Overview of Digital Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Overview of Digital Forensics Overview of Digital Forensics Cybersecurity Digital Forensics Cyberincidents are fast moving and increasing in number and severity. When a cyberincident occurs, the attacked enterprise responds with a set of predetermined actions. Applying digital forensics to aid in the recovery and investigation of material on digital media and networks is one of these actions. Digital forensics is the “process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings (i.e., a court of law).” The purpose of this white paper is to provide an overview of digital forensics as it applies to cybersecurity. www.isaca.org/cyber Overview of Digital Forensics Cybersecurity Digital Forensics Cyberincidents are fast moving and increasing in BRIEF HISTORY OF DIGITAL FORENSICS number and severity. When a cyberincident occurs, Digital forensics is nearly 40 years old, beginning in the late the attacked enterprise responds with a set of 1970s as a response to a demand for service from the law predetermined actions. Applying digital forensics to enforcement community (see figure ).1 Most of the first aid in the recovery and investigation of material on criminal cases that involved computers were for financial digital media and networks is one of these actions. fraud.2 In the 1980s, digital forensics training courses were Digital forensics is the “process of identifying, developed by organizations such as the Association of preserving, analyzing and presenting digital evidence Certified Fraud Examiners, the National Consortium for in a manner that is legally acceptable in any legal Justice Information and Statistics, and the High Technology proceedings (i.e., a court of law).”1 The purpose of Crime Investigation Association (HTCIA); the first digital this white paper is to provide an overview of digital forensics company, Access Data, was formed; and the forensics as it applies to cybersecurity. International Association of Computer Investigative Specialists (IACIS) was formed.3 Today, students can earn The methods that digital forensics uses to handle a Bachelor of Science degree in Computer Forensics and digital evidence are very much grounded in the field’s Digital Investigations. roots in the scientific method of forensic science. Every forensic science certification requires a code of conduct of an unbiased and ethical approach to examinations. FIGURE 1 Digital Forensics Time Line Ad Hoc Structured Phase Enterprise Phase Golden Age 1970 1980 1990 2000 2010 1 InternationalEvidence formedOrganization on ComputerDOJ/FBI Technical Working Group UK National Hi-Tech Crime Unit SWGDfor Computer publishes Forensics Best Practices PaperBudapest Convention on CybercrimeISO publishes standard ISO 17025 Financial Cases Fraud ExaminersAssociation of Certified Team Search,HTCIA, FLETC, FBI CART 1 Access Data ScientificDigital Evidence Working (SWGDE) Group on Computer Evidence st st Forensics Company International Conference 1 Mohay, George M.; Alison Anderson; Byron Collie; Rodney D. McKemmish; Olivier de Vel; Computer and Intrusion Forensics, Artech House, USA, 2003 2 Ibid. 3 The International Society of Forensic Computer Examiners®, “Certified Computer Examiner,” www.isfce.com/history.htm © 2015 ISACA. All Rights Reserved. 2 Overview of Digital Forensics Early forensic tools, like MACE and Norton, provided Following are further developments in digital forensics: basic recovery abilities, such as undelete and • 1993—The first International Conference on Computer unformat. Most investigations were on a single Evidence was held in the United States. workstation that was used by one individual. The open-source, community-driven model that is used • 1995—The International Organization on Computer today for digital forensic tool development makes tool Evidence (IOCE) was formed. evolution modular, extensible, robust and sustainable, • 1998—G8 appointed IOCE to create international across various platforms. Software and standards principles, guidelines and procedures for digital baselines provide a foundation that focuses on evidence and the INTERPOL Forensic Science extensions, plug-ins and digital evidence bag (DEB) Symposium, to respond to issues in computer metaformat for development. forensics. With the advent of cases admitting digital Government involvement in standardizations began evidence in court, there was a need for standardization. in 1984, when the FBI established the Computer • 2002—The SWGDE published “Best practices for Analysis and Response Team (CART) to meet the Computer Forensics.”5 growing demands of law enforcement for a more • 2004—The Budapest Convention on Cybercrime, which structured approach to examine evidence. By the was signed in 2001, became effective. The convention early 1990s, the FBI was assisting the US Postal worked to reconcile national computer crime laws, Service in creating its own computer forensics unit. investigative techniques and international cooperation. A group of federal crime laboratory directors, which The Convention was the first international treaty on became the Scientific Working Group on Digital crimes committed via the Internet and other computer Evidence (SWGDE), began meeting twice a year to networks, focusing on infringements of copyright, discuss areas of mutual interest. After Mark Pollitt, computer-related fraud, child pornography, hate crimes Unit Chief of CART, spoke to the directors about and violations of network security.6 The United States digital evidence and Scott Charney, CCIPS, discussed was the sixteenth country to ratify the Convention in legal aspects of computer evidence and search 2006.7 warrant requirements for seizing digital evidence, another technical working group (TWG) was formed • 2005—The International Organization for to address the forensic issues that are related to Standardization (ISO) published ISO 17025, General digital evidence.4 In the United Kingdom, the needs requirements for the competence of testing and of law enforcement led to the creation of the National calibration laboratories. Hi-Tech Crime Unit in 2001, with resources that are centralized in London. The unit became the Serious Organised Crime Agency (SOCA) in 2006. 4 Morgan Whitcomb, Carrie; “An Historical Perspective of Digital Evidence: A Forensic Scientist’s View,” International Journal of Digital Evidence, Spring 2002, Volume 1, Issue 1, www.utica.edu/academic/institutes/ecii/publications/articles/9C4E695B-0B78-1059-3432402909E27BB4.pdf 5 Scientific Working Group on Digital Evidence, “Best Practices for Computer Forensics v1.0,” 15 November 2004,https://www.swgde.org/documents/Archived%20Documents/2004-11-15%20SWGDE%20 Best%20Practices%20for%20Computer%20Forensics%20v1.0 6 Council of Europe, “Convention on Cybercrime,” Budapest, 23 November 2001, www.conventions.coe.int/Treaty/en/Treaties/html/185.htm 7 Anderson, Nate; “World’s Worst Internet Law ratified by Senate,” arstechnica.com, 4 August 2006,www.arstechnica.com/uncategorized/2006/08/7421/ © 2015 ISACA. All Rights Reserved. 3 Overview of Digital Forensics In 2013, US President Obama issued Executive Order (EO) The two types of computer crime investigations are 13636, Improving Critical Infrastructure Cybersecurity, computer-based crime and computer-facilitated crime. which calls for a voluntary risk-based cybersecurity In a computer-based crime, a computer or computers framework (the Cybersecurity Framework, or CSF) that is are used as the vehicle to commit a crime. In computer- “prioritized, flexible, repeatable, performance-based, and facilitated crime, a computer is the target of a crime cost-effective.” The National Institute of Standards and (e.g., a hacking incident or theft of information).10 Technology (NIST) led the development of the CSF through Computer-based crimes are activities such as child an international partnership of organizations, including pornography, cyberbullying, cyberstalking, spamming or owners and operators of the nation’s critical infrastructure cyberterrorism. Typically, computers and/or hard drives and ISACA. Key principles from the ISACA COBIT 5 are seized as evidence and provided to a forensic expert business framework, which helps enterprises to govern to analyze. When a computer has been the target of a and manage their information and technology, are crime, usually the information system is compromised, embedded into the CSF. and information on the system or network is stolen, or Implementing the NIST Cybersecurity Framework guide fraudulent documents are created. Digital forensics is implements the CSF using ISACA’s COBIT 5 processes. used to capture volatile information from random access In the CSF, digital forensics is a subcategory in the memory (RAM) and other running processes, including Respond function and Analysis category of the Framework networks.11 It is important for the forensics expert to Core.8 The study guide for the ISACA Cybersecurity consider the following four areas of analyses: Fundamentals Certificate discusses digital forensics in the • Storage media incident responses topic.9 • Hardware and operating systems TYPES OF INVESTIGATIONS • Networks Although cybercrime activity and security breaches • Applications continue to rise, business requirements often take precedence over security requirements. This precedence leaves applications, systems and networks vulnerable to intrusion. When a breach occurs, the forensic analyst must locate the point of compromise. The mission criticality of the compromised application,
Recommended publications
  • User Guide Laplink® Diskimage™ 7 Professional
    http://www.laplink.com/contact 1 ™ E-mail us at [email protected] Laplink® DiskImage 7 Professional User Guide Tel (USA): +1 (425) 952-6001 Tel (UK): +44 (0) 870-2410-983 Fax (USA): +1 (425) 952-6002 Fax (UK): +44 (0) 870-2410-984 ™ Laplink® DiskImage 7 Professional Laplink Software, Inc. Customer Service/Technical Support: Web: http://www.laplink.com/contact E-mail: [email protected] Tel (USA): +1 (425) 952-6001 Fax (USA): +1 (425) 952-6002 Tel (UK): +44 (0) 870-2410-983 User Guide Fax (UK): +44 (0) 870-2410-984 Laplink Software, Inc. 600 108th Ave. NE, Suite 610 Bellevue, WA 98004 U.S.A. Copyright / Trademark Notice © Copyright 2013 Laplink Software, Inc. All rights reserved. Laplink, the Laplink logo, Connect Your World, and DiskImage are registered trademarks or trademarks of Laplink Software, Inc. in the United States and/or other countries. Other trademarks, product names, company names, and logos are the property of their respective holder(s). UG-DiskImagePro-EN-7 (REV. 5/2013) http://www.laplink.com/contact 2 ™ E-mail us at [email protected] Laplink® DiskImage 7 Professional User Guide Tel (USA): +1 (425) 952-6001 Tel (UK): +44 (0) 870-2410-983 Fax (USA): +1 (425) 952-6002 Fax (UK): +44 (0) 870-2410-984 Contents Installation and Registration System Requirements . 1 Installing Laplink DiskImage . 1 Registration . 2 Introduction to DiskImage Overview of Important Features . 2 Definitions . 3 Start Laplink DiskImage - Two Methods . 4 Windows Start . .4 Bootable CD . .4 DiskImage Tasks One-Click Imaging: Create an Image of the Entire Computer .
    [Show full text]
  • Vis: Virtualization Enhanced Live Forensics Acquisition for Native System
    Vis: Virtualization Enhanced Live Forensics Acquisition for Native System Miao Yu, Zhengwei Qi, Qian Lin, Xianming Zhong, Bingyu Li, Haibing Guan Shanghai Key Laboratory of Scalable Computing and Systems Shanghai Jiao Tong University f superymk, qizhwei, linqian, zhongxianming, justasmallfish, hbguan g @ sjtu.edu.cn Abstract Focusing on obtaining in-memory evidence, current live acquisition efforts either fail to provide accurate native system physical memory acquisition at the given time point or require suspending the machine and altering the execution environment drastically. To address this issue, we propose Vis, a light-weight virtualization approach to provide accurate retrieving of physical memory content while preserving the execution of target native system. Our experimental results indicate that Vis is capable of reliably retrieving an accurate system image. Moreover, Vis accomplishes live acquisition within 97.09∼105.86 seconds, which shows that Vis is much more efficient than previous remote live acquisition tools that take hours and static acquisition that takes days. In average, Vis incurs only 9.62% performance overhead to the target system. Keywords: Vis, Live acquisition, Accuracy, Virtualization 1. Introduction After forensic scopes and medias are determined, a typical computer forensics scenario has three steps: acquisition, analyzing and reporting [47, 9]. Focusing on the stages of acquisition and analyzing, computer forensics pro- poses two key challenges: how to obtain the complete system state and how to analyze the retrieved image effectively [39]. Missing image of memory Preprint submitted to Digital Investigation February 16, 2012 content leads to an incomplete or wrong investigation result, even with an incomparable analyzing technology. Transcending static acquisition strategies, live acquisition extends the information gathering range of forensics examiner, i.e., involving with the volatile data.
    [Show full text]
  • A User Guide for the FRED Family of Forensic Systems Thank You for Your Recent Order
    A User Guide for the FRED Family of Forensic Systems Thank you for your recent order. We hope you like your new FRED! Please do not hesitate to contact us if you have any questions or require any additional information. Although we welcome a phone call anytime, our preferred method of contact is via our website www.digitalintelligence.com . The sales and technical support ticketing system is easy to use and allow us to track all requests and responses. To create your user account click on the User Icon on the top right of the web page banner and click on Sign Up. Here you can register your FRED system as well as track your web order history and support tickets. Please note your system serial number is the unique identifier for your system. It is helpful if you use the system serial number in your correspondence. If you have a sales related question or technical support issue, simply navigate to www.digitalintelligence.com/support A searchable knowledge base, links to other help or informational topics as well as a “Open A Ticket” button link can be found near the bottom of the page. We want to remind you, regardless of your warranty status, we will always be willing to assist with any technical questions you have regarding any Digital Intelligence product. *** Read me first *** Forensic Recovery of Evidence Device This document contains important information about the configuration and operation of your FRED system. FAILURE TO FOLLOW THESE GUIDELINES MAY RESULT IN PHYSICAL DAMAGE TO YOUR EQUIPMENT WHICH IS NOT COVERED UNDER WARRANTY.
    [Show full text]
  • Artificial Intelligence System Introduction to the Smallt Alk-80 System
    USERS Part No. 070-5606-00 TEK MANUAL Product Group 07 4404 ARTIFICIAL INTELLIGENCE SYSTEM INTRODUCTION TO THE SMALLT ALK-80 SYSTEM Please Check at the Rear of this Manual for NOTES and CHANGE INFORMA TION First Printing DEC 1984 Revised AUG 1985 COIIWITTED 10 EXCEL.l.ENCE Copyright © 1985 by Tektronix, Inc., Beaverton, Oregon. Printed in the United States of America. All rights reserved. Contents of this publication may not be reproduced in any form without permission of Tektronix, Inc. TEKTRONIX is a registered trademark of Tektronix, Inc. Smalltalk-80 is a trademark of Xerox Corp. MANUAL REVISION STATUS PRODUCT: 4404 Artificial Intelligence System Smalltalk-80 System This manual supports the following versions of this product: Version T2.1.2 REV DATE DESCRIPTION DEC 1984 Original Issue AUG 1985 Addition of NOTES Section 4404 Smalltalk-80 System User's CONTENTS INTRODUCTION .......................................................................................................... 1 About This Manual ................................................................................................... 1 The 4404 Artificial Intelligence System Documentation .......... ....... ....... ......... .......... 2 The Smalltalk-80 System Reference Books ............................................................... 3 A SMALLTALK-80 SYSTEM OVERVIEW ................................................................ 4 What is The Smalltalk-80 System? ............................................................................ 4 The User Interface: Mouse,
    [Show full text]
  • A Single System Image Java Operating System for Sensor Networks
    A SINGLE SYSTEM IMAGE JAVA OPERATING SYSTEM FOR SENSOR NETWORKS Emin Gun Sirer Rimon Barr John C. Bicket Daniel S. Dantas Computer Science Department Cornell University Ithaca, NY 14853 {egs, barr, bicket, ddantas}@cs.cornell.edu Abstract In this paper we describe the design and implementation of a distributed operating system for sensor net- works. The goal of our system is to extend total system lifetime through power-aware adaptation for sensor networking applications. Our system achieves this goal by providing a single system image of a unified Java virtual machine to applications over an ad hoc collection of heterogeneous sensors. It automatically and transparently partitions applications into components and dynamically finds a placement of these components on nodes within the sensor network to reduce energy consumption and increase system longevity. This paper describes the design and implementation of our system and examines the question of where and when to mi- grate components in a sensor network. We evaluate two practical, power-aware, general-purpose algorithms for object placement, as well as an adaptive scheme for deciding the time granularity of object migration. We demonstrate that our algorithms can increase sensor network longevity by a factor of four to five by effec- tively distributing energy consumption and avoiding hotspots. 1. Introduction able to components at each node, in particular the available power and bandwidth may change over Sensor networks simultaneously promise a radi- time and necessitate the relocation of application cally new class of applications and pose signifi- components. Further, event sources that are being cant challenges for application development.
    [Show full text]
  • O&O Diskimage 16: GDPR-Compliant Data Backup for Businesses and IT
    Press Release January 27, 2021 - For immediate release O&O DiskImage 16: GDPR-compliant data backup for businesses and IT Service Providers Berlin, January 27, 2021 Data backup is vital for every enterprise. When data is lost, it’s not just customers and business data that disappears, commercial relationships can suffer long term damage as well, and this means serious trouble for the business itself. There is enormous pressure on current IT staff to make sure business operations are kept running constantly. O&O DiskImage can backup entire systems as well as individual drives and files while a computer is in operation. The backup can be made in the local network on a server or any other storage device such as a NAS or an external USB. In the process, data can be encrypted in accordance with GDPR requirements. The use of O&O DiskImage will never involve sharing information with servers belonging to any unauthorized third parties. O&O DiskImage 16 with its own recovery partition The new O&O DiskImage 16 now saves the recovery environment on the computer itself, so that in the event of system failure the system can be started directly from there. - including, of course, the last system image. Thanks to the integration into the system, the O&O DiskImage RecoveryPartition can be accessed immediately so that the last system image can be restored directly. If the Windows operating system does not start or faulty drivers must be uninstalled, with the integrated recovery environment, all O&O tools are available to get the system up and running again as easily as possible.
    [Show full text]
  • Providing a Shared File System in the Hare POSIX Multikernel Charles
    Providing a Shared File System in the Hare POSIX Multikernel by Charles Gruenwald III Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2014 c Massachusetts Institute of Technology 2014. All rights reserved. Author.............................................................. Department of Electrical Engineering and Computer Science May 21, 2014 Certified by. Frans Kaashoek Professor Thesis Supervisor Certified by. Nickolai Zeldovich Associate Professor Thesis Supervisor Accepted by . Leslie Kolodziejski Chairman, Department Committee on Graduate Theses 2 Providing a Shared File System in the Hare POSIX Multikernel by Charles Gruenwald III Submitted to the Department of Electrical Engineering and Computer Science on May 21, 2014, in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Abstract Hare is a new multikernel operating system that provides a single system image for multicore processors without cache coherence. Hare allows applications on different cores to share files, directories, file descriptors, sockets, and processes. The main challenge in designing Hare is to support shared abstractions faithfully enough to run applications that run on traditional shared-memory operating systems with few modifications, and to do so while scaling with an increasing number of cores. To achieve this goal, Hare must support shared abstractions (e.g., file descriptors shared between processes) that appear consistent to processes running on any core, but without relying on hardware cache coherence between cores. Moreover, Hare must implement these abstractions in a way that scales (e.g., sharded directories across servers to allow concurrent operations in that directory).
    [Show full text]
  • Kong-Quan-Mcsc-CSCI-August-2014.Pdf (988.7Kb)
    SCALABLE REAL-TIME OLAP SYSTEMS FOR THE CLOUD by Quan Kong Submitted in partial fulfillment of the requirements for the degree of Master of Computer Science at Dalhousie University Halifax, Nova Scotia August 2014 c Copyright by Quan Kong, 2014 Table of Contents List of Tables ................................... v List of Figures .................................. vi Abstract ...................................... x List of Abbreviations Used .......................... xi Acknowledgements ............................... xii Chapter 1 Introduction .......................... 1 1.1Contributions............................... 6 1.2Structureofthethesis.......................... 11 Chapter 2 Background: Data Management on the Cloud ..... 12 2.1DataStoreCategorization........................ 12 2.1.1 OLAPStores........................... 13 2.1.2 Key-valueStores......................... 16 2.1.3 DocumentStores......................... 17 2.1.4 Extensible Record Stores ..................... 18 2.2OLAP................................... 19 2.2.1 DimensionHierarchy....................... 21 2.3DataStructuresforOLAP........................ 22 2.3.1 RTree............................... 23 2.3.2 DCTree.............................. 25 2.3.3 PDCTree............................. 28 Chapter 3 Background: Cloud Computing .............. 31 3.1 Cloud Computing ............................. 31 3.1.1 Characteristics.......................... 33 3.1.2 Servicemodels.......................... 34 ii 3.2CommunicationintheCloud....................... 37 3.3SerializationintheCloud.......................
    [Show full text]
  • Course Syllabus
    Distributed and Operating Systems Spring 2013 Prashant Shenoy UMass Computer Science http://lass.cs.umass.edu/~shenoy/courses/677 Computer Science CS677: Distributed OS Lecture 1, page 1 Course Syllabus • CMPSCI 677: Distributed and Operating Systems • Instructor: Prashant Shenoy – Email: [email protected], Phone: (413) 577 0850 – Office hours: Monday 10:20-11:30, CS 336, or by appt • Teaching Asst: Manjunath Narayana – Email: [email protected], Phone: TBD – Office hours: TBD • Course web page: http://lass.cs.umass.edu/~shenoy/courses/677 Computer Science CS677: Distributed OS Lecture 1, page 2 Course Outline • Introduction (today) – What, why, why not? – Basics • Distributed Architectures • Interprocess Communication – RPCs, RMI, message- and stream-oriented communication • Processes and their scheduling – Thread/process scheduling, code/process migration, virtualization • Naming and location management – Entities, addresses, access points Computer Science CS677: Distributed OS Lecture 1, page 3 Course Outline • Canonical problems and solutions – Mutual exclusion, leader election, clock synchronization, … • Resource sharing, replication and consistency – DFS, consistency issues, caching and replication • Fault-tolerance • Security in distributed Systems • Distributed middleware • Advanced topics: web, cloud computing, green computing, multimedia, and mobile systems Computer Science CS677: Distributed OS Lecture 1, page 4 Misc. Course Details • Textbook: Distributed Systems, 2nd ed, by Tannenbaum and Van Steen, Prentice Hall 2007 (recommended) • Grading – 4-5 Homeworks (15%), 3-4 programming assignments (40%) – 1 mid-term and 1 final (40%), class participation + quizzes (5%) • Course mailing list: cs677 @ cs.umass.edu – Spire will automatically add you to this list. • Pre-requisites – Undergrad course in operating systems – Good programming skills in a high-level prog.
    [Show full text]
  • AOMEI® Backupper User Manual User Manual AOMEI Backupper
    AOMEI® Backupper User Manual User Manual AOMEI Backupper Table of Contents 1 Getting Started..............................................................................................................1 1.1 Overview of AOMEI Backupper.............................................................................1 1.2 System Requirements and Supported Operating/File Systems.......................1 1.3 Install and Uninstall AOMEI Backupper............................................................... 2 2 Backup........................................................................................................................... 3 2.1 Files and Folders Backup.......................................................................................3 2.2 System Backup........................................................................................................ 4 2.3 Disk Backup..............................................................................................................5 2.4 Partition and Volume Backup.................................................................................6 2.5 Schedule Backup.....................................................................................................7 2.6 Backup (to) Network Attached Storage (NAS).................................................. 11 2.7 Backup to Cloud Clients....................................................................................... 12 2.8 Backup Management...........................................................................................
    [Show full text]
  • O&O Diskimage 15: Data Backups for Companies
    Press Release March 04, 2020 - For immediate release O&O DiskImage 15: Data Backups for Companies – Made in Germany Berlin, March 04, 2020 Data backups are vital for every company. If data is lost, not only is customer or business data lost but also business relationships are tested and there can be lasting damage to the company. The demands on today's IT employees to ensure that the company operates as uninterrupted as possible are immense. With the latest version, O&O DiskImage offers the right solution for backing up and restoring company PCs and servers. O&O DiskImage actively protects against data loss and downtime, is scalable and helps to save costs and time. O&O DiskImage supports all Windows versions O&O DiskImage15 Server is fully integrated into the current Microsoft operating system Windows Server 2019, but still supports older versions from Windows 2008 onwards. The Server Edition can also be used on all Windows desktop versions from Windows 7 up to Windows 10. The new version has been optimized in particular for low processor and memory usage on older systems, so that the backup of old hardware can be carried out without any additional extensions or changes. Machine independent restore always available The advantage of having a system image lies, above all, in being able to restore the working environment within a very short period of time, including all its programs, settings, and operating system. Restoring the image onto a new computer would normally not work on account of the different hardware. Thanks, however, to the integration of MIR (Machine Independent Restoration), it’s even possible to restore an image onto a computer where the image was not created.
    [Show full text]
  • User's Guide O&O Diskimage
    Last changes: 31.03.2021 Table of contents About O&O DiskImage 16 4 Differences between the various Editions 5 Installation, licensing and uninstall 6 System requirements 11 General Terms and Definitions 12 Supported File Systems 15 Quick Start 16 Create an image of the entire computer 18 O&O DiskImage RecoveryPartition 20 Restore entire computer 21 Image individual drives 22 Restore drives 25 Image of the changes 27 Cloning 29 Drive operation 31 Image 32 Restoration 53 Cloning 60 File Operation 70 Image 71 Restoration 81 Tools 82 Image files 83 Virtual Drives 91 Convert 96 Network 100 System 101 Jobs and Reports 116 Jobs 118 Job files 132 Incremental or differential imaging 133 Reports 134 Program settings 135 General - Change default settings 136 Security - Network authentication 138 Using an FTP with O&O DiskImage 141 Settings for notification 144 Drive imaging 146 Drive restoration 147 Change presets for drive cloning 148 File backup 149 File restoration 150 Jobs and reports 151 TrayIcon 152 Machine independent restoration 154 Restrictions of M.I.R. 155 Restoring with M.I.R. automatically 156 Manual adaptation 158 Start directly from bootable disk 160 Loading drivers 162 Use Express view 164 Frequently asked questions 165 Scriptinterface 173 Introduction 174 Commands 178 Formatting legend 202 Parameter 203 Examples of command files 217 End user license agreement 220 User's guide O&O DiskImage About O&O DiskImage 16 About O&O DiskImage 16 Thank you for choosing O&O DiskImage! This is something you probably know all too well: how suddenly important data can be lost as a result of a system crash or viral attack.
    [Show full text]