DOCSLIB.ORG

Automated File Extraction in a Cloud Environment for Forensic Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

DEGREE PROJECT FOR MASTER OF SCIENCE IN ENGINEERING COMPUTER SECURITY Automated file extraction in a cloud environment for forensic analysis Kevin Gustafsson | Emil Sundstedt Blekinge Institute of Technology, Karlskrona, Sweden, 2017 Supervisor: Kurt Tutschku, Department of Communication Systems, BTH Abstract The possibility to use the snapshot functionality of OpenStack as a method of securing evidence has been examined in this paper. In addition, the possibility of extracting evidence automatically using an existing operation tool has been investigated. The usability of snapshots in a forensic investigation was examined by conducting a series of tests on both snapshots and physical disk images. The results of the tests were then compared to evaluate the usefulness of the snapshot. Automatic extraction of evidence was investigated by implementing a solution using Ansible and evaluating the algorithm based on the existing standard ISO 27037. It was concluded that the snapshots created by OpenStack behaves similar enough to disks to be useful in a forensic investigation. The algorithm proposed to extract evidence automatically seems to not breach the standard. Keywords: Forensic, Qcow, OpenStack, Snapshot i Sammanfattning Möjligheten att använda OpenStacks ögonblicks funktion som metod för att säkra bevis har granskats i detta papper. Dessutom har möjligheten att extrahera bevis automatiskt med ett befintligt automatiseringsverktyg undersökts. Användbarheten av ögonblicksbilder i en rättslig utredning undersöktes genom att genomföra en serie tester påbåde ögonblicksbilder och fysiska disk avbilder. Resultaten av testerna jämfördes sedan för att utvärdera användbarheten av ögonblicksbilden. Automatisk utvinning av bevis undersöktes genom att implementera en lösning med Ansible och utvärdera algoritmen baserat påden befintliga standarden ISO 27037. Det drogs slutsatsen att de ögonblicksbilder som skapats av OpenStack beter sig tillräckligt lika en fysisk disk för att avbilderna ska vara användbara vid en råttslig utredning. Den algoritm som föreslås att extrahera bevis automatiskt tycks inte bryta mot standarden. Nyckelord: Forensik, Qcow, OpenStack, Ögonblicksbild iii Preface This thesis is the last part of five year education on Blekinge Institute of Technology. The education will provide a degree of master of science in engineering computer security. We would like to thank City Network AB for the time they spent on helping us and also for the workspace in their office. A special thanks to our advisor Anders Carlsson who have helped us with contact information and provided us with ideas on how to solve the task. Thanks to Vida Ahmadi for helping us get in contact with City Network. Thanks to Kurt Tutschku who have been our supervisor throughout the thesis. Thanks Jonas Virdegård and Jim Keyzer who have helped us as external resources. "I am the wisest man alive, for I know one thing, and that is that I know nothing." - Socrates v Nomenclature Notations Acronyms API Application Programming Interface CSP Cloud Service Provider DEFR Digital Evidence First Responder GDPR General Data Protection Regulation IaaS Infrastructure-as-a-Service IDS Intrusion Detection System IoT Internet of Things IP Internet Protocol ISO International Organization for Standardization kB Kilobyte LVM Logical Volume Management NTP Network Time Protocol PaaS Platform-as-a-Service PID Process identifier Qcow QEMU copy on write RAM Random Access Memory RB Rättegångsbalken SaaS Software-as-a-Service SSH Secure Shell UUID Universally Unique Identifier VM Virtual Machine YAML YAML Ain’t Markup Language vii Table of Contents Abstract i Sammanfattning (Swedish) iii Preface v Nomenclature vii Notations ........................................ vii Acronyms ........................................ vii Table of Contents ix 1 Introduction 1 1.1 Introduction .................................... 1 1.2 Background .................................... 1 1.3 Objectives ..................................... 1 1.4 Delimitations .................................... 2 1.5 Thesis question .................................. 3 2 Theoretical Framework 5 2.1 What is cloud computing ............................. 5 2.2 Forensic science .................................. 9 2.3 Automated tools .................................. 15 2.4 Technical standards ................................ 16 2.5 Laws and preliminary investigation ........................ 18 2.6 Similar work .................................... 19 3 Method 21 3.1 Tests of Qcow disk image ............................. 21 3.2 Algorithm for automated extraction ........................ 24 3.3 Analysis of Qcow using forensic tools ....................... 26 3.4 Prove non-repudiation of snapshots ........................ 27 4 Results 29 4.1 Test results .................................... 29 4.2 Proposed algorithm for automated extraction ................... 30 4.3 Findings in Qcow snapshot ............................ 31 4.4 Proving non-repudiation of snapshots ....................... 31 5 Discussion 35 5.1 Proposed method ................................. 35 5.2 ISO 27037 ..................................... 36 5.3 Why we chose Ansible ............................... 36 5.4 OpenSSH or Paramiko .............................. 37 5.5 Test results .................................... 37 5.6 Identifying a virtual machine ............................ 37 5.7 Using backing and overlay files .......................... 38 5.8 CLI history file ................................... 39 5.9 Virtual Introspection ................................ 39 5.10 Ethics ....................................... 39 5.11 Sustainable Development ............................. 40 6 Conclusions 41 ix 6.1 Is it possible to use a snapshot as evidence? ................... 41 6.2 Prove non-repudiation of a snapshot ....................... 41 7 Recommendations and Future Work 43 7.1 Implementation in OpenStack ........................... 43 7.2 Implementation on a hypervisor level ....................... 43 7.3 Check additional hypervisors ........................... 43 7.4 Additional file systems ............................... 44 7.5 Automatic learning and extraction ......................... 44 7.6 Test in court .................................... 44 7.7 Checkpoint snapshot ............................... 44 7.8 Snapshotting in containers ............................ 44 References 45 x 1 INTRODUCTION 1.1 Introduction Crimes has been an inconvenient truth since the beginning of humanity and have unfortunately become a fact of the society of today. As the capabilities of technology have evolved throughout the past decade, so has the methods of committing crimes. Currently all types of crimes involve electronic equipment in some way, if not to commit the action itself but to communicate or ease the task. This is unlikely to change as computer systems play a more important role in our everyday lives, cell phones are more likely than not to be present and additional equipment is being introduced daily, Internet of Things (IoT) for example. As illegal actions, such as selling and buying drugs, obtaining and distributing child pornog- raphy, money laundering, piracy, etc. moved into the Internet, so did the investigators of crimes. The standard procedure when conducting a forensic investigation includes a collection of electronics that may contain evidence for the case. This means that the physical hardware found is collected and brought to a forensically sound lab for analysis. Cloud technology allows users to move their activity away from in-house hardware and into the cloud instead. This means that any illegal activity such as distributing illegal material which was previously conducted via in-house solutions or otherwise outsourced to rental servers, can now be moved into the cloud. Due to the nature of the cloud, data can now be moved seamlessly between servers, data centres and even countries. This seamless structure adds an extra layer of obstacles during a forensic investigation as data can be spread across multiple servers and countries, rendering a physical collection impossible. Also there exist laws which prevent authorities from shutting down an entire cloud just to investigate a single user’s actions. 1.2 Background City Network Hosting AB is a Swedish company currently located in Karlskrona but with infrastructure around the world. Their initial business was to offer a web hosting service to individual users as well as companies. Their focus has lately shifted from web hosting to cloud computing. Because they are offering infrastructure to their customer, they might be hosting systems included in potential crimes. A solution which could be used to secure digital evidence located in a cloud would enhance the perception of the business as well as their credibility. Also in May 2018 a new General Data Protection Regulation (GDPR) will be applied. This new EU regulation will replace the current regulations in Sweden. The regulation shifts all the power of information related to individuals back to the individual. In case the regulation is not followed as expected companies can face severe penalties of up to 4% of their turnover. Due to this, there is an interest for City Network Hosting AB to be able to secure evidence of systems running in their cloud to be able to dismiss any accusations as well as aid a pending investigation. 1.3 Objectives Our objectives with this project are to investigate available snapshot functionality found in the cloud environment OpenStack,
Recommended publications
  • Dropdmg 3.6.2 Manual

    Dropdmg 3.6.2 Manual

    DropDMG 3.6.2 Manual C-Command Software c-command.com February 16, 2021 Contents 1 Introduction 4 1.1 Feature List..............................................4 2 Installing and Updating 6 2.1 Requirements.............................................6 2.2 Installing DropDMG.........................................7 2.3 Updating From a Previous Version.................................7 2.4 Reinstalling a Fresh Copy......................................8 2.5 Uninstalling DropDMG.......................................9 2.6 Security & Privacy Access......................................9 3 Using DropDMG 13 3.1 Basics................................................. 13 3.2 Making a Bootable Device Image of a Hard Drive......................... 14 3.3 Backing Up Your Files to CD/DVD................................ 16 3.4 Burning Backups of CDs/DVDs................................... 17 3.5 Restoring Files and Disks...................................... 18 3.6 Making Images With Background Pictures............................. 19 3.7 Protecting Your Files With Encryption............................... 20 3.8 Transferring Files Securely...................................... 21 3.9 Sharing Licenses and Layouts.................................... 21 3.10 Splitting a File or Folder Into Pieces................................ 22 3.11 Creating a DropDMG Quick Action................................ 22 4 Menus 23 4.1 The DropDMG Menu........................................ 23 4.1.1 About DropDMG...................................... 23 4.1.2 Software
  • Virtual Routing in the Cloud

    Virtual Routing in the Cloud

    I I I I I I I I I CISCO ~ ptg17123584 Virtual Routing in the Cloud Arvind Durai Stephen Lynn ciscopress.com Amit Srivastava Exclusive Offer - 40% OFF Cisco Press Video Training live lessons·® ciscopress.com/video Use coupon code CPVIDE040 during checkout. Video Instruction from Technology Experts livelessons·® ptg17123584 Advance Your Skills Train Anywhere Learn Get started with fundamentals, Train anywhere, at your Learn from trusted author become an expert, or get certified. own pace, on any device. trainers published by Cisco Press. Try Our Popular Video Training for FREE! ciscopress.com/video Explore hundreds of FREE video lessons from our growing library of Complete Video Courses, Livelessons, networking talks, and workshops. 9781587144943_Durai_Virtual_Routing_Cloud_CVR.indd 2 4/8/16 1:25 PM Virtual Routing in the Cloud Arvind Durai, CCIE No. 7016 Stephen Lynn, CCIE No. 5507 & CCDE No. 20130056 Amit Srivastava ptg17123584 Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA ii Virtual Routing in the Cloud Virtual Routing in the Cloud Arvind Durai, CCIE No. 7016 Stephen Lynn, CCIE No. 5507 & CCDE No. 20130056 Amit Srivastava Copyright© 2016 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing April 2016 Library of Congress Control Number: 2016934921 ISBN-13: 978-1-58714-494-3 ISBN-10: 1-58714-494-8 Warning and Disclaimer ptg17123584 This book is designed to provide information about CSR 1000V router and adoption of NFV technology in the cloud environment.
  • Oracle VM Virtualbox User Manual

    Oracle VM Virtualbox User Manual

    Oracle VM VirtualBox R User Manual Version 5.1.0 c 2004-2016 Oracle Corporation http://www.virtualbox.org Contents 1 First steps 11 1.1 Why is virtualization useful?............................. 12 1.2 Some terminology................................... 12 1.3 Features overview................................... 13 1.4 Supported host operating systems.......................... 15 1.5 Installing VirtualBox and extension packs...................... 16 1.6 Starting VirtualBox.................................. 17 1.7 Creating your first virtual machine......................... 18 1.8 Running your virtual machine............................ 21 1.8.1 Starting a new VM for the first time.................... 21 1.8.2 Capturing and releasing keyboard and mouse.............. 22 1.8.3 Typing special characters.......................... 23 1.8.4 Changing removable media......................... 24 1.8.5 Resizing the machine’s window...................... 24 1.8.6 Saving the state of the machine...................... 25 1.9 Using VM groups................................... 26 1.10 Snapshots....................................... 26 1.10.1 Taking, restoring and deleting snapshots................. 27 1.10.2 Snapshot contents.............................. 28 1.11 Virtual machine configuration............................ 29 1.12 Removing virtual machines.............................. 30 1.13 Cloning virtual machines............................... 30 1.14 Importing and exporting virtual machines..................... 31 1.15 Global Settings...................................
  • Virtualization Best Practices

    Virtualization Best Practices

    SUSE Linux Enterprise Server 15 SP1 Virtualization Best Practices SUSE Linux Enterprise Server 15 SP1 Publication Date: September 24, 2021 Contents 1 Virtualization Scenarios 2 2 Before You Apply Modifications 2 3 Recommendations 3 4 VM Host Server Configuration and Resource Allocation 3 5 VM Guest Images 25 6 VM Guest Configuration 36 7 VM Guest-Specific Configurations and Settings 42 8 Xen: Converting a Paravirtual (PV) Guest to a Fully Virtual (FV/HVM) Guest 45 9 External References 49 1 SLES 15 SP1 1 Virtualization Scenarios Virtualization oers a lot of capabilities to your environment. It can be used in multiple scenarios. To get more details about it, refer to the Book “Virtualization Guide” and in particular, to the following sections: Book “Virtualization Guide”, Chapter 1 “Virtualization Technology”, Section 1.2 “Virtualization Capabilities” Book “Virtualization Guide”, Chapter 1 “Virtualization Technology”, Section 1.3 “Virtualization Benefits” This best practice guide will provide advice for making the right choice in your environment. It will recommend or discourage the usage of options depending on your workload. Fixing conguration issues and performing tuning tasks will increase the performance of VM Guest's near to bare metal. 2 Before You Apply Modifications 2.1 Back Up First Changing the conguration of the VM Guest or the VM Host Server can lead to data loss or an unstable state. It is really important that you do backups of les, data, images, etc. before making any changes. Without backups you cannot restore the original state after a data loss or a misconguration. Do not perform tests or experiments on production systems.
  • Diskgenius User Guide (PDF)

    Diskgenius User Guide (PDF)

    www.diskgenius.com DiskGenius® User Guide The information in this document is subject to change without notice. This document is not warranted to be error free. Copyright © 2010-2021 Eassos Ltd. All Rights Reserved 1 / 236 www.diskgenius.com CONTENTS Introduction ................................................................................................................................. 6 Partition Management ............................................................................................................. 6 Create New Partition ........................................................................................................ 6 Active Partition (Mark Partition as Active) .............................................................. 10 Delete Partition ................................................................................................................ 12 Format Partition ............................................................................................................... 14 Hide Partition .................................................................................................................... 15 Modify Partition Parameters ........................................................................................ 17 Resize Partition ................................................................................................................. 20 Split Partition ..................................................................................................................... 23 Extend
  • Ubuntu Server Guide Basic Installation Preparing to Install

    Ubuntu Server Guide Basic Installation Preparing to Install

    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
  • The Open Virtual Machine Format Whitepaper for OVF Specification

    The Open Virtual Machine Format Whitepaper for OVF Specification

    The Open Virtual Machine Format Whitepaper for OVF Specification version 0.9 OVF Whitepaper 0.9 VMware, Inc. 3401 Hillview Ave., Palo Alto CA, 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com XenSource, Inc. 2300 Geng Road, Suite 2500, Palo Alto, CA 94303 www.xensource.com Copyright © VMware, Inc. and XenSource, Inc. All rights reserved. VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. Xen, XenSource, the “Circle Xen” logo and derivatives thereof are registered trademarks or trademarks of XenSource, Inc. in the United States and other countries. Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. All other marks and names mentioned herein may be trademarks of their respective companies. No part of this specification (whether in hardcopy or electronic form) may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VMware, Inc. (VMware), and XenSource, Inc. (XenSource) except as otherwise permitted under copyright law or the terms of that certain Teaming and Non-Disclosure Agreement between VMware and XenSource dated March 23, 2007, as amended from time to time. Please note that the content in this specification is protected under copyright law even if it is not distributed with software
  • FVD: a High-Performance Virtual Machine Image Format for Cloud

    FVD: a High-Performance Virtual Machine Image Format for Cloud

    FVD: a High-Performance Virtual Machine Image Format for Cloud Chunqiang Tang IBM T.J. Watson Research Center [email protected] http://www.research.ibm.com/people/c/ctang/ Note: This paper describes the copy-on-write, copy- 1 Introduction on-read, and adaptive prefetching capabilities of FVD. The compact image capability of FVD is described Cloud Computing is widely considered as the next big separately in a companion paper entitled “Compact thing in IT evolution. In a Cloud like Amazon EC2 [1], Image Support in Fast Virtual Disk (FVD)”, which the storage space for virtual machines’ virtual disks can is available at https://researcher.ibm.com/ be allocated from multiple sources: the host’s direct- researcher/view project.php?id=1852 attached storage (DAS, i.e., local disk), network-attached storage (NAS), or storage area network (SAN). These op- Abstract tions offer different performance, reliability, and avail- ability at different prices. DAS is at least several times This paper analyzes the gap between existing hyper- cheaper than NAS and SAN, but DAS limits the avail- visors’ virtual disk capabilities and the requirements in ability and mobility of VMs. a Cloud, and proposes a solution called FVD (Fast Vir- tual Disk). FVD consists of an image format and a To get the best out of the different technologies, a block device driver designed for QEMU. Despite the ex- Cloud usually offers a combination of block-device stor- istence of many popular virtual machine (VM) image age services to VMs. For instance, Amazon Web Ser- formats, FVD came out of our unsatisfied needs in the vices (AWS) [2] offers to a VM both ephemeral storage IBM Cloud.
  • Gadgetpc Debian Installation Guide

    Gadgetpc Debian Installation Guide

    GadgetPC Single Board Computer Debian Installation Guide Document Revision: 1.03 Date: 20 October, 2009 BiPOM Electronics, Inc. 16301 Blue Ridge Road, Missouri City, Texas 77489 Telephone: 1-713-283-9970 Fax: 1-281-416-2806 E-mail: [email protected] Web: www.bipom.com All trademarked names in this manual are the property of respective owners. © 2009 BiPOM Electronics, Inc. Page 1 1. Overview Thank you for your purchase of the GadgetPC Single Board Computer. GadgetPC is a powerful computer board that is capable of running high-level operating systems such as Linux. This document is for advanced users who want to install Debian Linux system from scratch. When GadgetPC is first powered, it goes through a boot sequence and executes various components in the following order: ROM boot loader ( built-in ROM) AT91BootStrap ( DataFlash ) U-boot (DataFlash ) Linux kernel ( uImage file under USB FAT root ) Root FS ( Debian on USB Flash drive ) ROM boot loader is built into the AT91SAM9260 microcontroller and cannot be changed. As soon as the board is powered the ROM boot loader starts. It downloads and runs an application (AT91BootStrap) from external storage media (DataFlash) into internal SRAM. AT91BootStrap has been developed by BiPOM Electronics specifically for GadgetPC. AT91BootStrap is responsible for initializing hardware such as DataFlash, SDRAM, digital outputs, and USART0 serial port. AT91BootStrap downloads to SDRAM and passes control to U-Boot which is a powerful boot loader that resides also in DataFlash. U-Boot performs many low-level tasks such as detecting USB hardware, reading Linux image from external USB flash drive, uncompressing Linux image to SDRAM, and passing control to Linux image in SDRAM.
  • Oracle® Linux KVM User's Guide

    Oracle® Linux KVM User's Guide

    Oracle® Linux KVM User's Guide F29966-16 August 2021 Oracle Legal Notices Copyright © 2020, 2021, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
  • Fast Delivery of Virtual Machines and Containers : Understanding and Optimizing the Boot Operation Thuy Linh Nguyen

    Fast Delivery of Virtual Machines and Containers : Understanding and Optimizing the Boot Operation Thuy Linh Nguyen

    Fast delivery of virtual machines and containers : understanding and optimizing the boot operation Thuy Linh Nguyen To cite this version: Thuy Linh Nguyen. Fast delivery of virtual machines and containers : understanding and optimizing the boot operation. Distributed, Parallel, and Cluster Computing [cs.DC]. Ecole nationale supérieure Mines-Télécom Atlantique, 2019. English. NNT : 2019IMTA0147. tel-02418752 HAL Id: tel-02418752 https://tel.archives-ouvertes.fr/tel-02418752 Submitted on 19 Dec 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THESE DE DOCTORAT DE L’ÉCOLE NATIONALE SUPERIEURE MINES-TELECOM ATLANTIQUE BRETAGNE PAYS DE LA LOIRE - IMT ATLANTIQUE COMUE UNIVERSITE BRETAGNE LOIRE ECOLE DOCTORALE N° 601 Mathématiques et Sciences et Technologies de l'Information et de la Communication SpéciAlité : InformAtique et Applications Par Thuy Linh NGUYEN Fast delivery of Virtual Machines and Containers: Understanding and optimizing the boot operation Thèse présentée et soutenue à Nantes, le 24 Septembre 2019 Unité de recherche : Inria Rennes Bretagne Atlantique Thèse N° : 2019IMTA0147 Rapporteurs avant soutenance : MariA S. PEREZ Professeure, UniversidAd PolitecnicA de MAdrid, EspAgne Daniel HAGIMONT Professeur, INPT/ENSEEIHT, Toulouse, France Composition du Jury : Président : Mario SUDHOLT Professeur, IMT AtlAntique, FrAnce Rapporteur : MariA S.
  • Hdclone 4.3 User's Manual

    Hdclone 4.3 User's Manual

    HDClone HDClone Copy | Backup | Migration | Rescue Miray Software AG Gaissacher Str. 18 81371 Muenchen Manual Germany Copyright © 2002-2013 by Miray Software. All rights reserved. www.miray.de HDClone . User’s Manual Table of Contents 3 Table of Contents 1 Introduction . 9 1.1 Chapter overview ........................................... 9 1.2 Character conventions....................................... 10 1.3 Features.................................................... 10 1.4 Edition overview ............................................ 10 2 Fields of application . 13 2.1 Upgrading hard disks & migrating an OS ........................ 13 2.1.1 Unused disk space ................................... 13 2.1.2 Smaller target medium................................ 14 2.2 Data rescue ................................................ 14 2.3 Installation backup........................................... 14 2.4 Mass copying ............................................... 15 2.5 Master installations .......................................... 15 2.6 Proprietary hard disk formats ................................. 15 2.7 Forensic data safekeeping .................................... 15 2.8 Image files.................................................. 16 2.9 HotCopy & LiveImage ....................................... 16 3 Supported hardware . 17 3.1 Overview .................................................. 17 3.1.1 Hardware requirements............................... 17 3.1.2 Supported media..................................... 17 3.1.3 Supported controllers................................