Join Us!

Notifications
Clear all

Disk analysis  

  RSS
ISFC
 ISFC
(@isfc)
New Member

How can the investigator decide which tools to use for disk analysis?

Quote
Posted : 03/06/2011 3:29 am
mscotgrove
(@mscotgrove)
Senior Member

First question is why do you want to analyse the disk?

ReplyQuote
Posted : 03/06/2011 3:34 am
ISFC
 ISFC
(@isfc)
New Member

this is the question which i dont know the answer?

ReplyQuote
Posted : 03/06/2011 4:17 am
keydet89
(@keydet89)
Community Legend

The tools you use depend on a number of factors…what you hope to achieve, what you're familiar with, what you (or your employer) can afford…

ReplyQuote
Posted : 03/06/2011 4:29 am
ISFC
 ISFC
(@isfc)
New Member

this a a question for an exam?

ReplyQuote
Posted : 03/06/2011 4:47 am
pragmatopian
(@pragmatopian)
Active Member

this a a question for an exam?

I'm not sure what institution you're at, but I'm pretty sure that they'd take a dim view of soliciting exam answers from an online forum.

ReplyQuote
Posted : 03/06/2011 12:46 pm
mscotgrove
(@mscotgrove)
Senior Member

The question is too broad.

Does the disk work, ie physically OK.

Has it been formatted, or corrupted, or is it still valid.

What is the investigation for, eg suspected internet dealing, fraud, CP, stolen goods etc etc.

Is there suspicion that file may have been deleted or hidden

Was encryption used? Any passwords?

There are many ways and tools to examine disks. Knowing the head seek time and spin rate are probably irrelevant unless one is trying to discover if it was possible to write a 25GB file in a short period of time.

ReplyQuote
Posted : 03/06/2011 2:48 pm
spring
(@spring)
New Member

The following are the principles to decide which tool to use..

1. What OS does the forensics tools work on?

2. Is the tool versatile? For example, will it work on both Windows 98 and XP and produce the same result on both OSs?

3. Can the tool analyze more than one file system, such as FAT, NTFS, and Ext2fs?

4. Does the tool have any automated features that can help reduce the time to analyze data?

5. What is the vendor’s reputation for providing product support?

like that if u want analysis a hard disc, first of all u must come to a conclusion that what u want from that disc… deleted data- use recovery software tool, password recovery- use passware or PRTK ( Password recovery tool kit), with out any idea its useless to think about disk analysis….

ReplyQuote
Posted : 15/06/2011 7:11 pm
DFICSI
(@dficsi)
Active Member

For an exam question YOU need to figure this out for yourself. If you've been attending your classes, paying attention, and doing independent research then the question should be quite a simple one to answer. Sadly some people have already given you more than enough to start with.

ReplyQuote
Posted : 15/06/2011 7:52 pm
Share: