Difference between pages "ESDA" and "Hard Drive Passwords"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m
 
Line 1: Line 1:
'''ESDA''' which stands for Electrostatic detection apparatus, is a machine used within forensics for document examination.
+
Some hard drives support passwords. These passwords can be implemented in computer's operating system, its BIOS, or even in the hard drive's firmware. Passwords implemented in the OS are the easiest to remove, those in the firmware are the hardest.  
The machine allows the visulisation of indented writing wihout damaging the document.
+
  
The questioned document (usually a piece of paper) is put onto the bronze plate, then a thin film is placed over it.
+
Sometimes people use the term "password" but the hard drive is really [[Full Disk Encryption|encrypted]], and the password is used to unlock a decryption key. These passwords cannot be removed---the encryption key must be cracked or discovered through another means.
A corona (a highly charged wire)then passes over the film, giving it an electrostatic charge. The areas in which the paper is indented will have the greatest charge.  
+
 
Once the corona has passed over the film, the bronze plate is titled and photocopy toner powder (with small glass beads) is added.
+
=Vendors=
The toner then adds to the areas of greatest charge, and thus allows the indentation to now be seen.
+
Disklabs (www.disklabs.com) is able to remove some forms of hard drive passwords.

Revision as of 19:51, 25 February 2007

Some hard drives support passwords. These passwords can be implemented in computer's operating system, its BIOS, or even in the hard drive's firmware. Passwords implemented in the OS are the easiest to remove, those in the firmware are the hardest.

Sometimes people use the term "password" but the hard drive is really encrypted, and the password is used to unlock a decryption key. These passwords cannot be removed---the encryption key must be cracked or discovered through another means.

Vendors

Disklabs (www.disklabs.com) is able to remove some forms of hard drive passwords.