±Forensic Focus Partners
New Today: 5
New Yesterday: 9
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
· The Complete Workflow of Forensic Image and Video Analysis
· Browser Anti Forensics
· Coming apart at the SIEMs …
±Follow Forensic Focus
CCTV Backup and Imaging Strategies
I have a number of Intellex systems that need to be imaged or backed up. Each system has no means of producing a full backup. Selected frames can be exported to DVD's but thats it.
The CCTV systems are still active and we dont want to take them offline for too long. The problem is, the vendors said for them to perform the backup would take a number of days, which is unacceptible.
I suggested putting in new hard drives and bagging and tagging the original, but the drives are encrypted and was informed that they can only be loaded through the same Intellex system version they came from, which may cause issues down the line. We are not looking to analyse the data, its a safe guard for the future, but if we get down the line and the systems are not longer available would cause problems.
Does anyone have any suggestion on how best to approach this?
If the harddisks are encrypted maybe it is possible to extract the encryption keys (the keys needs to be stored somewhere) and (like you said) make a copy of the harddisks.
Are you sure the HD recorder uses encryption? Never seen real encryption on HD recorders only some linux based filesystems. Maybe you can share the modelnumber so we can read the specs/manuals of this device.
- Senior Member
For forensic analysis? If yes, then usage should be stopped immediately. At each second of usage, previous videos are being wiped with new videos.
Most these systems can store upto 7 days or 1 month at most. So, they should not waste time if they ask for recovering deleted videos from a previous date.
If they use proprietary formats, other than dvr, you will probably not achieve recovering deleted videos for a specific date, as most these times uses ext2, ext3 file systems in which encase is not capable of recovering proprietary video files as it does in FAT/NTFS systems.
- Senior Member