DOCSLIB.ORG

Systemrescuecd Homepage History

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Systemrescuecd Homepage History Homepage | Manual | Forums Quick Start Documentation Disk partitionning LVM Guide SystemRescueCd Homepage History English page | Seite auf Deutsch | Page en français | Página en español About SystemRescueCd Description: SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of linux software such as system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It can be used for both Linux and windows computers, and on desktops as well as servers. This rescue system requires no installation as it can be booted from a CD/DVD drive or USB stick, but it can be installed on the hard disk if you wish. The kernel supports all important file systems (ext2/ext3/ext4, reiserfs, btrfs, xfs, jfs, vfat, ntfs), as well as network filesystems (samba and nfs). System and Networking Guides In addition to the SystemRescueCd documentation here are other related guides: Disk Partitioning: Introduction, attributes, tools, GPT disks, How Grub boots, How to repair Grub LVM Volume-Manager: Overview, How it works, Booting, Rootfs on LVM, Snapshots and Backups Networking on Linux: network configuration, advanced routing, dport routing, load balancing Project documentation This project comes with good documentation. Here are the most important chapters: For the impatient: Cheap Linux DVD Quick start guide: please read this if this is the first time you are using this system recovery cd. SystemRescueCd Chapters about basic usage: Ubuntu 15.10 Fedora 22 Downloading and burning: how to download and burn SystemRescueCd CentOS 7.1 Booting SystemRescueCd: the boot options you many want to use Debian 8.2 Starting to use the system: how to use SystemRescueCd when it's ready OpenSUSE 13.2 Network: configuration and programs: how to configure internet and the network Log in Linux Mint 17.2 System software: description of the linux software which is available on this disc Mounting an NTFS partition with full Read-Write support: how to mount your windows partition to Knoppix 7.4 Search see its files Site map System boot floppy disks: other low level system tools you may need (e.g.: memory tester) Chapters about advanced usage: Home download How to personalize SystemRescueCd: make a custom SystemRescueCd with your own modifications System tools or software Package-list How to install SystemRescueCd on a USB-stick: how to install SystemRescueCd on a USB stick Beta versions Easy install SystemRescueCd on harddisk: you can also boot SystemRescueCd directly from the Screenshots harddisk USB-stick install PXE network booting with SystemRescueCd: you can boot SystemRescueCd from the network Customization Run your own scripts at start-up with autorun: use SystemRescueCd to run your own scripts ChangeLog Manage remote windows or linux servers using SystemRescueCd: administrate remote servers Modules using SystemRescueCd Kernel Backup data from an unbootable Windows computer: backup your data if your windows is broken FAQ Documentation System tools included Manual in GNU Parted: creates, resizes, moves, copies partitions, and filesystems (and more). English GParted: GUI implementation using the GNU Parted library. Manual in Partimage: popular opensource disk image software which works at the disk block level German ddrescue: Attempts to make a copy of a partition or floppy/Hard Disk/CD/DVD that has hardware Manual in errors, optionally filling corresponding bad spots in input with user defined pattern in the copy. French FSArchiver: flexible archiver that can be used as both system and data recovery software Manual in File systems tools (for Linux and Windows filesystems): format, resize, and debug an existing Spanish partition of a hard disk Manual in Italian Ntfs3g: enables read/write access to MS Windows NTFS partitions. sfdisk: saves / restores partition table (and more). System Guides Test-disk: tool to check and undelete partition, supports reiserfs, ntfs, fat32, ext2/3 and many others PARTITIONING Memtest+: to test the memory of your computer (first thing to test when you have a crash or LVM2 GUIDE unexpected problems) NETWORKING Rsync: very-efficient and reliable program that can be used for remote backups. Network tools (Samba, NFS, ping, nslookup, ...): to backup your data across the network Quick start guide Project links Browse the short system tools page for more details about the most important software included. Quick start (EN) Forums Browse the detailed package list for a full list of the packages. Schnellstart (DE) Documentation Guide rapide (FR) Sourceforge Guía Rápida (ES) Mailing list Advanced uses Quick start (IT) Sparc edition Changes SystemRescueCd is available for blind people. Now, the linux speakup screen reader is working well, and the speakup keymap is installed. This feature was tested by Gregory Nowak. Please note that you Linux links need SystemRescueCd-1.1.0 or later. Notes specific to using speakup in SystemRescueCD are available on the speakup info page. fsarchiver partimage It is possible to make customized versions of the CD. For example, you can add your own scripts, to make an automatic restoration of the system. It's also possible to burn a customized DVD, with SystemRescueCd and 4.2 GB for your data (backup for example). Read the manual for more details. There is a new manual chapter that explains How you can burn a DVD+RW from SystemRescueCd You can use SystemRescueCd to backup data from an unbootable Windows computer, if you want to backup the data stored on a Windows computer that cannot boot any more. It is very easy to install SystemRescueCd on a USB stick. That's very useful in case you can't boot from the CD drive. You just have to copy several files to the stick and run syslinux. The install process can be done from Linux or Windows. Follow instructions from the Manual for more details. More information about this project Please, ask questions and report bugs in the Forums. We will not answer emails about personal situations by email. You should subscribe to the announce mailing list if you want to receive an e-mail, when a new version is released. Since this list is moderated, spam is not possible. [low-traffic] SystemRescueCd is licensed under the GPL-2 license. You can contact us (the email address is protected by an anti-spam system) but please use the forums for technical and general questions. Retrieved from "http://www.sysresccd.org/wiki/index.php? title=SystemRescueCd_Homepage&oldid=7103" .
Load more

Recommended publications
  • Partition Wizard About Minitool Partition Wizard Minitool Partition Wizard Is an Easy-To-Use Partitioning Software with High Security and Efficiency
    MiniTool Partition Wizard About MiniTool Partition Wizard MiniTool Partition Wizard is an easy-to-use partitioning software with high security and efficiency. Due of its simple user interface, you can create, delete, format, move, and resize partitions with ease. What’s more, your data will always be protected when using MiniTool Partition Wizard to move and resize partitions. Main Functions of MiniTool Partition Wizard: Resize/ Move partitions Merge Partitions Create partitions Delete partitions Change Partition Label Delete all partitions Format partitions Change Cluster Size Convert file system Convert FAT to NTFS Convert NTFS to FAT Explore Partition Check Partitions Recovery Partition Wipe disk Wipe partition Copy partition Copy disks Initialize to MBR disk Initialize to GPT disk Align All Partitions Align Partition Convert MBR Disk to GPT Disk Convert GPT Disk to MBR Disk Dynamic Disk Create volume Delete Volume Format Volume Move/Resize Volume Wipe Volume Explore Volume Check File System Change Volume Label Change Volume Letter Change Volume Cluster Size Volume Properties MiniTool Partition Wizard Staring MiniTool Partition Wizard You can start MiniTool Partition Wizard from the Start menu in Windows Click Start menu > All Programs > MiniTool Partition Wizard xxx Edition > MiniTool Partition Wizard xxx Edition Xxx is your present edition of MiniTool Partition Wizard, Such as Home, Professional, Server, and Enterprise MiniTool Partition Wizard Hardware Requirements Minimum Hardware requirements: 500 MHz x86 or compatible CPU. 256mb RAM memory. Mouse and Keyboard. Recommended Hardware requirements: 1 GHz x86 or compatible CPU. 512mb RAM memory. Mouse and Keyboard. MiniTool Partition Wizard System Requirements Note: you should have access to administration while using Partition Wizard.
    [Show full text]
  • Computer Hardware
    Chapter Computer Hardware ENCE EXAM TOPICS COVERED IN 1 THIS CHAPTER: ✓ Computer hardware components ✓ The boot process ✓ Partitions ✓ File systems COPYRIGHTED MATERIAL Computer forensics examiners deal most often with the media on which evidentiary data is stored. This includes, but is not lim- ited to, hard drives, CDs, DVDs, fl ash memory devices, smart phones, tablets, and even legacy fl oppies and tapes. Although these devices might be the bane of the examiner’s existence, media devices don’t exist in a void, and knowledge of a computer’s various components and functions is a must for the competent examiner. As an examiner, you may be called upon to explain how a computer functions to a jury. Doing so requires you know a computer’s function from a technical standpoint and that you can translate those technical concepts into real-world, easy-to-understand terms. As an examiner, you may also be subjected to a voir dire examination by opposing coun- sel to challenge your competence to testify. Acronyms are hardly in short supply in the fi eld of computing—some well-known and meaningful, others more obscure. Imagine being asked during such an examination to explain several of the common acronyms used with computers, such as RAM, CMOS, SCSI, BIOS, and POST. If you were to draw a blank on some obscure or even common acronym, picture its impact on your credibility. Some acronyms are difficult to remember because their meaning is often obscure or meaningless. A good example is TWAIN, which stands for T ech- nology W ithout a n I nteresting N ame.
    [Show full text]
  • CIS 4360 Secure Computer Systems Attacks Against Boot And
    CIS 4360 Secure Computer Systems Attacks against Boot and RAM Professor Qiang Zeng Spring 2017 Previous Class • BIOS-MBR: Generation I system boot – What BIOS and MBR are? – How does it boot the system? // Jumping to MBR – How does multi-boot work? // Chain-loading • The limitations of BIOS and MBR – Disk, memory, file system, multi-booting, security, … • UEFI-GPT: Generation II system boot – What UEFI and GPT are? – How does it boot the system? // UEFI boot manager – How does multi-boot work? // separate dirs in ESP CIS 4360 – Secure Computer Systems 2 Limitations of BIOS-MBR • MBR is very limited – Support ~2TB disk only – 4 primary partitions at most (so four OSes at most) – A MBR can store only one boot loader • BIOS is very restrictive – 16-bit processor mode; 1MB memory space (little spare space to accommodate a file system driver) – Blindly executes whatever code on MBR CIS 4360 – Secure Computer Systems 3 UEFI vs. BIOS • Disk partitioning schemes – GPT (GUID Partition Table): part of UEFI spec.; to replace MBR – MBR supports disk size 232 x 512B = 2TB, while UEFI supports much larger disks (264 x 512B = 8,000,000,000 TB) – MBR supports 4 partitions, while GPT supports 128 • Memory space – BIOS: 20-bit addressing; UEFI: 32-bit or 64-bit • Pre-OS environment – BIOS only provides raw disk access, while UEFI supports the FAT file system (so you can use file names to read files) • Booting – BIOS supports boot through boot sectors (MBR and VBR) – UEFI provides a boot partition of hundreds of megabytes (and boot manager and secure boot) CIS 4360 – Secure Computer Systems 4 Previous Class How does dual-boo-ng of Linux and Windows work in UEFI-GPT? Each vendor has a separate directory storing its own boot loader code and configuraon files in the ESP (EFI System Par--on).
    [Show full text]
  • Systems Programmer, Heal Thy PC Part 2: Tune-Up Time Session
    Systems Programmer, Heal Thy PC Part 2: Tune-Up Time Session 10254, Thursday, March 15, 2012 James Willette, Sunrise e-Services Victor Freyer, Lemon Bay Computer Service Do-It-Yourself PC Tune-Up • Why do it yourself? • Personal privacy • Can’t live without your computer • Sense of accomplishment • Second career? • The Geek Squad™ wants to charge what!? • What do you need? • A plan • A toolkit full of free tools Simple 15-Step Process • Boot to Windows • Remove unneeded • Shutdown Windows programs from startup • Evaluate hard drive health • Remove Internet Explorer • Backup Windows partition toolbars • • Virus review and removal Remove temporary files • • Correct file system errors Defragment Windows • partition Windows System File • Checker Update system BIOS • • Uninstall unnecessary Update programs programs • Install anti-virus software Boot and Shutdown • Computer must not be Suspended or Hibernating • Likelihood of corrupting your file system • Benchmark startup time • So you can compare when you’re done • Shutdown to insure a clean file system close • Save yourself from problems later Evaluate Hard Drive Health • Boot SystemRescueCD • Download the live Linux cd www.sysresccd.org • Burn with isorecorder.alexfeinman.com • Review hard drive SMART statistics • smartctl -a /dev/sda • Run SMART self test • smartctl -t short /dev/sda • smartctl -l selftest /dev/sda SMART Statistics • smartctl -a /dev/sda Model Family: Western Digital Scorpio family Device Model: WDC WD800BEVE-00UYT0 Serial Number: WD-WXE408L96343 Firmware Version: 01.04A01 User Capacity: 80,026,361,856 bytes ... SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE ..
    [Show full text]
  • Netinfo 2009-06-11 Netinfo 2009-06-11
    Netinfo 2009-06-11 Netinfo 2009-06-11 Microsoft släppte 2009-06-09 tio uppdateringar som täpper till 31 stycken säkerhetshål i bland annat Windows, Internet Explorer, Word, Excel, Windows Search. 18 av buggfixarna är märkta som kritiska och elva av dem är märkta som viktiga, uppdateringarna finns för både servrar och arbetsstationer. Säkerhetsuppdateringarna finns tillgängliga på Windows Update. Den viktigaste säkerhetsuppdateringen av de som släpptes är den för Internet Explorer 8. Netinfo 2009-06-11 Security Updates available for Adobe Reader and Acrobat Release date: June 9, 2009 Affected software versions Adobe Reader 9.1.1 and earlier versions Adobe Acrobat Standard, Pro, and Pro Extended 9.1.1 and earlier versions Severity rating Adobe categorizes this as a critical update and recommends that users apply the update for their product installations. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. Netinfo 2009-06-11 SystemRescueCd Description: SystemRescueCd is a Linux system on a bootable CD-ROM for repairing your system and recovering your data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It is very easy to use: just boot the CDROM. The kernel supports most of the important file systems (ext2/ext3/ext4, reiserfs, reiser4, btrfs, xfs, jfs, vfat, ntfs, iso9660), as well as network filesystems (samba and nfs).
    [Show full text]
  • Acronis® Disk Director® 12 User's Guide
    User Guide Copyright Statement Copyright © Acronis International GmbH, 2002-2015. All rights reserved. "Acronis", "Acronis Compute with Confidence", "Acronis Recovery Manager", "Acronis Secure Zone", Acronis True Image, Acronis Try&Decide, and the Acronis logo are trademarks of Acronis International GmbH. Linux is a registered trademark of Linus Torvalds. VMware and VMware Ready are trademarks and/or registered trademarks of VMware, Inc. in the United States and/or other jurisdictions. Windows and MS-DOS are registered trademarks of Microsoft Corporation. All other trademarks and copyrights referred to are the property of their respective owners. Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of this work or derivative work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Third party code may be provided with the Software and/or Service. The license terms for such third-parties are detailed in the license.txt file located in the root installation directory. You can always find the latest up-to-date list of the third party code and the associated license terms used with the Software and/or Service at http://kb.acronis.com/content/7696 Acronis patented technologies Technologies, used in this product, are covered and protected by one or more U.S.
    [Show full text]
  • System Rescue CD Als Rettungs-Stick
    PRAXIS SYSTEM-RESCUE-STICK System Rescue CD als Rettungs-Stick Die System Rescue CD 2.2.0 macht Ihren USB-Stick zum universellen Datenretter. Nach einem System-Crash sichert der Stick wichtige Dateien noch auf CD, USB-Festplatte oder einen FTP-Speicher. ie System Rescue CD 2.2.0 ist Das HP-Tool erkennt automatisch ei- D eine auf Linux basierende nen angesteckten USB-Stick und Notfall-CD (kos tenlos, www.sysresc zeigt ihn unter “Device“ an. Falls er cd.org und auf ). Das kompakte nicht automatisch erscheint, dann Rettungssystem lässt sich in wenigen wählen Sie ihn im Auswahlmenü ma- Minuten auf einem bootfähigen nuell aus. Anschliessend aktivieren USB-Stick installieren, enthält zahl- Sie bei “File system“ das Dateisystem reiche Rettungs-Tools und sichert “FAT32“. Deaktivieren Sie alle “For- wichtige Daten auf beliebigen mat options“ und beginnen Sie dann Speichermedien (Bild A). die Formatierung des Sticks mit “Start, Ja“. Rettungs-Stick erstellen Tipp: Wenn Sie einen U3-Stick ver- wenden wollen, dann entfernen Sie Ein komfortables Windows-Tool führt zuvor den U3-Launcher mit dem Tool Sie Schritt für Schritt durch die Konfi- U3 Launchpad Removal (kostenlos, guration und Installation Ihres Sys - http://u3.sandisk.com und auf ). tem-Rescue-Sticks. System Rescue CD 2.2.0: Die Rettungs-CD mit grafischer Oberfläche bootet auch USB-Installer starten USB-Stick vorbereiten vom USB-Stick (Bild A) Die Installation der System Rescue Sichern Sie zunächst alle Daten Ihres CD 2.2.0 auf einem USB-Stick über- USB-Sticks, da diese sonst während der For- Support/SoftwareDescription.jsp?swItem=ob- nimmt der System Rescue CD USB Installer matierung des Datenträgers verloren gehen.
    [Show full text]
  • PC Partitioning and OS2 LVM
    PC partitioning and OS2 LVM Jan van Wijk Principles of disk-partitioning as used on most personal computer systems, including the OS/2 Logical Volume Manager extensions Presentation contents Who am I Physical disk layout Partition-tables Primary versus Logical partitions OS/2 and eCS Logical Volume Manager Examples using DFSee ... PC partitioning principles, including OS/2 LVM © 2007 JvW Who am I ? Jan van Wijk Software Engineer, C, Rexx, Assembly Founded FSYS Software in 2001 First OS/2 experience in 1987, developing parts of OS/2 1.0 EE (Query Manager, later DB2) Used to be a systems-integration architect at a large bank, 500 servers and 7500 workstations Home page: http://www.dfsee.com PC partitioning principles, including OS/2 LVM © 2007 JvW What is ... Disk partitioning dividing the available disk space over one or more separate areas called 'partitions' that each have there own filesystem structures A Filesystem A way to organize data-structures on a disk (partition) to allow storage of file data, and retrieve that data Software (driver) to work with the filesystem PC partitioning principles, including OS/2 LVM © 2007 JvW Why use partitions ? To keep things separate, like applications and data, operating system, swap-space To have different/multiple driveletters (PC) To use the full disk-size when the filesystem is limited in size (FAT 2GiB, HPFS 64 GiB) To use more than one OS (multi boot) Because most operating systems require partitioning data, even with a single partition PC partitioning principles, including
    [Show full text]
  • Systems Programmer, Heal Thy PC Part 1: Virus Removal Session
    Systems Programmer, Heal Thy PC Part 1: Virus Removal Session 10255, Tuesday, March 13, 2012 James Willette, Sunrise e-Services Victor Freyer, Lemon Bay Computer Service Disclaimer • I use “virus” to refer to the whole class of malware that may infect your PC. • Purists would say that virii are programs that spread themselves. • Most of today’s malware is installed by the end user, and by definition is not a virus. Do-It-Yourself Virus Removal • Why do it yourself? • Company has Draconian rules about PC use • Anger and disbelief • Pride • Second career? • The Geek Squad™ wants to charge what!? • What do you need? • Clean boot environment • An eye for what’s unusual • A toolkit full of free tools So you think you have a virus? • Signs of malware • Computer is slow • Click on a Google result and go to some unrelated page • Lots of “undeliverable message” alerts in your inbox • “Warning, you have 732 viruses!!!!!” • Unable to run Windows updates • Unable to update your anti-virus program • Unable to connect to the Internet • Excessive TCP connections popup warning • “Do you want to allow this program to run?” So you think you have a virus? • Simple five step process • Turn the machine off – no graceful shutdown • Boot to a clean environment • Back up the boot drive • Disable the virus program • Fix corrupted registry and configuration files Boot to a Clean Envionment • WinBuilder – freeware to build Windows boot disks http://reboot.pro/forum/22 (registration required) • XP, Vista, Windows 7, Windows 8, Driveimage XML • EaseUS Todo Backup
    [Show full text]
  • File Systems: Semantics & Structure What Is a File
    5/15/2017 File Systems: Semantics & Structure What is a File 11A. File Semantics • a file is a named collection of information 11B. Namespace Semantics • primary roles of file system: 11C. File Representation – to store and retrieve data – to manage the media/space where data is stored 11D. Free Space Representation • typical operations: 11E. Namespace Representation – where is the first block of this file 11L. Disk Partitioning – where is the next block of this file 11F. File System Integration – where is block 35 of this file – allocate a new block to the end of this file – free all blocks associated with this file File Systems Semantics and Structure 1 File Systems Semantics and Structure 2 Data and Metadata Sequential Byte Stream Access • File systems deal with two kinds of information int infd = open(“abc”, O_RDONLY); int outfd = open(“xyz”, O_WRONLY+O_CREATE, 0666); • Data – the contents of the file if (infd >= 0 && outfd >= 0) { – e.g. instructions of the program, words in the letter int count = read(infd, buf, sizeof buf); Metadata – Information about the file • while( count > 0 ) { e.g. how many bytes are there, when was it created – write(outfd, buf, count); sometimes called attributes – count = read(infd, inbuf, BUFSIZE); • both must be persisted and protected } – stored and connected by the file system close(infd); close(outfd); } File Systems Semantics and Structure 3 File Systems Semantics and Structure 4 Random Access Consistency Model void *readSection(int fd, struct hdr *index, int section) { struct hdr *head = &hdr[section];
    [Show full text]
  • Booting and Installing the Operating System Grado En Inform´Atica2017/2018 Departamento De Computaci´On Facultad De Inform´Atica Universidad De Coru˜Na
    Booting and Installing the Operating System Grado en Inform´atica2017/2018 Departamento de Computaci´on Facultad de Inform´atica Universidad de Coru~na Antonio Y´a~nezIzquierdo Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 1 / 85 ContentsI 1 Selecting and preparing installation media installing an O.S. installation media preparing the media 2 The boot process booting booting steps 3 Preparing the disks. Basic disk partitioning disks partitions 4 Sharing disks among O.S.s sharing disks among O.S.s 5 Boot loaders lilo grub Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 2 / 85 ContentsII elilo syslinux using removable media Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 3 / 85 Selecting and preparing installation media Selecting and preparing installation media Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 4 / 85 Selecting and preparing installation media installing an O.S. Selecting and preparing installation media !installing an O.S. Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 5 / 85 Selecting and preparing installation media installing an O.S. Installing an O.S. the most common use of O.S.s is having them \installed" onto computers, and being run from the computer's storage devices there are also some \live" O.S.s that don't require installation but usually have limitations concerning what users can do and what software can be added installing is the process by which we put the O.S. files in one (or more) of the storage units of the system, thus allowing the system to execute the OS directly Antonio Y´a~nezIzquierdo Booting and Installing the Operating System 6 / 85 Selecting and preparing installation media installing an O.S.
    [Show full text]
  • Chapter 20 ADVANCED AUTOMATED DISK
    Chapter 20 ADVANCED AUTOMATED DISK INVESTIGATION TOOLKIT Umit Karabiyik and Sudhir Aggarwal Abstract Open source software tools designed for disk analysis play a critical role in digital forensic investigations. The tools typically are onerous to use and rely on expertise in investigative techniques and disk struc- tures. Previous research presented the design and initial development of a toolkit that can be used as an automated assistant in forensic in- vestigations. This chapter builds on the previous work and presents an advanced automated disk investigation toolkit (AUDIT) that leverages a dynamic knowledge base and database. AUDIT has new reporting and inference functionality. It facilitates the investigative process by han- dling core information technology expertise, including the choice and operational sequence of tools and their configurations. The ability of AUDIT to serve as an intelligent digital assistant is evaluated using a series of tests that compare it against standard benchmark disk images and examine the support it provides to human investigators. Keywords: Digital forensics, disk investigation toolkit, expert systems 1. Introduction Forensic investigations of disks are challenging because of the wide va- riety of available tools. Existing commercial and open source tools must be considered and new tools are constantly being released. Investigators are expected to know how to use and configure these tools and they are required to have a fair degree of information technology expertise. They must also have considerable knowledge about the technical details of each new disk type, filesystem and the locations on the disk where information could be hidden. This chapter builds on previous work on tool development [10] and presents an advanced automated disk investigation toolkit (AUDIT) that has been substantially improved and that leverages a dynamic knowl- c IFIP International Federation for Information Processing 2016 Published by Springer International Publishing AG 2016.
    [Show full text]