Notifications
Clear all

Disk analysis

9 Posts
6 Users
0 Likes
1,562 Views
 ISFC
(@isfc)
Posts: 4
New Member
Topic starter
 

How can the investigator decide which tools to use for disk analysis?

 
Posted : 03/06/2011 2:29 am
(@mscotgrove)
Posts: 938
Prominent Member
 

First question is why do you want to analyse the disk?

 
Posted : 03/06/2011 2:34 am
 ISFC
(@isfc)
Posts: 4
New Member
Topic starter
 

this is the question which i dont know the answer?

 
Posted : 03/06/2011 3:17 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

The tools you use depend on a number of factors…what you hope to achieve, what you're familiar with, what you (or your employer) can afford…

 
Posted : 03/06/2011 3:29 am
 ISFC
(@isfc)
Posts: 4
New Member
Topic starter
 

this a a question for an exam?

 
Posted : 03/06/2011 3:47 am
(@pragmatopian)
Posts: 154
Estimable Member
 

this a a question for an exam?

I'm not sure what institution you're at, but I'm pretty sure that they'd take a dim view of soliciting exam answers from an online forum.

 
Posted : 03/06/2011 11:46 am
(@mscotgrove)
Posts: 938
Prominent Member
 

The question is too broad.

Does the disk work, ie physically OK.

Has it been formatted, or corrupted, or is it still valid.

What is the investigation for, eg suspected internet dealing, fraud, CP, stolen goods etc etc.

Is there suspicion that file may have been deleted or hidden

Was encryption used? Any passwords?

There are many ways and tools to examine disks. Knowing the head seek time and spin rate are probably irrelevant unless one is trying to discover if it was possible to write a 25GB file in a short period of time.

 
Posted : 03/06/2011 1:48 pm
spring
(@spring)
Posts: 20
Eminent Member
 

The following are the principles to decide which tool to use..

1. What OS does the forensics tools work on?

2. Is the tool versatile? For example, will it work on both Windows 98 and XP and produce the same result on both OSs?

3. Can the tool analyze more than one file system, such as FAT, NTFS, and Ext2fs?

4. Does the tool have any automated features that can help reduce the time to analyze data?

5. What is the vendor’s reputation for providing product support?

like that if u want analysis a hard disc, first of all u must come to a conclusion that what u want from that disc… deleted data- use recovery software tool, password recovery- use passware or PRTK ( Password recovery tool kit), with out any idea its useless to think about disk analysis….

 
Posted : 15/06/2011 6:11 pm
(@dficsi)
Posts: 283
Reputable Member
 

For an exam question YOU need to figure this out for yourself. If you've been attending your classes, paying attention, and doing independent research then the question should be quite a simple one to answer. Sadly some people have already given you more than enough to start with.

 
Posted : 15/06/2011 6:52 pm
Share: