±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36115
New Yesterday: 0 Visitors: 103

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

A digital seed bank

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

tootypeg
Senior Member
 

A digital seed bank

Post Posted: Aug 23, 19 10:05

Curious, do people think we should have a similar concept in digital forensics as the seed banks? For archiving old software versions, artefacts, hardware etc? Would love to hear some thoughts if anyone has any - is it necessary? Do we often get cases with super historic kit?  
 
  

minime2k9
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 23, 19 11:53

For software it's probably not the worst idea, as you never know when a company will go bust and software becomes unavailable or a specific version cannot be obtained.

The issue with hardware is will it work 10/15 years from now after being stuck in a storage room? Even if it does, will we have any compatible hardware to use it with?  
 
  

mcman
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 23, 19 13:26

I've read a few orgs and agencies doing this. I know NIST keeps some for their NSRL list as well as other purposes. I read somewhere that the Library of Congress was making an effort to archive software, not sure on the criteria though. I'm sure there are others.

Jamie  
 
  

athulin
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 24, 19 04:59

- tootypeg
Curious, do people think we should have a similar concept in digital forensics as the seed banks? For archiving old software versions, artefacts, hardware etc? Would love to hear some thoughts if anyone has any - is it necessary? Do we often get cases with super historic kit?


Yes. But probably not 'seeds' (all past releases of Windows or Windows Word, for example, as 'boxes'), but environments where these run.

Trying to install Windows NT on a modern computer can be a bit of a challenge, as installation checks if the CPU is supported. The test can be bypassed, but it's some additional work to do so. (This is useful for really early NTFS artifacts, in case you wonder.) And getting a product that relies on remote license activation to install is not going to work without a big hammer.

I recently had reason to fire up a Nokia Lumia 720, one of the phones that was not upgraded to Windows Phone 8.1 and later 10. Today it seems that most of the services required for a full setup have been discontinued, so on its own, and out of the box, it was unfortunately of comparably little use.

While bypassing internal checks is possible, it is not always desirable.

As for 'super historic kit' ... Windows XP is still running out there. OS/2 probably as well, but I've not seen that in a while. If you didn't collect the artifacts while the installations were current, you will presumably have to do so now. Or know exactly what platforms you have traces and artifacts from, and decline to work any other.  
 
  

keydet89
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 24, 19 10:36

- athulin
... Windows XP is still running out there.


This is exactly the reason why I chose to include XP image analysis in "Investigating Windows Systems", and why I maintain my tools, particularly those I use to carve Event Log records. These systems are still out there, still being used, and yet there are entire generations of DFIR folks who've never engaged in analysis of the platform.  
 
  

jaclaz
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 24, 19 16:01

- keydet89
- athulin
... Windows XP is still running out there.


This is exactly the reason why I chose to include XP image analysis in "Investigating Windows Systems", and why I maintain my tools, particularly those I use to carve Event Log records. These systems are still out there, still being used, and yet there are entire generations of DFIR folks who've never engaged in analysis of the platform.


Only FYI Smile :

msfn.org/board/topic/1...-the-club/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

tootypeg
Senior Member
 

Re: A digital seed bank

Post Posted: Aug 25, 19 09:30

Does anyone have links to the existing initiative? Im just struggling to locate any information on them?  
 

Page 1 of 1