Absolutely! I agree. The hardware that is currently on the market will only do a direct disk to disk dupe. The most ideal solution would emulate the behavior of our software tools and store the image as a file (or a series of files) on the destination media. Going on a search or raid and getting a ratio of 1:1, that is, one image to one destination media is cost-prohibitive, as well as a duplication of effort, as the duplicate must be imaged again for storage and analysis (depending on your analysis method of choice). Building a device that can do this with built-in physical write protection would be a good project, I think. -- Matt Quoting "Michael D. Barwise, BSc, IEng, MIIE, MBCS" <mikeat_private>: > Sorry to butt in- hope it's OK. > > For this very reason (uncertainty of image accuracy), I have been > lobbying for ages for a dedicated imaging system which does not rely > on an *operating system* or *architecture*. It's a ridiculously > simple problem to solve (probably a few kB of code and a couple of > interface cards). > > On 25th Jun 2001 I sent this to the forensics digest, and I still > believe it's the right answer. > ------------------------ > My ideal disk copier would be a very basic PC, probably one of those > compact industrial single-board ones, with a truly blank target disk > and a spare port, running nothing except a custom-written native > application which does nothing except read literal sectors from one > hard disk to another (no OS). This application would be booted from > floppy disk to start the copy process. The required code, if written > in assembler, would be so small that it *could* be verified and > certified by anyone competent to read the source code. > -------------------------- > The code could alternatively be ROM-based. > > So a dedicated tool that does just this job and has no other > function, which is simple enough to explain to the non-technical > would solve this once and for all. > > Michael D. Barwise, BSc, IEng, MIIE, MBCS > Computer Security Awareness > tel +44 (0)1442 266534 > http://www.ComputerSecurityAwareness.com > > Addressing the Human Equation in Information Security > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 07:39:25 PST