Versions Compared

Old Version 3

changes.mady.by.user Jade S Snelling

Saved on

compared with

New Version Current

changes.mady.by.user Sara I Rogers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Magnetic media
  • Optical media

Magnetic media (3.5" floppy disks, Zip disks)

  • TD3 Forensic Imager
  • Physical write-protection
  • TD3 Forensic Imager

Tableau Forensic Imager

The Tableau Forensic Imager (TD3) is a modular forensic imaging system that has an intuitive, easy-to-use interface. 

Some Comments on the TD3 disk-to-file outputs

Sample log file output from TD3 attached for our review. Some log entries of note are:

Case ID: The case ID number.

Case Notes: Miscellaneous information about the case or duplication process for future reference. 

 

Regarding TD3 user defined destination naming, the following is a sample of what's possible:

E:\2017009_01_001

└───2017_01_001_diskimage

    └───2017-03-31_10-46-25

            2017009_01_001_diskimage.E01

            2017009_01_001_diskimage.log

            2017009_01_001_diskimage.packed_log

 

Note, the path on the destination disk for a disk-to-file duplication can be set:

\2017009_01_001\2017_01_001_diskimage

 

The TD3 setting for "Image Dir Naming" cannot be disabled or set to user defined. There are options for date + time, serial number/model number. The sample output is set to date + time:

2017-03-31_10-46-25

 

The "Image File Naming" setting does allow for user defined, as shown in sample:

2017009_01_001_diskimage.E01

 

The "_diskimage.packed_log" file can be discarded (not preserved) in my opinion, as it serves machine storage and transfer operational tasks, not intended for human readable, and contains less information than "_diskimage.log".

Write-protecting 3.5" floppies

3.5" floppy disks have small sliding tabs at their lower right-hand corners that control their read-write status. In order to physically ensure that your floppy disks are read-only, check to see whether the tab is closed (i.e., you are unable to see through it) or open (you are able to see through it): if open, the disk is write-protected. The first disk pictured below is read-write, the second is read-only (write-protected).

Image AddedImage Added

Optical media (CD-ROMs)

  • dd

For optical media, using the dd command is one of the simplest options for capturing a raw image.

...

This command is formatted differently because I want to generate multiple outputs. The first segment of the command looks fairly similar to what I've described above (the source media, blocksize, and conv operands are all present); the second segment looks familiar, too – this is where my first output is directed (my the target), which is the actual .iso disk image; and the third segment directs the utility to generate an md5 checksum for the .iso file and output it to a text file.