Evaluating A Selection of Tools for Extraction of Forensic Data: Disk ...
30.06.2013 Views
Share Embed Flag

Evaluating A Selection of Tools for Extraction of Forensic Data: Disk ...

Evaluating A Selection of Tools for Extraction of Forensic Data: Disk ...

Evaluating A Selection of Tools for Extraction of Forensic Data: Disk ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
aut.researchgateway.ac.nz

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Partition<br />

Setup:<br />

Log<br />

highlights:<br />

AIR 2.0.0 (Release Date: 17th, Feb 2010)<br />

/dev/sdb: physical max LBA: 156,296,385<br />

/dev/sdb: HPA not set<br />

/dev/sdb: DCO not set<br />

Device Start End #Sectors File System<br />

/dev/sda1 63 41945714 41945652 HPFS/NTFS<br />

/dev/sda2 4192965 156296384 152103420 Extended<br />

/dev/sda5 4193028 6297479 2104452 FAT32<br />

/dev/sda6 6297543 10490444 4192902 FAT16<br />

/dev/sda7 10490508 12594959 1052226 Ext2<br />

/dev/sda8 12595023 14699474 2104452 Ext3<br />

/dev/sda9 14699538 18892439 4192902 HPFS/NTFS<br />

/dev/sda10 18892503 19149479 256977 Swap<br />

unallocated 19149480 156296384 137146905 Empty<br />

Start DD (md5 inline): Sat Aug 7 17:41:26 NZST 2010<br />

md5 hash will be calculated on /dev/sdc.<br />

dd if=/dev/sdc skip=0 conv=noerror,sync iflag=direct ibs=32768 2>><br />

/usr/local/share/air/logs/air.image.log | air-counter 2>><br />

/usr/local/share/air/logs/air.buffer.data | tee /usr/local/share/air/air-fifo |<br />

md5sum > /tmp/hash.log 2>&1<br />

dd if=/usr/local/share/air/air-fifo 2>> /usr/local/share/air/logs/air.image.log<br />

| /usr/local/bin/split -a 3 -d -b 2047m - /mnt/new/new/Test005-<br />

Caine/test005-altFormat-caine.<br />

dd: reading `/dev/sdc': Input/output error<br />

80649+0 records in<br />

5161536+0 records out<br />

2642706432 bytes (2.6 GB) copied, 224.915 s, 11.7 MB/s<br />

80649+1 records in<br />

5161600+0 records out<br />

2642739200 bytes (2.6 GB) copied, 248.058 s, 10.7 MB/s<br />

2442185+2 records in<br />

156299968+0 records out<br />

80025583616 bytes (80 GB) copied, 6549.06 s, 12.2 MB/s<br />

2442185+3 records in<br />

156300032+0 records out<br />

80025616384 bytes (80 GB) copied, 6572.11 s, 12.2 MB/s<br />

2442185+4 records in<br />

156300096+0 records out<br />

80025649152 bytes (80 GB) copied, 6595.05 s, 12.1 MB/s<br />

2442185+5 records in<br />

156300160+0 records out<br />

80025681920 bytes (80 GB) copied, 6617.97 s, 12.1 MB/s<br />

2442185+6 records in<br />

156300224+0 records out<br />

80025714688 bytes (80 GB) copied, 6640.9 s, 12.1 MB/s<br />

2442185+7 records in<br />

156300288+0 records out<br />

80025747456 bytes (80 GB) copied, 6663.92 s, 12.0 MB/s<br />

2442185+8 records in<br />

156300352+0 records out<br />

80025780224 bytes (80 GB) copied, 6686.94 s, 12.0 MB/s<br />

273

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!