Notifications
Clear all

A digital seed bank

7 Posts
6 Users
0 Likes
1,167 Views
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Curious, do people think we should have a similar concept in digital forensics as the seed banks? For archiving old software versions, artefacts, hardware etc? Would love to hear some thoughts if anyone has any - is it necessary? Do we often get cases with super historic kit?

 
Posted : 23/08/2019 10:05 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

For software it's probably not the worst idea, as you never know when a company will go bust and software becomes unavailable or a specific version cannot be obtained.

The issue with hardware is will it work 10/15 years from now after being stuck in a storage room? Even if it does, will we have any compatible hardware to use it with?

 
Posted : 23/08/2019 11:53 am
(@mcman)
Posts: 189
Estimable Member
 

I've read a few orgs and agencies doing this. I know NIST keeps some for their NSRL list as well as other purposes. I read somewhere that the Library of Congress was making an effort to archive software, not sure on the criteria though. I'm sure there are others.

Jamie

 
Posted : 23/08/2019 1:26 pm
(@athulin)
Posts: 1156
Noble Member
 

Curious, do people think we should have a similar concept in digital forensics as the seed banks? For archiving old software versions, artefacts, hardware etc? Would love to hear some thoughts if anyone has any - is it necessary? Do we often get cases with super historic kit?

Yes. But probably not 'seeds' (all past releases of Windows or Windows Word, for example, as 'boxes'), but environments where these run.

Trying to install Windows NT on a modern computer can be a bit of a challenge, as installation checks if the CPU is supported. The test can be bypassed, but it's some additional work to do so. (This is useful for really early NTFS artifacts, in case you wonder.) And getting a product that relies on remote license activation to install is not going to work without a big hammer.

I recently had reason to fire up a Nokia Lumia 720, one of the phones that was not upgraded to Windows Phone 8.1 and later 10. Today it seems that most of the services required for a full setup have been discontinued, so on its own, and out of the box, it was unfortunately of comparably little use.

While bypassing internal checks is possible, it is not always desirable.

As for 'super historic kit' … Windows XP is still running out there. OS/2 probably as well, but I've not seen that in a while. If you didn't collect the artifacts while the installations were current, you will presumably have to do so now. Or know exactly what platforms you have traces and artifacts from, and decline to work any other.

 
Posted : 24/08/2019 4:59 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

… Windows XP is still running out there.

This is exactly the reason why I chose to include XP image analysis in "Investigating Windows Systems", and why I maintain my tools, particularly those I use to carve Event Log records. These systems are still out there, still being used, and yet there are entire generations of DFIR folks who've never engaged in analysis of the platform.

 
Posted : 24/08/2019 10:36 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

… Windows XP is still running out there.

This is exactly the reason why I chose to include XP image analysis in "Investigating Windows Systems", and why I maintain my tools, particularly those I use to carve Event Log records. These systems are still out there, still being used, and yet there are entire generations of DFIR folks who've never engaged in analysis of the platform.

Only FYI )

https://msfn.org/board/topic/176692-windows-xp-spotter-the-club/

jaclaz

 
Posted : 24/08/2019 4:01 pm
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Does anyone have links to the existing initiative? Im just struggling to locate any information on them?

 
Posted : 25/08/2019 9:30 am
Share: