¶ … Systems
COMPUTER SCIENCE
Computer forensic is a scientific method of analyzing the digital information which is used as evidence for the criminal, administrative and civil cases. In the contemporary legal environment, computer forensic has become a vital part in solving the complex crimes. Since computer forensic experts use data to solve high level cases, effective data storage and retrieval is critical aspect of forensic investigation and effective data storage is very essential to assist in achieving the data integrity. ISO9660 file system has become an effective method that forensic experts employ to store and retrieve data. (Dixon, 2005). Preserving and storing the critical data and information without alteration of the original state of data is the most important aspect of Computer Forensics. Some of the techniques employed are by using the ISO9660 file system to store data. It is essential to realize an employee might inadvertently overwrite valuable data. Otherwise, a cyber criminal might plant a program to erase the valuable data. Manipulation of valuable data might make a trained law professional to raise doubt about the validity of evidence presented in the court of law in order to defend a case. (Coward, 2009). To address this problem, ISO9660 file system is generally employed to store data on the CDROMs. While ISO9660 file system stores data on the CDROMs, however, ISO9660 file systems are different in design which allows for different interpretation.
Fundamental objective of this paper is to investigate the method digital forensic interprets ISO9660 ?le system.
The study is structured as follows:
First, the study presents the overview of ISO9660 File Systems. The study also discusses different forensic tools and the evaluation methodology to carry out the different interpretations of ISO9660 File Systems. Finally, the paper presents the evaluation results revealing different interpretations of ISO9660 File Systems.
Overview of ISO9660 File Systems
An ISO9660 ?le system which is often referred as CDFS (Compact Disc File System) is a file system that stores data in block and grouping consecutive sectors. However, ISO9660 file system is different in design which allows for different interpretations. Within the first sector of the ISO9660 volume, there is multiple data structure and directory trees that have ability to store file within the ISO9660 structure. There are also data structure that serves purposely to store file system data in both big-endian byte orderings and little-endian byte orderings.
Generally, ISO9660 store data in consecutive blocks and primarily, ISO9660 ?le systems contains one primary and secondary volume descriptors, and these identify size and layout of the file system. Typically, ISO9660 stores data in block and the block sizes are stored in a volume descriptor. More importantly, ISO9660 supports name that could involve the maximum of 8 Latin characters within the file name and 3 Latin characters within the extension. ISO9660 ?le systems also have Joliet extension that store longer names within the Unicode. The starting block of the root directory within the ISO9960 is listed within the volume descriptor and the directory tree assists in locating a file when opening the root directory. While ISO9660 store files in the big Endian orderings and little Endian orderings, however, data stored within the big Endian orderings is the most significant and big Endian orderings considers the byte within the data first before considering the byte stored within the little-endian ordering.
There are different strategies that Forensic tools employed to hide data. One of strategies is the Endian ordering. The ISO9660 stores data structures in both big- and little-endian orderings and there is ability to hide data if the value of the starting block within the directory entries has different values within the locations of big- and little-endian storage. Typically, if the forensic tool is to carry out the analysis, it only locates one of the locations where the hider's tools use the other, and there is high level of possibility that the hidden data may not be identified. Typically, the starting block within the big-endian ?eld is 0x00000020 while the starting block within the little-endian ordering is 0x00000030. Based on the field structure of endian, the forensic stores data within little- and big endian ordering system which are being used to hide data. (Carrier, 2010). With different methods of designing ISO9660, forensic tools interpret the data within the ISO9660 differently.
Computer Forensic Tools for ISO9660 File Systems
"CFTs (Computer Forensic Tools) assist investigators to recover deleted files, reconstruct an intruder's activities, and gain intelligence about a computer's user." (Garfinkel, 2007 P. 1). CFT assists forensics experts in collecting valuable information from computer system as well as making true copy of the information so that it could be useful in the legal proceedings. Typically, CFT falls into two classes:
Persistent data tools assist in analyzing...
One of the main drawbacks of the user authentication is the essence of various attacks to the protection mechanism. The concept of user authenticity is weak and susceptible to numerous attacks. The protection mechanism also relates to the ability of the user to maintain the user ID and password secret for the purposes of minimizing threats and attacks (Weber 2010). This is an indication that the users must have
The system will also assist the company to incorporate a fleet management system that has a tracking device to assist the Jinx Transport & Logistics Company to track all its fleet of vehicles located at any location. With the new systems, customers will have platform to interact with the systems, and the system will assist them to make inquiry and track their parcels. 2. OS Processor and Core Jinx Transport &
Without the consent of the user, the program will never be elevated to administrator privilege. The MIC or integrity levels is again a new security concept with Vista OS. This feature is controlled by the Access control entry (ACE) in the System Access control List (SACL) of a file, process or a registry key. By associating every process with an integrity level, the OS limits privilege escalation attacks. [Matthew
Configuration of Microsoft Windows in more complex networking environments required an extensive amount of add-in software and programming to ensure all systems could work. Finally the levels of security inherent in the Microsoft Windows operating system continue to be problematic (Bradley, 2009). The Linux and UNIX operating systems are comparable in terms of kernel and memory architectures (MacKinnon, 1999)(Predd, Cass, 2005). There are variations in the pricing models used for
In addition the cost makes it expensive to own the hardware required to support these systems as personal computers. The university has also indicated its preference for the PC and the Windows operating system. All training and skill acquisition is also generally offered for the windows system in the college. Standardization and uniformity of the design platform of Microsoft has greatly enhanced the applicability in the workplace. Standard packages
7 billion by 2008 establishing the fact that Linux is no more a fringe player but rather a mainstream. IDC admitted that Linux is not being used just on new hardware only. As an alternative customers frequently reinstall existing servers to run Linux. While considering for such use as also the use of Linux for secondary OS, IDC forecasts for servers running Linux to remain 26% larger in 2008. Evidently,
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now