CD and DVD Forensics 1st Edition by Paul Crowley, Dave Kleiman ISBN 978-1597491280 1597491284
Original price was: $50.00.$35.00Current price is: $35.00.
CD and DVD Forensics 1st Edition by Paul Crowley, Dave Kleiman – Ebook PDF Instant Download/Delivery: 978-1597491280, 1597491284
Full download CD and DVD Forensics 1st Edition after payment
Product details:
ISBN 10: 1597491284
ISBN 13: 978-1597491280
Author: Paul Crowley, Dave Kleiman
CD and DVD Forensics will take the reader through all facets of handling, examining, and processing CD and DVD evidence for computer forensics. At a time where data forensics is becoming a major part of law enforcement and prosecution in the public sector, and corporate and system security in the private sector, the interest in this subject has just begun to blossom.
CD and DVD Forensics is a how to book that will give the reader tools to be able to open CDs and DVDs in an effort to identify evidence of a crime. These tools can be applied in both the public and private sectors. Armed with this information, law enforcement, corporate security, and private investigators will be able to be more effective in their evidence related tasks. To accomplish this the book is divided into four basic parts: (a) CD and DVD physics dealing with the history, construction and technology of CD and DVD media, (b) file systems present on CDs and DVDs and how these are different from that which is found on hard disks, floppy disks and other media, (c) considerations for handling CD and DVD evidence to both recover the maximum amount of information present on a disc and to do so without destroying or altering the disc in any way, and (d) using the InfinaDyne product CD/DVD Inspector to examine discs in detail and collect evidence.
This is the first book addressing using the CD/DVD Inspector product in a hands-on manner with a complete step-by-step guide for examining evidence discs
See how to open CD’s and DVD’d and extract all the crucial evidence they may contain
Table of contents:
Chapter 1 Physical Characteristics of CD and DVD Media
CD Features
CD Sizes and Shapes
CD and DVD Types
CD and DVD Colors
CD-R Dyes
Information Storage on CDs and DVDs.
CD and DVD Organization and Terminology
Border Zone
Lead In
Lead Out
Philips CD Text
RZone
Sector
Session
Sony CD Text
TOC
Track
CD and DVD Sectors
R-W Subchannels
CD and DVD Differences
CD-ROM Manufacturing Process
Inside a CD-ROM Drive
External Interfaces.
Drive Firmware
Chapter 2 CD and DVD Logical Structure
Writing to a CD or DVD
Logical File Systems
CD and DVD File Systems
Red Book Audio
HSG..
ISO 9660
Joliet.
Rock Ridge
UDF
HFS
HFS+
The Little Bull
Space Allocation by CD and DVD File Systems
Disc Accessibility Problems
ISO 9660/Joliet File Systems
UDF File Systems
Other File Systems
Chapter 3 Forensic Binary Images.
Reproducing Forensic Images
Chapter 4 Collecting CD and DVD Evidence.
Recognizing CD and DVD Media
Collection Considerations
Marking Discs.
Transporting Discs..
Documenting and Fingerprinting Discs
Officer Safety
Chapter 5 Preparing for Disc Examination
Forensic Hardware
Forensic Software
Forensic Workstation
Validation
Disc Triage
Chapter 6 CD/DVD Inspector – The Basics
CD/DVD Inspector Installation
CD/DVD Inspector Facts
Getting Started with CD/DVD Inspector
Data Window Usage
Disc Memory
Useful Tools
Analysis
Compute Disc MD5
Compute MD5 Hash
Disc Map
Disc Report
Hardware Information
Scan Files
Sector Display
TOC
View Image
Write Image File
Searching
Scan Files
Producing a Forensic Image
Copying Files from the Media
User Preferences
Options Settings
Remove Version Marker from Files
Show Analysis File Details
Save Window Position
Sort Initial Display by Name
Accept All Errors without Prompting
Always Prompt for Filename on Copy
Force-intensive UDF Examination
Keep Duplicate Files from UDF Examination
Automatically Examine Disc at Startup
Enable Special Features
Recover without Prompts
Show Extents in Disc Reports
Disable Disc Memory Feature
Forensic Use
Use 64-bit .zip Extensions for.zip Image Files.
Disc Memory Settings
Keep Last Discs in Disc Memory.
Empty Button
Click to Delete a Single Item
Disc Memory Catalog
The Analysis Tool
name File System in Track nn Recorded as Part of Session nn
nnnnn Sectors are Used Out of nnnnn Available Sectors type (media) load nnnn at Oxnnnn from Sector nnnn
A Properly Written Post-gap was Found For This Track
All Linked Files (nnnn) in this Session Came from Session nn
Application Identification
ATIP Reference Power nn,
Reference Speed = nn
Blank Disc with nnnnn Free Sectors
Bootable Disc Information
Found, Boot Catalog at Sector nnn
Bootable Media from company, platform-platform
The CDDB Key for this CD is xxxxxxxx
Data Preparer Identification: ssssssss
Disc is a DVD-kind Type is type
Disc Manufacturer: ssssss Type: ssssss
DVD Manufacturer is ssssss
Error nnn in Manufacturer Determination,
Manufacturer Information Not Available
Error Reading Boot Catalog, Sense=0xnn Oxnn…
Error Reading File System Data
from Disc, No Further Information Available
Error Reading Sector nnnnn in
Track nn, Analysis of Track Skipped
Error Returned Obtaining
ISRC Code, Sense = ss ss
File ssssss is Linked to Track nnn, Session nn
HFS Volume Name ssssSS
Image File in type Format: sssSSS
Invalid Boot Catalog Found,
Key Values = Oxnn Oxnn
Lead-out Track Starts at Sector nnnnn
Little-endian Block Size (nnnn)
Not Equal to Big-endian Block Size (nnnn)
Little-endian Volume Size (nnnnn)
Not Equal to Big-endian Volume Size (nnnnn)
Media Catalog Number for this Disc is ssssss
Minimum Recording Speed = nnX,
Maximum Recording Speed = nnX
Mismatched File Counts Between this File System and the ssssss File System
Next Writable Location on Disc is nnnnn
No Directory Was Found for This File System
No ISRC/RID Code Present for This Track
No Manufacturer Information was Returned for This Disc
None of the Files in This Session
Are Linked to Prior Sessions
Note: Directory Depth of nn May Cause Problems on Some MSCDEX Versions
Note: Directory Depth of nn Violates ISO-9660 Limit of Eight
One or More Files are Using
Characters Which MS-DOS Cannot Access
One or More Files Do Not Have a Trailing Version Identifier (“;1”)
Partition Name: ssssss
Publisher Identification
Rock Ridge Extension Information is Present Table of Contents
The “.” Directory Entry is Missing From One or More Directories..
The “..” Directory Entry is Missing From One or More Directories
The tttttt Code for This Track is cccccc
The Block Size is nnnn, Not 2048 as Would Be Expected
The Directory in This File System Qualifies as Using the setname Character Set
The Disc Is Not Recorded in XA Mode, But This File System is Marked for XA Mode
The Disc Is Recorded in XA Mode, But This File System Is Not Marked for XA Mode The File “ssssss” Appears in the Directory But is Not Present.
The Files ssssss and ssssss Overlap and One or Both are Destroyed The Last Track in the Table of Contents is Not the Lead-out The Mastering Program for this Disc Did Not Place Version Numbers (“;1”) After the Filenames The Post-gap for This Disc is Either Missing or Invalid. nnn Trailing Sectors Found The System Identifier in the ISO-9660 Volume Descriptor Contains Other Than “a” Characters The Volume Identifier in the ISO-9660 Volume The Volume Identifier is Blank. This May Cause Problems There Appear To Be Additional Boot Definitions Present. There are nnn Files in the Directory
Descriptor Contains Other Than “d” Characters
Which Are Not Recorded in This File System There are nnn Accessible Files and nnn Directories Contained in This File System There are nnn Directories in This File System There are nnn Files in This File System There are nnn Files Linked from Session nn There are nnn Files That Could Not Be Connected to a Filename There are nnnn Free Sectors in This Track There is a Total of nnn File Systems on Disc This Disc Appears to be “Open” and Can Have Data Added to It. The Pointer is nnnnn
This Disc Has nn Layers
This Disc Is Still “Open” and
Can Have Data Added To It
This File System Contains Compressed Data
This File System Was Written by ssssss
This File System Was Written
by Packet-writing Software
This Track Contains Audio with Pre-emphasis
This Track Contains Audio without Pre-emphasis
This Track Contains Data
and Contains ssssss File System(s).
This Track Contains Data from the File System in the Prior Track
This Track Has Been Recorded in XA Mode
This Track is Marked as Being Blank
Track nn Has Been Added to
Represent an Open Session
Track nn is an Audio Track
Track nn Occupies nnn sectors
(nn Me, nn Sec, nn Frames)
Track Contains MCN of nnnnnn
Track Image Written with nnnn Byte Sectors
Track Was Written with Fixed-
length Packets nnnn Bytes in Length
Track Was Written with Variable-length Packets
UDF Examination Error: ssssss
UDF Partition Exceeds Size of
Track According To Disc Information
Volume Create Date date
Volume Size Appears Suspicious;
Header Says nnnnn While Track is nnnnn Sectors
Warning: One or More Checksum
Errors were Detected in the UDF Structures
Warning: Root Directory Length is Specified as Zero
Warning: This Disc is Marked as
Having a Sparable Partition, But
No Sparing Information Table is Present
Warning: Virtual Allocation Table Missing
Warning: VAT Not Found in Conventional Place…
Whole Disc MD5 Hash Value xxxXXXXXXXXXXXXXX
The Hardware Information Display
Device Name
Revision
Date of Revision
Read CDDA Command
“RAW read” Command
Track Information Command
Using 10- Byte Commands
Readability Test Reason Code
Loading Mechanism
Bar Code Reading Supported
UPC Code is Read
ISRC Code is Read
C2 Error Pointers
Maximum Reading Speed
Multi-session Capable
Mode 2 Form 1 Supported
Mode 2 Form 2 Supported
Digital Output on Port 1
Digital Output on Port 2
Audio Play Supported
Reading CDDA Supported
CD-Text/CD+G Supported
CD-Text/CD+G Decoded
Accurate CDDA Positioning
Transfer Block Supported
Inactivity Spin-down
Device Capabilities
Device Buffer Size (in K)
Drive Serial Number
The Volume Information Display
ISO-9660 Volume Information
Volume ID
System ID
Volume Size
System Use
Volume Set Size
Volume in Set.
Block Size (Bytes)
Path Table Size (Bytes)
Path Table (L)
Optional Path Table (L)
Path Table (M)
Optional Path Table (M)
Root Directory Sector
Root Directory Timestamp
Volume Set..
Publisher
Data Preparer
Application
Copyright File
Abstract File
Bibliography File
Volume Created
Volume Modified
Volume Expires
Volume Effective
Volume Size
Volume Set Size
Volume in Set.
Block Size (Bytes)
Path Table Size (Bytes)
Root Directory Sector
Joliet Volume Information
Volume ID
System ID
Volume Size
System Use
Volume Set Size
Volume in Set
Block Size (Bytes)
Path Table Size (Bytes)
Path Table (L)
Optional Path Table (L)
Path Table (M)
Optional Path Table (M)
Root Directory Sector
Root Directory Timestamp
Volume Set.
Publisher
Data Preparer
Application
Copyright File
Abstract File
Bibliography File
Volume Created
Volume Modified
Volume Expires
Volume Effective
Volume Size
Volume Set Size
Volume in Set..
Block Size (Bytes)
Path Table Size (Bytes)
Root Directory Sector
HFS and HFS+ Volume Information
Volume ID
Files
Directories
Allocation Size (Bytes)
Allocation Blocks
Free Blocks
Volume Created
Volume Modified
HSG Volume Information
UDF Volume Information
Volume Descriptor Sequence
Volume ID
Interchange Level
Volume Set Name
Implementation Identifier
Application
Recording Time
Disc Reports
Disc Contents by Folder
Disc Contents by Name
Disc Contents by Extension
Files with MD5 Hash Value
CSV Format Export
Image Reports
Chapter 7 Using CD/DVD Inspector.
Examining a Disc-A Step-by-step Guide
Starting CD/DVD Inspector
Initial Observations
Analysis Tool
Disc Map
Quick Image Examination
Scan Files for Keywords
Other Examination Tasks
Create an ISO Image File
Create an InfinaDyne Image File
Determining the Writing Application
Date Correspondence
Missing Files
Multi-Session Hiding
Chapter 8 Advanced Tasks with CD/DVD Inspector.
Using Hash Matching and MD5 Hashes
Space Utilization Analysis
ISO-9660 Directory Analysis
Unknown Data Track Issues
Chapter 9 Reporting Your Findings
Full List of All Files on the Media
Image Report(s)
Analysis Report
Scan Files Results
Raw Search Results
Chapter 10 Things to Keep In Mind
Appendix A Disc Swap Drive Modification
Appendix B Downloading Additional Materials
Glossary
Index.
People also search for:
forensics 2
dvd forensics
x. cd
x-files dvd
x-rays forensics
forensic dvd copy
Tags: Paul Crowley, Dave Kleiman, CD and DVD Forensics