±Partners and Sponsors
New Today: 7
New Yesterday: 7
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
±Follow Forensic Focus
CCTV Backup and Imaging Strategies
I have a number of Intellex systems that need to be imaged or backed up. Each system has no means of producing a full backup. Selected frames can be exported to DVD's but thats it.
The CCTV systems are still active and we dont want to take them offline for too long. The problem is, the vendors said for them to perform the backup would take a number of days, which is unacceptible.
I suggested putting in new hard drives and bagging and tagging the original, but the drives are encrypted and was informed that they can only be loaded through the same Intellex system version they came from, which may cause issues down the line. We are not looking to analyse the data, its a safe guard for the future, but if we get down the line and the systems are not longer available would cause problems.
Does anyone have any suggestion on how best to approach this?
If the harddisks are encrypted maybe it is possible to extract the encryption keys (the keys needs to be stored somewhere) and (like you said) make a copy of the harddisks.
Are you sure the HD recorder uses encryption? Never seen real encryption on HD recorders only some linux based filesystems. Maybe you can share the modelnumber so we can read the specs/manuals of this device.
For forensic analysis? If yes, then usage should be stopped immediately. At each second of usage, previous videos are being wiped with new videos.
Most these systems can store upto 7 days or 1 month at most. So, they should not waste time if they ask for recovering deleted videos from a previous date.
If they use proprietary formats, other than dvr, you will probably not achieve recovering deleted videos for a specific date, as most these times uses ext2, ext3 file systems in which encase is not capable of recovering proprietary video files as it does in FAT/NTFS systems.
- Senior Member