Download
raid acquisition n.
Skip this Video
Loading SlideShow in 5 Seconds..
RAID Acquisition PowerPoint Presentation
Download Presentation
RAID Acquisition

RAID Acquisition

179 Vues Download Presentation
Télécharger la présentation

RAID Acquisition

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. RAID Acquisition Computer Forensics COEN 152/252

  2. RAID Levels • RAID 0: Just a Bunch Of Disks (JBOD) • RAID 1: Mirrored • RAID 5: Redundancy through parity • distributed parity

  3. RAID • Hardware RAID • Two types: • Special controller that plugs into one of the buses • Device that plugs into normal disk controller such as ATA, SCSI, Firewire, … • Computer sees a single volume

  4. RAID • Hardware RAID acquisition • Step 1: Acquire and investigate complete RAID volume as a single volume • Needs big target device. • Use device drivers such as those contained on Linux distributions • Step 2: Acquire individual disks and look for hidden data in possible areas that the RAID volume did not use. • Keyword searches can also be performed on the individual disks.

  5. RAID • Software RAID • OS sees individual disks • But sees them together as a single volume. • CPU calculates parity info.

  6. RAID • Software RAID • Easiest: Acquire entire volume • Encase, ProDiscover can import disks from a Windows RAID volume and analyze them as a single volume. • Allows access to data that is hidden on individual disks.