|
Host Protected Area
The host protected area (HPA) is an area of a hard drive or solid-state drive that is not normally visible to an operating system. It was first introduced in the ATA-4 standard CXV (T13) in 2001. How it works The IDE controller has registers that contain data that can be queried using ATA commands. The data returned gives information about the drive attached to the controller. There are three ATA commands involved in creating and using a host protected area. The commands are: * IDENTIFY DEVICE * SET MAX ADDRESS * READ NATIVE MAX ADDRESS Operating systems use the IDENTIFY DEVICE command to find out the addressable space of a hard drive. The IDENTIFY DEVICE command queries a particular register on the IDE controller to establish the size of a drive. This register however can be changed using the SET MAX ADDRESS ATA command. If the value in the register is set to less than the actual hard drive size then effectively a host protected area is created. It is protected because the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hard Drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, platters coated with magnetic material. The platters are paired with disk read-and-write head, magnetic heads, usually arranged on a moving actuator arm, which read and write data to the platter surfaces. Data is accessed in a random-access manner, meaning that individual Block (data storage), blocks of data can be stored and retrieved in any order. HDDs are a type of non-volatile storage, retaining stored data when powered off. Modern HDDs are typically in the form of a small disk enclosure, rectangular box. Hard disk drives were introduced by IBM in 1956, and were the dominant secondary storage device for History of general-purpose CPUs, general-purpose computers beginning in the early 1960s. HDDs maintained this position into the modern er ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Antivirus
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect against other computer threats. Some products also include protection from malicious URLs, Spam (electronic), spam, and phishing. History 1971–1980 period (pre-antivirus days) The first known computer virus appeared in 1971 and was dubbed the "Creeper (program), Creeper virus". This computer virus infected Digital Equipment Corporation's (Digital Equipment Corporation, DEC) PDP-10 mainframe computers running the TENEX (operating system), TENEX operating system. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Forensics
Computer forensics (also known as computer forensic science) is a branch of digital forensics, digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information. Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices as other digital evidence. It has been used in a number of high-profile cases and is accepted as reliable within U.S. and European court systems. Overview In the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AT Attachment
Parallel ATA (PATA), originally , also known as Integrated Drive Electronics (IDE), is a standard interface designed for IBM PC-compatible computers. It was first developed by Western Digital and Compaq in 1986 for compatible hard drives and CD or DVD drives. The connection is used for storage devices such as hard disk drives, floppy disk drives, optical disc drives, and tape drives in computers. The standard is maintained by the X3/INCITS committee. It uses the underlying (ATA) and Packet Interface ( ATAPI) standards. The Parallel ATA standard is the result of a long history of incremental technical development, which began with the original AT Attachment interface, developed for use in early PC AT equipment. The ATA interface itself evolved in several stages from Western Digital's original Integrated Drive Electronics (IDE) interface. As a result, many near-synonyms for ATA/ATAPI and its previous incarnations are still in common informal use, in particular Extended ID ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Master Boot Record
A master boot record (MBR) is a type of boot sector in the first block of disk partitioning, partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBRs was publicly introduced in 1983 with PC DOS 2.0. The MBR holds the information on how the disc's sectors (A.K.A. "blocks") are divided into partitions, each partition notionally containing a file system. The MBR also contains executable code to function as a loader for the installed operating system—usually by passing control over to the loader's second stage, or in conjunction with each partition's volume boot record (VBR). This MBR code is usually referred to as a boot loader. The organization of the partition table in the MBR limits the maximum addressable storage space of a partitioned disk to 2 Tebibyte, TiB . Approaches to slightly raise this limit utilizing 32-bit arithmetic or 4096-byte sectors are not officially s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GUID Partition Table
The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive. It is part of the Unified Extensible Firmware Interface (UEFI) standard. It has several advantages over master boot record (MBR) partition tables, such as support for more than four primary partitions and 64-bit rather than 32-bit logical block addressing, logical block addresses (LBA) for blocks on a storage device. The larger LBA size supports larger disks. Some BIOSes support GPT partition tables as well as MBR partition tables, in order to support larger disks than MBR partition tables can support. GPT uses universally unique identifiers (UUIDs), which are also known as globally unique identifiers (GUIDs), to identify partitions and partition types. All modern personal computer operating systems support GPT. Some, including macOS and Microsoft Windows on the x86 architecture, support booting from GPT partitio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
The Sleuth Kit
The Sleuth Kit (TSK) is a Open-source software, open-source Library (computing), library and collection of utilities for Unix-like operating systems and Microsoft Windows, Windows that is used for extracting and parsing data from disk drives and other computer Data storage, data storage devices so as to facilitate the Computer forensics, forensic analysis of computer systems. It forms the foundation for Autopsy (software), Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit. The software is under active development and it is supported by a team of developers. The initial development was done by Brian Carrier who based it on The Coroner's Toolkit. It is the official successor platform. The Sleuth Kit is capable of parsing NTFS, File Allocation Table, FAT, ExFAT, Unix File System, UFS versions 1 and 2, Ext2, Ext3, Ext4, HFS Plus, HFS, ISO 9660 and YAFFS, YAFFS2 file systems either on disk or within ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hdparm
hdparm is a command line program for Linux to set and view ATA hard disk drive hardware parameters and test performance. It can set parameters such as drive caches, sleep mode, power management, acoustic management, and DMA settings. GParted GParted is a GTK front-end to GNU Parted and an official GNOME partition-editing application (alongside GNOME Disks, Disks). GParted is used for creating, deleting, resizing, moving, checking, and copying Partition (computing), disk partitions a ... and Parted Magic both include ''hdparm''. Changing hardware parameters from suboptimal conservative defaults to their optimal settings can improve performance greatly. For example, turning on DMA can, in some instances, double or triple data throughput. There is, however, no reliable method for determining the optimal settings for a given controller-drive combination, except careful trial and error. Depending on the given parameters, ''hdparm'' can cause computer crashes or render the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Forensic Toolkit
Forensic Toolkit, or FTK, is computer forensics software originally developed by AccessData, and now owned and actively developed by Exterro. It scans a hard drive looking for various information. It can, for example, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption. FTK is also associated with a standalone disk imaging program called FTK Imager. This tool saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 and SHA1 hash values A hash function is any function that can be used to map data of arbitrary size to fixed-size values, though there are some hash functions that support variable-length output. The values returned by a hash function are called ''hash values'', ... and can verify the integrity of the data imaged is consistent with the created forensic image. The forensic image can be saved in several formats, including DD/raw, E01, and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
EnCase
EnCase is the shared technology within a suite of digital investigations products by Guidance Software (acquired by OpenText in 2017). The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. EnCase is traditionally used in forensics to recover evidence from seized hard drives. It allows the investigator to conduct in-depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information. The company also offers EnCase training and certification. Data recovered by EnCase has been used in various court systems, such as in the cases of the BTK Killer and the murder of Danielle van Dam. Additional EnCase forensic work was documented in other cases such as the evidence provided for the Casey Anthony, Unabomber, and Mucko (Wakefield Massacre) cases. Company and Product Overview Guidance Software, and the Encase forensic tool, was originally created by Shawn H. M ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ATATool
ATATool is freeware software that is used to display and modify ATA disk information from a Microsoft Windows environment. The software is typically used to manage host protected area (HPA) and device configuration overlay (DCO) features and is broadly similar to the hdparm for Linux. The software can also be used to generate and sometimes repair bad sectors. Recent versions include support for DCO restore and freeze operations, HPA security (password) operations and simulated bad sectors. ATATool is no longer available for personal download and can only be used for "professional users" like for security researchers. Usage examples ATATool must be run with administrator privileges. On Windows Vista and later it requires an elevated-privileges command prompt (see User Account Control). The target drive must be connected to a physical disk controller. The software will not work when using a hard drive through an external connection like USB or any external hard drive. Display ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
