Difference between pages "Private Information In Disk Images" and "Computer Forensics Research Lab"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Non-Private Information)
 
m (Created page with "Useful equipment for setting up an computer forensics research lab: ===Computer Equipment=== * internal SATA hard drives (useful for moving around data and short-term archiving)...")
 
Line 1: Line 1:
Disk images potentially contain a lot of information. Below is a list of information on disk images that we consider private and information that we do not consider private. Please feel free to edit this list as appropriate. Where possible, please provide references for your claims.
+
Useful equipment for setting up an computer forensics research lab:
  
 
+
===Computer Equipment===
==Private Information==
+
* internal SATA hard drives (useful for moving around data and short-term archiving)
* File names in general should be considered private.
+
* Docks to connect the SATA drives to your computer and server
* File contents.
+
* A fast server (we use a MacPro with 12 cores, 32GB of RAM, and fibre channel)
* User account Names.
+
* A RAID array to hold your corpus (we use an ActiveStorage system with FC)
* Geolocation information
+
* 10Gig or Gigabit switch
* MAC addresses and IP addresses extracted from the disk.
+
* Workstations for researchers (we use MacPros; you can use Dells also.)                   
** Note: Multi-case MAC addresses and private address space IP addresses are '''not''' privacy-sensitive.
+
===Commercial Disk Processing Software===
* Serial number of the drive (currently there are no publicly available databases of serial numbers, but such a database could later be released, making serial numbers private).
+
* FTK Academic License
* Hash of the hard drive.
+
* EnCase Forensic Academic License
* Wireless networks to which you have associated.
+
===Commercial Phone Software===
* File names and executables that are from applications that are contraband, sensitive, or not widely available.
+
* EnCase Nutrino phone forensic kit
 
+
* Paraben phone forensic kit
Files that are ''encrypted'' need to be treated as private until they are decrypted, because you don't know what's inside them.
+
===Misc. Lab Equipment===
 
+
* Ergonomic chairs for students
==Non-Private Information==
+
* Desks for students
* City, Country of origin (where it obtained)
+
* Lab stools
* Size of Disk
+
* anti-static mats
* Manufacturer of hard drive and model number.
+
* lab lamps with magnifying lamps
* Time stamps (therefore, timeline information is not private, but the names of the files modified are private).
+
* Lab benches
* Operating System Version
+
* Misc. tools from Home Depot
* Number of accounts on the disk.
+
===Content Creation===
* Hashes of individual files.
+
Get your own equipment so there are no PII or copyright issues.
* Histogram of file types.
+
* HD video camera
* Number of partitions.
+
* Digital camera
* Overall storage allocation.
+
* File names of executables and DLLs that are part of widely available software packages (e.g., applications in NSRL).
+

Latest revision as of 09:47, 12 July 2011

Useful equipment for setting up an computer forensics research lab:

Contents

[edit] Computer Equipment

  • internal SATA hard drives (useful for moving around data and short-term archiving)
  • Docks to connect the SATA drives to your computer and server
  • A fast server (we use a MacPro with 12 cores, 32GB of RAM, and fibre channel)
  • A RAID array to hold your corpus (we use an ActiveStorage system with FC)
  • 10Gig or Gigabit switch
  • Workstations for researchers (we use MacPros; you can use Dells also.)

[edit] Commercial Disk Processing Software

  • FTK Academic License
  • EnCase Forensic Academic License

[edit] Commercial Phone Software

  • EnCase Nutrino phone forensic kit
  • Paraben phone forensic kit

[edit] Misc. Lab Equipment

  • Ergonomic chairs for students
  • Desks for students
  • Lab stools
  • anti-static mats
  • lab lamps with magnifying lamps
  • Lab benches
  • Misc. tools from Home Depot

[edit] Content Creation

Get your own equipment so there are no PII or copyright issues.

  • HD video camera
  • Digital camera
Retrieved from "http://www.forensicswiki.org/w/index.php?title=Private_Information_In_Disk_Images&oldid=10954"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox