±Forensic Focus Partners
|New Today: 0||Overall: 35140|
|New Yesterday: 1||Visitors: 155|
ForensicsBack to top Back to main Skip to menu
Self-Monitoring, Analysis and Reporting Technology (SMART) was pioneered by IBM in 1992 with their Predictive Failure Analysis mechanism, and was subsequently enhanced by Compaq's IntelliSafe technology . SMART has been implemented in the majority of ATA (IDE) and SCSI hard disks since 1995, and allows the hard disk to perform self-tests as well as track and store performance and statistical information which can help predict impending failure of the hard disk. This information includes the total amount of time the hard disk has been powered on for (referred to as Power_On_Hours, or Power_On_Minutes for some brands of hard disk), the number of times the hard disk has been powered on (referred to as Power_Cycle_Count), other attributes chosen by each hard disk vendor such as the hard disk's current temperature, and a log of low level hard disk errors  . SCSI hard disks typically do not provide the same detailed level of SMART information to the user as ATA/IDE hard disks , so this paper will focus on IDE hard disks.
The rest of this paper will focus on whether SMART attribute values can be prevented from being modified, since although there are some undocumented SMART functions  , the specifications do not provide a mechanism to set attribute values to an arbitrary number.
The specifications also state that the data structure containing returned SMART attribute values consists of read only attribute fields which cannot be modified . It is unfortunate that SMART attribute values cannot easily be modified to arbitrary numbers, otherwise they could be reset to their original values once the forensic duplication process has been completed.