Posts

Showing posts from August, 2009

SSD Drives and IT Forensics - Update

In previous post The implication of new firmware released for OCZ SSD on computer forensics I asked a number of questions. The post was also send to an internal mailing list where I work. A number of responses came back and I thought I'd share them

1. What are the implications of having this included in the firmware of SSD drives and how would you acquire such a drive?

The implications are wide ranging, but essentially the volume of recoverable data may be reduced. (Forensic analysis of deleted items, system artefacts, etc may not be possible). However, acquisition methods will not be affected.

2. Does the firmware start clearing sectors when it is simply to a power supply or does it require other hardware to be attached?

3. If it starts clearing sectors when connected to a power supply what legal implication will this have if during the acquisition of the drive potential evidence is been deleted by the built-in firmware before if can be forensically acquired ?

No, the firmware does …

The implication of new firmware released for OCZ SSD on computer forensics

UPDATE - Questions answered

On my daily trawl through various feeds, thanks Google Reader for making this so easy, I came across an article that discussed the "benefits" of this new firmware. While I tend to agree with the write from a performance standpoint the IT Forensics voice in my head was saying this could make my job more interesting.

This firmware is designed to keep the speed of the SSD drive as close as possible to that of a new drive even if the drive has been used over a long period of time . The flash memory used on the SSD drive is comprised of cells that usually contain 4KB pages that are arranged in blocks of 512KB. When a cell is unused, data can be written to it relatively quickly. But if a cell already contains some data, no matter how little even if it fills only a single page in the block,the entire block must be re-written.

This is because a memory cell has to be empty to have data written on it, even if it's only partially filled. The data already co…

Root on HTC Magic

[UPDATE]

1 Click Android Rooting ...

http://androidandme.com/2009/08/news/how-to-root-a-t-mobile-g1-and-mytouch-3g-android-phone/



I recently got a HTC Magic on Vodafone UK and decided that it was about time I got root on it.

Murphy's law states that anything that can go wrong will go wrong. Step 1 is always make sure you have a backup.

I downloaded the files from The Unlockr's Guide to getting root on HTC Magic. Since my phone is a Vodafone UK version I downloaded the 32B files.

After extracting the SDK to C:\AndroidSDK\ and the images to C:\AdnroidSDK\tools

I booted my phone into fastboot mode: Power on phone with the "Back" arrow held down.
Connect the usb cable, open a command prompt and and run the following from your AndroidSDK\tools folder:

fastboot boot recovery-new.img

Your phone will reboot and you will be presented by the Android System Recovery Menu.
Choose the "Nandroid Backup 2.1" option. After 2-5 minutes backups of your phones system,boot,recovery,data,…

Slipstream or integrate Office 2007 Service Pack 2 (SP2)

If like me you update and deploy software to new workstation on a regular basis you will quickly grow tired of installing MS Office and then installing the latest service pack. This quick guide will assist in slipstreaming the latest service pack (SP2) into MS Office 2007. I will assume that you will be installing office from a network share and have already copied the entire contents of the CD to this folder.

Download the standalone installer office2007sp2-kb953195-fullfile-en-us.exe to a temporary folder (c:\tmp)
Create folder called Updates (C:\Updates)
Open a command line window (CMD) and type the following on one line:

c:\updates\office2007sp2-kb953195-fullfile-en-us.exe /extract:C:\Updates

Agree to the EULA and then close the Installer when completed.
Move the contents of the C:\Updates folder to the Updates folder in your Office 2007 install folder structure.

Enabling AHCI after installing Windows XP x64

Download the OS Pre-Install sata drivers and extract to a temporery location on the machine (c:\tmp).

Open Device Manager
under IDE ATA/ATAPI controllers you should see something like : Intel ICH9 Serial ATA Storage Controller.
Right-Click on that and select Update Driver
Say no to connecting to Windows Update to search, hit Next
Select Install from a list or specific location (Advanced), hit Next
Select "Don't search. I will choose the driver to install", hit Next
Select Have Disk
Browse to the Driver folder (c:\tmp\) and highlight the iastor.inf file, hit Open Select OK

Now you should have a list of controllers ICH9 /AHCI driver
You'll get warned that installing the device driver is not recommended, click Yes to continue installing
Click Finish
If you have more than one Intel ICH9 Serial ATA Storage Controller you will need to do this for each before restarting
When system boots enter the bios, navigate to the SATA Operation option or equivlant and set it to AHCI
Verify your sat…