دانلود مقاله ISI انگلیسی شماره 20281
عنوان فارسی مقاله

روشها کشف و بهره برداری از مناطق حفاظت شده هاست بر روی دستگاه های ذخیره که با IDE ATAPI-4 مطابقت دارند

کد مقاله سال انتشار مقاله انگلیسی ترجمه فارسی تعداد کلمات
20281 2005 8 صفحه PDF سفارش دهید محاسبه نشده
خرید مقاله
پس از پرداخت، فوراً می توانید مقاله را دانلود فرمایید.
عنوان انگلیسی
Methods of discovery and exploitation of Host Protected Areas on IDE storage devices that conform to ATAPI-4
منبع

Publisher : Elsevier - Science Direct (الزویر - ساینس دایرکت)

Journal : Digital Investigation, Volume 2, Issue 4, December 2005, Pages 268–275

کلمات کلیدی
تست ابزار پزشکی قانونی دیجیتالی - معاینه پزشکی قانونی - منطقه حفاظت شده هاست
پیش نمایش مقاله
پیش نمایش مقاله روشها کشف و بهره برداری از مناطق حفاظت شده هاست بر روی دستگاه های ذخیره که با IDE  ATAPI-4 مطابقت دارند

چکیده انگلیسی

This paper explains some of the issues that prevent the easy detection of Host Protected Areas on IDE drives and discusses a variety of methods which may enable examiners to reveal what may be overlooked evidence. We consider some exploitation methods and include a brief examination of EnCase 5.01 image capture as an example.

مقدمه انگلیسی

This paper will show that the examiner in the above scenario should have taken additional steps to check for hidden data on the hard disk drive. This paper explains possible potential causes of discrepancies between forensically sound images from the same drive by using hidden areas to store data in. Causes examined include BIOS limitations, enhanced BIOS limitations, ATA/ATAPI version limitations, Host Protected Areas (HPA) and Device Configuration Overlays (DCO). In an experiment using EnCase (version 5.01) to capture forensic images, the paper demonstrates how it is possible to use an HPA outside the manufacturers intended use and hide files in it.

نتیجه گیری انگلیسی

This paper provides evidence that it is possible to use an HPA as a storage area. However, some effort is required to accomplish this. If investigators are to identify the presence of an HPA on a device they may need to use multiple tools to confirm its existence rather than rely on a single tool. EnCase is a venerable tool used in the computer forensic industry, and continues to perform well. Now that commercial applications such as Phoenix Technologies' FirstWare Recover Pro have brought HPA into the spotlight, it is surely a matter of time before more tools are produced that detect the existence of HPA and take advantage of the hidden storage features offered.

خرید مقاله
پس از پرداخت، فوراً می توانید مقاله را دانلود فرمایید.