Versions Compared

Old Version 4

changes.mady.by.user Jade S Snelling

Saved on

compared with

New Version 5

changes.mady.by.user Jade S Snelling

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Magnetic media (3.5" floppy disks, Zip disks)

  • TD3 Forensic Imager
  • Physical write-protection
  • TD3 Forensic Imager

Tableau Forensic Imager

The Tableau Forensic Imager (TD3) is a modular forensic imaging system that has an intuitive, easy-to-use interface. 

Some Comments on the TD3 disk-to-file outputs

Sample log file output from TD3 attached for our review. Some log entries of note are:

Case ID: The case ID number.

Case Notes: Miscellaneous information about the case or duplication process for future reference. 

 

Regarding TD3 user defined destination naming, the following is a sample of what's possible:

E:\2017009_01_001

└───2017_01_001_diskimage

    └───2017-03-31_10-46-25

            2017009_01_001_diskimage.E01

            2017009_01_001_diskimage.log

            2017009_01_001_diskimage.packed_log

 

Note, the path on the destination disk for a disk-to-file duplication can be set:

\2017009_01_001\2017_01_001_diskimage

 

The TD3 setting for "Image Dir Naming" cannot be disabled or set to user defined. There are options for date + time, serial number/model number. The sample output is set to date + time:

2017-03-31_10-46-25

 

The "Image File Naming" setting does allow for user defined, as shown in sample:

2017009_01_001_diskimage.E01

 

The "_diskimage.packed_log" file can be discarded (not preserved) in my opinion, as it serves machine storage and transfer operational tasks, not intended for human readable, and contains less information than "_diskimage.log".

Write-protecting 3.5" floppies

3.5" floppy disks have small sliding tabs at their lower right-hand corners that control their read-write status. In order to physically ensure that your floppy disks are read-only, check to see whether the tab is closed (i.e., you are unable to see through it) or open (you are able to see through it): if open, the disk is write-protected. The first disk pictured below is read-write, the second is read-only (write-protected).

Image AddedImage Added

Optical media (CD-ROMs)

  • dd

...

This command is formatted differently to generate multiple outputs. The first segment of the command looks fairly similar to what I've described above (the source media, blocksize, and conv operands are all present); the second segment looks familiar, too – this is where my first output is directed (my the target), which is the actual .iso disk image; and the third segment directs the utility to generate an md5 checksum for the .iso file and output it to a text file.