skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 199000   Add to Shopping cart   Find in a Library
Title: Partial Results from Prototype Testing Efforts for Disk Imaging Tools: SafeBack 2.0
Corporate Author: National Institute of Standards and Technology (NIST)
United States of America
Date Published: 04/2003
Page Count: 108
Sponsoring Agency: National Institute of Justice
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 94-IJ-R-004
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Document: PDF 
Type: Test/Measurement
Language: English
Country: United States of America
Annotation: This document discusses the accuracy of tools used in computer forensics investigations.
Abstract: The product used for test development was SafeBack version 2.0. The disk imaging specification and the test cases were an early version of the specifications now in use. The support software and the testing procedures were prototype versions. Partial results show that the tool did not alter the original disk, made a bit-stream duplicate or an image of an original disk or partition, logged I/O errors, and the documentation was correct. There were several detected anomalies. If an entire physical disk was duplicated on a larger physical disk, SafeBack allowed the specification of either filling the remainder of the destination with zeros or leaving the destination as it was. If SafeBack was used to copy a physical disk to another physical disk of a different geometry, SafeBack optionally could reposition partitions to disk cylinder boundaries. A SafeBack image file contained all the data read from the imaged source plus cyclical redundancy checksums (CRC) for verifying the integrity of the captured data. The primary testing environment consisted of six different platforms: beta-1, beta-2, beta-3, beta-4, beta-5, and beta-6. The results show that if a source is copied to a destination, either directly or indirectly, and there are no I/O errors, then corresponding sectors compare equal. Excess destination sectors are assigned values according to run-time tool options selected by the user. The tool must notify the user if some source sectors are not copied to the destination. Using the tool over a communications link yields the same result as would have been obtained without the communications link. Deleted files can be recovered. The tool does not access areas of the disk outside the boundaries indicated by the BIOS.
Main Term(s): Testing and measurement ; Forensics/Forensic Sciences
Index Term(s): Computer software ; Evaluation measures ; Effectiveness ; Technical assistance resources ; Scientific testimony ; Instrument validation ; NIJ grant-related documents
Note: NIJ Special Report; downloaded April 14, 2003.
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=199000

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.