Difference between pages "Residual Data on Used Equipment" and "Volatools"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Newsworthy Used Hard Drive Stories)
 
(Changed tone of license)
 
Line 1: Line 1:
Used hard drives are frequently a good source of images for testing forensic tools. That's because many individuals, companies and organizations neglect to properly sanitize their hard drives before they are sold on the secondary market.
+
{{Expand}}
 +
{{Infobox_Software |
 +
  name = volatools |
 +
  maintainer = [[AAron Walters]] and [[Nick Petroni]] |
 +
  os = {{Windows}} |
 +
  genre = [[Windows Memory Analysis]] |
 +
  license = {{GPL}} |
 +
  website = [http://komoku.com/forensics/forensics.html komoku.com] |
 +
}}
  
You can find used hard drives on eBay, at swap meets, yard sales, and even on the street.  
+
The Volatools suite is a set of tools by [[Komoku]] for conducting [[Windows Memory Analysis|memory analysis]]. The current version, '''Volatools Basic''', can process images from [[Windows XP]] Service Pack 2 systems. A forthcoming version '''Volatools Professional''' should be able to process images from more platforms. Although the Volatools are written in [[Python]] and are therefore cross-platform, they require the [[Pykvm]] library that is only available for [[Windows]].
  
 +
== License ==
  
=Newsworthy Used Hard Drive Stories=
+
The Volatools are licensed under the [[GPL]]. Some of the functionality for these tools is contained in a closed source library called [[Pykvm]].
  
There have been several incidents in which individual have purchased a large number of hard drives and written about what they have found. This web page is an attempt to catalog all of those stories in chronological order.
+
== History ==
  
* '''2003-01''': Simson Garfinkel and Abhi Shelat at MIT publish a study in ''IEEE Security and Privacy Magazine''  which documents large amount of personal and business-sensitive information found on 250 drives purchased on the secondary market.
+
Volatools Basic was first released at the [[Blackhat (conference)|Blackhat Federal]] conference in February 2007. The professional version and an acquisition product, '''Komoku Acquisition Suite''' are scheduled to be released in 2007.
  
* '''2006-06''': A man buys a family's hard drive at a fleamarket in Chicago after the family's hard drive is upgraded by Best Buy. Apparently somebody at Best Buy violated company policy and instead of destroying the hard drive, they sold it. [http://www.youtube.com/watch?v=pcyemfJ5H3o&NR Target 5 Investigation]
+
== External Links ==
  
* '''2006-08-10''': The University of Glamorgan in Wales purchased 317 used hard drives from the UK, Australia, Germany, and the US. 25% of the 200 drives purchased from the UK market had been completely wiped. 40% of the purchased drives didn't work.  40% came from businesses, of which 23% contained enough information to identify the company. 5% had business sensitive information. 25% came from individuals, of which many had pornography, and 2 had to be referred to the police for suspected child pornography.
+
* [http://komoku.com/forensics/forensics.html Volatools official website]
 
+
* '''2006-08-14''': [http://news.bbc.co.uk/2/hi/business/4790293.stm News.com] reports on a BBC Real Story program which discussed the sale of bank account information being sold in Nigeria. The identities of British citizens, scavenged from used PC hard drives, are reportedly sold for £20 each. The PCs had apparently come from recycling points run by UK town councils.
+
 
+
* '''2006-08-15''': Simson Garfinkel presents results of a study of 1000 hard drives (750 working) at the 2006 Workshop on Digital Forensics. Results of the study show that information can be correlated across hard drives using Garfinkel's [[Cross Drive Analysis]] approach.
+
 
+
* '''2007-02-06''': [http://www.fulcruminquiry.com Fulcrum Inquiry], a Los Angeles litigation support firm, purchased 70 used hard drives from 14 firms and discovered confidential information on 2/3rds of the drives.
+

Revision as of 21:07, 16 March 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

volatools
Maintainer: AAron Walters and Nick Petroni
OS: Windows
Genre: Windows Memory Analysis
License: GPL
Website: komoku.com

The Volatools suite is a set of tools by Komoku for conducting memory analysis. The current version, Volatools Basic, can process images from Windows XP Service Pack 2 systems. A forthcoming version Volatools Professional should be able to process images from more platforms. Although the Volatools are written in Python and are therefore cross-platform, they require the Pykvm library that is only available for Windows.

License

The Volatools are licensed under the GPL. Some of the functionality for these tools is contained in a closed source library called Pykvm.

History

Volatools Basic was first released at the Blackhat Federal conference in February 2007. The professional version and an acquisition product, Komoku Acquisition Suite are scheduled to be released in 2007.

External Links