Introduction to Digital Forensics
University of Greenwich, Academic Year 2023-24
Week 2: Disks, Storage and Imaging
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Digital Forensics: Understanding Disks, Storage, and Imaging, Lecture notes of Cybercrime, Cybersecurity and Data Privacy
An in-depth exploration of digital forensics, focusing on the physical analysis of hard disks, the concept of chs, and the importance of raw disk images in digital investigation. It also delves into the use of hashes to prove the integrity of disk images and the importance of write protection equipment in the acquisition of digital evidence.
Typology: Lecture notes
2023/2024
1 / 49
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Digital Forensics: Understanding Disks, Storage, and Imaging and more Lecture notes Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
Introduction to Digital Forensics
University of Greenwich, Academic Year 2023-
Week 2: Disks, Storage and Imaging
Introduction
- (^) Physical Analysis
- (^) CHS and the make-up of a hard disk
- (^) Digital Investigation Issues
- (^) Raw Disk Images
- (^) Proving your image hasn’t been tampered with
Let's Get (old school) Physical
Hard-Disk Drive (HDD)
- (^) This is a Hard-Disk
- (^) This is a Disc
THIS IS NOT A HARD DISK!!!!!
One disk can pretend to be several disks
(partitions)
Several disks can pretend to be one disk (RAID)
Looking for RAID
- (^) A HDD can be a single storage device or it can operate with multiple other disks – Redundant Array of Independent (Inexpensive) Disks
- (^) You’ll have to rebuild the partitions from all/most disks
How is data saved on a ‘disk’?
Data
- (^) Binary is two conditions – something or nothing.
- (^) On or off, in or out, a hole or not a hole.
- (^) In electronics we can see it as current flowing through the circuit, or not.
- (^) On hard disks it is magnetically charge or not charged.
- (^) Imagine a metal surface that gets magnetic charge in places
Data
- (^) If the metal surface is good at storing magnetic charge
- (^) If we can precisely put AND remove charge from the metal surface, then we can effectively ‘punch’ and ‘un-punch’ a magnetic punch-card.
Inside the Disk - Prologue
- (^) If we have a track of magnetically sensitive material we can encode binary onto that track: 01000001 = 65 00100000 = 32 01100001 = 97 Or a Blob of Magnetic field
You spin me right round
- (^) However this is not an array of data, it is a track running around a circular shape. = 01000001 = 00100000 = 01100001 = 00000000 If the disk is spinning anti-clock The ‘head’ which reads the magnetic charge
CHS
- (^) There are 1 or more platters or ‘records’ – unlike a record player we read from both sides of the platter simultaneously: the Heads.
- (^) The Actuators are the mechanical arms that move to allow the heads to reach all points on the platter.