DOCSLIB.ORG

SAFE Boot CD Version 1.2.1.6711 Evaluation Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SAFE Boot CD Version 1.2.1.6711 Evaluation Report SAFE Boot CD Version 1.2.1.6711 E V A L U A T I O N R E P O R T January 2012 NIJ Electronic Crime Technology Center of Excellence 550 Marshall St., Suite B Phillipsburg, NJ 08865 www.ECTCoE.org NIJ ECTCOE TESTING AND EVALUATION PROJECT STAFF Robert J. O’Leary, CFCE; DFCP Donald Stewart, CFCE; ACE Victor Fay-Wolfe, Ph.D. Russell Yawn, CFCE Randy Becker, CFCE Kristen McCooey, CCE; ACE Chester Hosmer Jacob Fonseca Laurie Ann O’Leary Mark Davis, Ph.D. Michael Terminelli, ACE Contents n i i i Table of Contents Introduction ................................................................................................................................................................1 Overview .....................................................................................................................................................................3 Product Information .............................................................................................................................................3 Product Description .............................................................................................................................................3 Special Features ...................................................................................................................................................3 Evaluation and Testing of SAFE Boot CD ................................................................................................................5 Test Bed Confguration .........................................................................................................................................5 Test: Forensic Soundness ....................................................................................................................................6 Test Results .................................................................................................................................................10 Test: HPA/DCO Function ....................................................................................................................................10 Test Results .................................................................................................................................................11 Test: Search Functionality ..................................................................................................................................11 Test Results .................................................................................................................................................11 Test: Bitlocker Encrypted Hard Drive .................................................................................................................12 Test Results .................................................................................................................................................14 Conclusion ...............................................................................................................................................................15 SAFE Boot CD Version 1.2.1.6711 Introduction n 1 Introduction he National Institute of Justice (NIJ) Electronic process. After grants are awarded, the grantee and Crime Technology Center of Excellence the NIJ program manager then work collaboratively (ECTCoE) has been assigned the responsibility to develop the solutions. T of conducting electronic crime and digital evidence n Phase IV: Demonstrate, test, evaluate and adopt tool, technology and training testing and evaluations potential solutions into practice. A potential solu- in support of the NIJ Research, Development, Testing tion is tested to determine how well it addresses and Evaluation (RDT&E) process. the intended functional requirement. NIJ then works The National Institute of Justice RDT&E process helps with frst-adopting agencies to facilitate the intro- ensure that NIJ’s research portfolios are aligned to duction of the solution into practice. After adoption, best address the technology needs of the criminal jus- the solution’s impact on practice is evaluated. Dur- tice community. The rigorous process has fve phases: ing the testing and evaluation process, performance standards and guides are developed (as appropri- n Phase I: Determine technology needs princi- ate) to ensure safety and effectiveness; not all new pally in partnership with the Law Enforcement solutions will require the publication of new stan- and Corrections Technology Advisory Council dards or guides. (LECTAC) and the appropiate Technology Work- ing Group (TWG). NIJ identifes criminal justice n Phase V: Build capacity and conduct outreach to practitioners’ functional requirements for new tools ensure that the new tool or technology benefts and technologies. (For more information on LECTAC practitioners. NIJ publishes guides and standards and the TWGs, visit http://www,justnet.org.) and provides technology assistance to second adopters.1 n Phase II: Develop technology program plans to address those needs. NIJ creates a multiyear The High Priority Criminal Justice Technology Needs research program to address the needs identifed are organized into fve functional areas: in Phase I. One of the frst steps is to determine n Protecting the Public. whether products that meet those needs currently exist or whether they must be developed. If a solu- n Ensuring Offcer Safety. tion is already available, Phases II and III are not n necessary, and NIJ moves directly to demonstra- Confrming the Guilty and Protecting the Innocent. tion, testing and evaluation in Phase IV. If solutions n Improving the Effciency of Justice. do not currently exist, they are solicited through annual, competitively awarded science and technol- n Enabling Informed Decision-Making. ogy solicitations and TWG members help review the The NIJ ECTCoE tool, technology and training evalu- applications. ation and testing reports support the NIJ RDT&E pro- n Phase III: Develop solutions. Appropriate solici- cess, which addresses high priority needs for criminal tations are developed and grantees are selected justice technology. through an open, competitive, peer-reviewed 1 National Institute of Justice High-Priority Criminal Justice Technology Needs, March 2009 NCJ 225375. SAFE Boot CD Version 1.2.1.6711 Overview n 3 Overview Product Information “SAFE (System Acquisition Forensic Environment) is the frst and only forensically sound Windows boot SAFE Boot CD is a software write-blocking solution disk. SAFE is a fully licensed version of Windows that can be used to collect potential evidence from a PE 3.0 protected by the proven SAFE Block soft- computer. The following is from the product website ware write-blocking technology. You can now boot (www.forensicsoft.com): and safely acquire and/or analyze any X86-based computer using your favorite Windows computer “The SAFE boot disk allows for write-blocked forensic software, without the need to remove acquisition, triage and/or analysis of any attached drives. This means that you can now easily and disks, including IDE (PATA and SATA), SCSI, USB, safely image every RAID, SAS, Fiber Channel and/ IEEE1394, SAS, Fiber Channel, fash media, etc. or laptop hard drive without the need for special This includes any hardware RAID arrays, which can adapters, controller cards or any other hardware be acquired and/or analyzed in the SAFE environ- device not already present on the machine. In addi- ment as a single array rather than having to acquire tion, even those drives protected by BitLocker can individual disks and attempt to rebuild the RAID ar- be accessed and analyzed.” ray in order to analyze it. Because Windows® device drivers are readily available for all disk controllers The SAFE Boot CD is avaiable in two versions, a (i.e., SAS, SCSI, SATA, etc.), using the SAFE boot consultant version for $399 (USB) and an enterprise disk, you will never be unable to forensically image version for $1,199 (USD). a RAID array due to lack of drivers, which is a com- mon issue with forensic examiners using Linux- based boot disks. Special Features Since the SAFE boot disk is built on a Microsoft n Windows Drivers ® Windows environment, you have the ability to The most common problem with Linux-based boot utilize your favorite GUI forensic tools such as disks is that drivers for RAID and other disk control- ® ® ® EnCase , FTK Imager, X-Ways Forensics, etc. lers are often not included in and/or not available with zero learning curve. The SAFE boot disk will for common Live Linux boot CDs. Even when have you out performing onsite acquisition, triage drivers are available, most non-Linux users would and analysis immediately. The user error risks and have diffculty installing any additional driver into issues that come along with utilizing Linux-based their favorite Linux boot CD. The SAFE boot disk boot disks, such as typos in command line applica- is based on the Windows 7 x 86 operating system, tions like “dd” or confusing /dev/sda with /dev/sdb and Windows drivers are readily available for all (or similar) do not exist within the SAFE boot disk Intel-based RAID and disk controllers. SAFE comes environment.” loaded with most Windows drivers and the ability to install any additional Windows drivers with a very Product Description simple process that can be done onsite at any time if needed. From the product’s website: SAFE Boot CD Version 1.2.1.6711 4 n Overview n NTFS File System Support o Tools: DOS or Linux OS boot disks do not support writ- l FTK Imager.
Load more

Recommended publications
  • Active@ Boot Disk User Guide Copyright © 2008, LSOFT TECHNOLOGIES INC
    Active@ Boot Disk User Guide Copyright © 2008, LSOFT TECHNOLOGIES INC. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from LSOFT TECHNOLOGIES INC. LSOFT TECHNOLOGIES INC. reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of LSOFT TECHNOLOGIES INC. to provide notification of such revision or change. LSOFT TECHNOLOGIES INC. provides this documentation without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. LSOFT may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time. All technical data and computer software is commercial in nature and developed solely at private expense. As the User, or Installer/Administrator of this software, you agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide. LSOFT.NET logo is a trademark of LSOFT TECHNOLOGIES INC. Other brand and product names may be registered trademarks or trademarks of their respective holders. 2 Active@ Boot Disk User Guide Contents 1.0 Product Overview ..........................................................................................................
    [Show full text]
  • Illustrated Tutorial: Creating a Bootable USB Flash Drive for Windows XP
    Illustrated tutorial: Creating a bootable Version 1.0 February 15, 2007 USB flash drive for Windows XP By Greg Shultz The ability to boot Windows XP from a USB Flash Drive (UFD) offers endless possibilities. For example, you might make an easy-to-use troubleshooting tool for booting and analyzing seemingly dead PCs. Or you could transport your favorite applications back and forth from home to work without having to install them on both PCs. However, before you can create a bootable UFD, you must clear a few hurdles. You saw that one coming didn’t you? The first hurdle is having a PC in which the BIOS will allow you to configure the USB port to act as a bootable device. The second hurdle is having a UFD that that will work as a bootable device and that’s large enough and fast enough to boot an operating system such as Windows XP. The third hurdle is finding a way to condense and install Windows XP on a UFD. If you have a PC that was manufactured in the last several years, chances are that its BIOS will allow you to configure the USB port to act as a bootable device. If you have a good qual- ity UFD that’s at least 512 KB and that was manufactured in the last couple of years, you’ve probably cleared the second hurdle. And once you’ve cleared those first two hur- dles, the third one is a piece of cake. All you have to do is download and run some free soft- ware to create the bootable UFD.
    [Show full text]
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • Supporting Operating System Installation | 3
    cc01SupportingOperatingSystemInstallation.indd01SupportingOperatingSystemInstallation.indd PagePage 1 08/10/1408/10/14 4:334:33 PMPM martinmartin //208/WB01410/XXXXXXXXXXXXX/ch01/text_s208/WB01410/XXXXXXXXXXXXX/ch01/text_s Supporting Operating LESSON 1 System Installation 70-688 EXAM OBJECTIVE Objective 1.1 – Support operating system installation. This objective may include but is not limited to: Support Windows To Go; manage boot settings, including native virtual hard disk (VHD) and multi-boot; manage desktop images; customize a Windows installation by using Windows Preinstallation Environment (PE). LESSON HEADING EXAM OBJECTIVE Using a Troubleshooting Methodology Viewing System Information Using the Event Viewer Supporting Windows To Go Support Windows To Go Creating and Deploying a Windows To Go Workspace Drive Booting into a Windows To Go Workspace Managing Boot Settings Manage boot settings, including native virtual hard disk (VHD) and multi-boot Using BCDEdit and BCDBoot Configuring a Multi-Boot System Manage boot settings, including native virtual hard disk (VHD) and multi-boot Configuring a Native VHD Boot File Manage boot settings, including native virtual hard disk (VHD) and multi-boot Understanding VHD Formats Installing Windows 8.1 on a VHD with an Operating System Present Installing Windows 8.1 on a VHD Without an Operating SystemCOPYRIGHTED Present MATERIAL Managing Desktop Images Manage desktop images Capturing Images Modifying Images using DISM Customizing a Windows Installation by Using Windows PE Customize a Windows
    [Show full text]
  • X-Ways Forensics/ Winhex
    X-Ways Software Technology AG X-Ways Forensics/ WinHex Integrated Computer Forensics Environment. Data Recovery & IT Security Tool. Hexadecimal Editor for Files, Disks & RAM. Manual Copyright © 1995-2014 Stefan Fleischmann, X-Ways Software Technology AG. All rights reserved. Contents 1 Preface ..................................................................................................................................................1 1.1 About WinHex and X-Ways Forensics.........................................................................................1 1.2 Legalities.......................................................................................................................................2 1.3 License Types ...............................................................................................................................2 1.4 Differences between WinHex and X-Ways Forensics..................................................................3 1.5 Getting Started with X-Ways Forensics........................................................................................4 2 Technical Background ........................................................................................................................5 2.1 Using a Hex Editor........................................................................................................................5 2.2 Endian-ness...................................................................................................................................6 2.3
    [Show full text]
  • Linux Boot Loaders Compared
    Linux Boot Loaders Compared L.C. Benschop May 29, 2003 Copyright c 2002, 2003, L.C. Benschop, Eindhoven, The Netherlands. Per- mission is granted to make verbatim copies of this document. This is version 1.1 which has some minor corrections. Contents 1 introduction 2 2 How Boot Loaders Work 3 2.1 What BIOS does for us . 3 2.2 Parts of a boot loader . 6 2.2.1 boot sector program . 6 2.2.2 second stage of boot loader . 7 2.2.3 Boot loader installer . 8 2.3 Loading the operating system . 8 2.3.1 Loading the Linux kernel . 8 2.3.2 Chain loading . 10 2.4 Configuring the boot loader . 10 3 Example Installations 11 3.1 Example root file system and kernel . 11 3.2 Linux Boot Sector . 11 3.3 LILO . 14 3.4 GNU GRUB . 15 3.5 SYSLINUX . 18 3.6 LOADLIN . 19 3.7 Where Can Boot Loaders Live . 21 1 4 RAM Disks 22 4.1 Living without a RAM disk . 22 4.2 RAM disk devices . 23 4.3 Loading a RAM disk at boot time . 24 4.4 The initial RAM disk . 24 5 Making Diskette Images without Diskettes 25 6 Hard Disk Installation 26 7 CD-ROM Installation 29 8 Conclusions 31 1 introduction If you use Linux on a production system, you will only see it a few times a year. If you are a hobbyist who compiles many kernels or who uses many operating systems, you may see it several times per day.
    [Show full text]
  • Flashboot User Manual
    FlashBoot User Manual © 2015 Mikhail Kupchik Contents 3 Table of Contents Foreword 0 Part I Introduction 5 1 Product................................................................................................................................... Overview 5 2 Why USB................................................................................................................................... Flash Disks? 5 3 Why FlashBoot?................................................................................................................................... 6 4 System................................................................................................................................... Requirements 7 5 Limitations................................................................................................................................... of Demo Version 8 6 Demo Version................................................................................................................................... -> Full Version 8 7 Support................................................................................................................................... & Feedback 8 Part II CD/DVD to USB conversions 9 1 Install ...................................................................................................................................full Win8/8.1/10 -> USB [BIOS mode] 9 2 Install................................................................................................................................... full
    [Show full text]
  • Active Boot Disk 12 Iso Download Active Boot Disk
    active boot disk 12 iso download Active boot disk. Active@ Boot Disk provides an impressive range of utilities for your hard disk and other storage devices. PC Win Boot. PC Win Boot is a System Rescue disc builder that enables you to make your own boot disk in minutes. Active Boot Disk. Active@ Boot Disk provides an impressive range of utilities for your hard disk and other storage devices. Similar choice. Programs for query ″active boot disk″ Acronis True Image Home. Acronis True Image, the most reliable, easy-to-use and secure personal backup software and the only backup that actively defends your files against ransomware. lost. Acronis Active Protection 2.0 . attacks. Active Disk Cloning - . create boot media . Active@ Boot Disk Creator. Active@ Boot Disk is a complete and functioning computer operating system on CD, DVD, or USB drive. Active @ Boot Disk is a complete . such as Active @ Disk Image, . DoD-compliant disk erasing . Active@ Partition Recovery. Active@ Partition Recovery allows you to recover deleted or damaged hard disk partitions from within either Windows or DOS. purposes. Active @ Partition . tools, Active @ Partition . and a boot disk creator. The . Active@ Disk Image. Active@ Disk Image is a PC disk image software that can do a backup as well as clone the full hard drive. Active @ Disk Image is a PC disk image . after booting up from Active @ Boot Disk Lite . Active@ LiveCD. Ultimate Boot Disk Active@ LiveCD combines a number of powerful tools that will enable you recover lost data . Ultimate Boot Disk Active @ LiveCD combines a . PTDD Super Fdisk.
    [Show full text]
  • Keypad and Troubleshooting Under MS-DOS Read Through All Steps Before Beginning
    Keypad and troubleshooting under MS-DOS Read through all steps before beginning. Steps below are specific for COM port 1 and COM port 2 configurations. FIRST, some steps to set the environment into a known working state that we'll work from: 1. Remove all other connected devices from the notebook 2. Disconnect any other attached devices including the IO bar from the notebook 3. Run a virus checker on your notebook 4. If possible complete a back up of at least your data before proceeding (not necessary just a common step of cautionary troubleshooting) As the Toshiba notebook restarts get into the BIOS settings. The steps below will ensure that your serial port is enabled and configured for COM1 (3F8H / IRQ 4) in the BIOS. For Non-Toshiba notebooks, please refer to your notebook user's guide on enabling and configuring your COM ports. 1. Press and Hold ESC right after the notebook completes the shutdown from above. 2. You'll get a Check system. Then Press [F1] key. 3. Press F1 key 4. Locate the Serial Port setup information (on many notebooks, you'll need to press the PgDn key to get to a second page). 5. Make sure the Serial Port is enabled and configured for COM1. 6. Press [END] key to save any changes you made and restart the notebook. Perform a clean boot to troubleshoot a possible hardware conflict. Follow the appropriate section below to boot clean (without any Autoexec.bat or config.sys files) For Windows 98 Restart the computer system. After the system has completed its BIOS check, (just before the Windows 98 logo screen) press and hold the CONTROL key (Ctrl) until the "Windows 98 Startup Menu" appears.
    [Show full text]
  • Active@ Livecd User Guide Copyright © 1999-2015, LSOFT TECHNOLOGIES INC
    Active@ LiveCD User Guide Copyright © 1999-2015, LSOFT TECHNOLOGIES INC. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from LSOFT TECHNOLOGIES INC. LSOFT TECHNOLOGIES INC. reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of LSOFT TECHNOLOGIES INC. to provide notification of such revision or change. LSOFT TECHNOLOGIES INC. provides this documentation without warranty of any kind, either, implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. LSOFT may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time. All technical data and computer software is commercial in nature and developed solely at private expense. As the User, or Installer/Administrator of this software, you agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide. LSOFT.NET logo is a trademark of LSOFT TECHNOLOGIES INC. Other brand and product names may be registered trademarks or trademarks of their respective holders. 2 Active@ LiveCD User Guide Contents 1 Product Overview................................................................................................................ 4 1.1 About Active@ LiveCD .................................................................................................. 4 1.2 Requirements for Using Active@ Boot Disk .................................................................... 6 1.3 Downloading and Creating Active@ LiveCD.................................................................... 6 1.4 Booting from a CD, DVD or USB Media .........................................................................
    [Show full text]
  • Microsoft Windows 7 Boot Disk Free Download
    microsoft windows 7 boot disk free download How to Create and Use Windows 7 Repair Disk with ISO? Want to create Windows 7 repair disk with ISO image files? See this article and I’ll show you how to create a Windows 7 Home Premium/Ultimate/ Professional repair disk ISO? By Ivy / Last update May 18, 2021. Where can I download Windows 7 ISO? “After reading through numerous threads on similar topics, I am stumped. I am "simply" trying to create a USB stick with System Repair image so I can restore a system image. I do not have a CD/DVD drive and was hoping to download the ISO but no joy, because the link I found didn’t have a download URL, or it was paid. Thanks for help” You can download windows 7 repair disk ISO from Microsoft as long as you have the product key of your computer. it’s a very authoritative website, which is used by many users in worldwide. You can use it with confidence. How to create Windows 7 repair disk with ISO? Before you start, you need to download Windows 7 repair disk ISO from Microsoft and Windows 7 USB DVD download tool. Besides, you still need a USB drive with 4GB capacity. Step 1. Open Windows 7 USB DVD download tool, click Browse to find your ISO image files, then click Next . Step 2. Choose USB as your media type. Step 3. Insert USB flash drive and select it, then click Begin copying . Note: This tool will format your USB flash drive first, then create bootable USB device.
    [Show full text]
  • Extraction of Creation-Time for Recovered Files on Windows FAT32 File System
    applied sciences Article Extraction of Creation-Time for Recovered Files on Windows FAT32 File System Wan Yeon Lee 1, Kyong Hoon Kim 2 and Heejo Lee 3,* 1 Department of Computer Science, Dongduk Women’s University, Seoul 02748, Korea; [email protected] or [email protected] 2 Department of Informatics, Gyeongsang National University, Jinju 52828, Korea; [email protected] 3 Department of Computer Science and Engineering, Korea University, Seoul 02841, Korea * Correspondence: [email protected]; Tel.: +82-2-3290-3208 Received: 16 November 2019; Accepted: 11 December 2019; Published: 15 December 2019 Abstract: In this article, we propose a creation order reconstruction method of deleted files for the FAT32 file system with Windows operating systems. Creation order of files is established using a correlation between storage locations of the files and their directory entry locations. This method can be utilized to derive the creation-time bound of files recovered without the creation-time information. In this article, we first examine the file allocation behavior of Windows FAT32 file system. Next, based on the examined behavior, we propose a novel method that finds the creation order of deleted files after being recovered without the creation-time information. Due to complex behaviors of Windows FAT32 file system, the method may find multiple creation orders although the actual creation order is unique. In experiments with a commercial device, we confirm that the actual creation order of each recovered file belongs to one of the creation orders found by the method. Keywords: creation-time; FAT32 file system; file allocation behavior; order reconstruction; recovered file 1.
    [Show full text]