for Digital Forensics Educators at Erie Community College, Tuesday, August 16, 2011 from 9-4. If you hadn’t participated last year…you’re still invited.
+
==Non-Private Information==
 
+
* Size of Disk
Dr. Garfinkel has requested that we have a more interactive workshop with participants sharing their methodologies and course work with the group. This would facilitate more sharing amongst colleagues and give him a better focus regarding the forensics corpora course integration.
+
* Manufacturer of hard drive and model number.
 
+
* Time stamps (therefore, timeline information is not private, but the names of the files modified are private).
We would like to start lining up presenters so that the program can start taking shape. The format for sharing can be as simple as a short talk about your program or PPTs  or group activities. Please respond with what you would like to do. I look forward to seeing you in August. Regards, Donna
+
* Operating System Version
 
+
* Number of accounts on the disk.
 
+
* Hashes of individual files.
Registration Link (http://kuroski.net/Forensics2011/login.php)
+
* Histogram of file types.
 +
* Number of partitions.
 +
* Overall storage allocation.
 +
* File names of executables and DLLs that are part of widely available software packages (e.g., applications in NSRL).

Revision as of 08:55, 6 July 2011

Disk images potentially contain a lot of information. Below is a list of information on disk images that we consider private and information that we do not consider private. Please feel free to edit this list as appropriate. Where possible, please provide references for your claims.


Private Information

  • File names in general should be considered private.
  • File contents.
  • User account Names.
  • Geolocation information
  • MAC addresses and IP addresses extracted from the disk.
    • Note: Multi-case MAC addresses and private address space IP addresses are not privacy-sensitive.
  • Serial number of the drive (currently there are no publicly available databases of serial numbers, but such a database could later be released, making serial numbers private).
  • Hash of the hard drive.
  • Wireless networks to which you have associated.
  • File names and executables that are from applications that are contraband, sensitive, or not widely available.

Non-Private Information

  • Size of Disk
  • Manufacturer of hard drive and model number.
  • Time stamps (therefore, timeline information is not private, but the names of the files modified are private).
  • Operating System Version
  • Number of accounts on the disk.
  • Hashes of individual files.
  • Histogram of file types.
  • Number of partitions.
  • Overall storage allocation.
  • File names of executables and DLLs that are part of widely available software packages (e.g., applications in NSRL).