Difference between pages "Bibliography" and "Data copy king"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (File Carving)
 
m (make this page clear with more information)
 
Line 1: Line 1:
=Disk Disposal and Data Recovery=
+
Data Copy King is one disk image hardware,DoD data wipe hardware and also used as one professional forensic disk image tool.  
* [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
+
* [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
+
* [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
+
* [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
+
  
<bibtex>
+
Data Copy King has build-in IDE and SATA ports and supports USB data copy with adapters, it is one 1:1 hard drive duplicator. The top features of DCK is its claimed disk image speed at 7GB/min and data wipe speed at 8GB/min and its ability to copy bad sectors/unstable drives.  
@Article{garfinkel:remembrance,
+
  author =      "Simson Garfinkel and Abhi Shelat",
+
  author_a =      "Simson L. Garfinkel and Abhi Shelat",
+
  title =        "Remembrance of Data Passed",
+
  journal =      "{IEEE} Security and Privacy Magazine",
+
  publisher =    "IEEE",
+
  year      =        "2002",
+
  month    = Jan,
+
  url="http://www.simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf"
+
}
+
</bibtex>
+
  
=Evidence Gathering=
 
  
* [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
+
[[Image:Hard_drive_duplicator_data_copy_king.jpg|frame|Data Copy King package]]
  
=Fake Information=
+
== Universal hard drive duplicator ==
  
* [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
+
1, 'Universal' indicates the storage medias from hard drives to flash drives, from good storage medias to storage medias with defects such as a lot of bad sectors, unstable heads or motor after head or platter swap, clicking drives but still detected in the bios or other kind of logical failure with detected status;
  
=Feature Extraction and Data Fusion=
+
2, 'Universal' suggests a combination of multiple Data Copy related solutions such as drive health checking, data clean or data destruction;
Computer Location Determination Through Geoparsing and Geocoding of
+
Extracted Features
+
http://www2.chadsteel.com:8080/Publications/drive_location2.doc
+
<bibtex>
+
@inproceedings{garfinkel:cda,
+
  title="Forensic feature extraction and cross-drive analysis",
+
  author="Simson Garfinkel",
+
  booktitle={Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS)},
+
  address = "Lafayette, Indiana",
+
  journal="Digital Investigation",
+
  year=2006,
+
  month=Aug,
+
  url="http://www.dfrws.org/2006/proceedings/10-Garfinkel.pdf",
+
  location="Lafayette, Indiana"
+
}
+
</bibtex>
+
  
=File Carving=
+
3, 'Universal' means the wide use among different fields like data recovery field, IT after sale field, Education and training field, Government and miliary field, computer forensics field, Financial department field etc;
  
 
+
4, One important thing to mention about the 'Universal' here is the green concept used, no backdoor design, physical read only, 0 training required, friendly and nice interface, Energy-saving, cost effective, etc.
* [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html  Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon.
+
 
+
<bibtex>
+
@article{
+
  journal="Journal of Digital Forensic Practice", 
+
  publisher="Taylor & Francis",
+
  author="Yoginder Singh Dandass and Nathan Joseph Necaise and Sherry Reede Thomas",
+
  title="An Empirical Analysis of Disk Sector Hashes for Data Carving",
+
  year=2008,
+
  volume=2,
+
  issue=2,
+
  pages="95--106",
+
  abstract="Discovering known illicit material on digital storage devices is an important component of a digital forensic investigation. Using existing data carving techniques and tools, it is typically difficult to recover remaining fragments of deleted illicit files whose file system metadata and file headers have been overwritten by newer files. In such cases, a sector-based scan can be used to locate those sectors whose content matches those of sectors from known illicit files. However, brute-force sector-by-sector comparison is prohibitive in terms of time required. Techniques that compute and compare hash-based signatures of sectors in order to filter out those sectors that do not produce the same signatures as sectors from known illicit files are required for accelerating the process.
+
 
+
This article reports the results of a case study in which the hashes for over 528 million sectors extracted from over 433,000 files of different types were analyzed. The hashes were computed using SHA1, MD5, CRC64, and CRC32 algorithms and hash collisions of sectors from JPEG and WAV files to other sectors were recorded. The analysis of the results shows that although MD5 and SHA1 produce no false-positive indications, the occurrence of false positives is relatively low for CRC32 and especially CRC64. Furthermore, the CRC-based algorithms produce considerably smaller hashes than SHA1 and MD5, thereby requiring smaller storage capacities. CRC64 provides a good compromise between number of collisions and storage capacity required for practical implementations of sector-scanning forensic tools.",
+
  url="http://www.informaworld.com/10.1080/15567280802050436"
+
}
+
</bibtex>
+
 
+
=Text Mining=
+
 
+
'''Computer Forensic Text Analysis with Open Source Software,''' Christian Johansson, Masters Thesis, Blekinge Tekniska Hogskola, June 2003  http://www.fukt.bth.se/~uncle/papers/master/thesis.pdf
+
 
+
=Signed Evidence=
+
<bibtex>
+
@article{duerr-2004,
+
  title="Information Assurance Applied to Authentication of Digital Evidence",
+
  author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
+
  year=2004,
+
  journal="Forensic Science Communications",
+
  volume=6,
+
  number=4,
+
  url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
+
}
+
</bibtex>
+
 
+
 
+
<bibtex>
+
@article{OppligerR03,
+
  author    = {Rolf Oppliger and Ruedi Rytz},
+
  title    = {Digital Evidence: Dream and Reality},
+
  journal  = {IEEE Security {\&} Privacy},
+
  volume    = {1},
+
  number    = {5},
+
  year      = {2003},
+
  pages    = {44-48},
+
  url      = {http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1236234},
+
  abstract="Digital evidence is inherently weak. New evidence-gathering technologies-digital black boxes-must be developed and deployed to support investigations of irreproducible events such as digitally signing a document."
+
}
+
</bibtex>
+
 
+
=Theory=
+
'''A Hypothesis-Based Approach to Digital Forensic Investigations,''' Brian D. Carrier, Ph.D. Dissertation
+
Purdue University, May 2006 https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2006-06.pdf
+
 
+
=Other Papers=
+
 
+
* [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
+

Revision as of 22:52, 6 April 2010

Data Copy King is one disk image hardware,DoD data wipe hardware and also used as one professional forensic disk image tool.

Data Copy King has build-in IDE and SATA ports and supports USB data copy with adapters, it is one 1:1 hard drive duplicator. The top features of DCK is its claimed disk image speed at 7GB/min and data wipe speed at 8GB/min and its ability to copy bad sectors/unstable drives.


Data Copy King package

Universal hard drive duplicator

1, 'Universal' indicates the storage medias from hard drives to flash drives, from good storage medias to storage medias with defects such as a lot of bad sectors, unstable heads or motor after head or platter swap, clicking drives but still detected in the bios or other kind of logical failure with detected status;

2, 'Universal' suggests a combination of multiple Data Copy related solutions such as drive health checking, data clean or data destruction;

3, 'Universal' means the wide use among different fields like data recovery field, IT after sale field, Education and training field, Government and miliary field, computer forensics field, Financial department field etc;

4, One important thing to mention about the 'Universal' here is the green concept used, no backdoor design, physical read only, 0 training required, friendly and nice interface, Energy-saving, cost effective, etc.