Excuse me rambling but This is an interesting one. Whilst it should be reasonably straight forward to write a firmware imager for IDE disk I think that SCSI disks will be another kettle of fish. SCSI drives are normally accessed through the ASPI interface under DOS and ASPI/SPTI under Windows. ASPI is a DOS/Windows library and SPTI is a Windows library these would either need to be replaced or bypassed for your idea to work. I haven't played with Direct access to SCSI for many years but if memory serves me each card is basically different so you either need to specify a particular controller card in the PC or write for all of them... I have a logicube and have used a solo and although both seem to fit your requirements both are running programs - albeit from firmware. Each of the machines has a sequence of buttons that you can use to interrogate the source and destination. erase the destination, decide what you can do on an error situation... There are also different versions of the firmware floating around. So depending on what you do before you actually press the 'clone now' button, as it is on the logicube, what state is the machine in? My preferred solution is to read the drive using two separate utilities. if I were to be paranoid I would use Encase to image via a FastBloc and one of my own utils to read the drive and calculate an MD5 hash (preferably doing one using X/BIOS calls and one using direct access). If the Hashes are the same then I believe that I can convince a jury that everything is working fine. Your point about the jury being non-techy is a fair one but what makes you think they will understand your solution. Most people/jurors are at least familiar with PC's you get to explain to them that this is a PC with a difference.. Not knocking your idea - just food for thought Paul =================================== Paul Sanderson T. #44 1869 325667 F. #44 1869 369001 M. #44 7808 773856 http://www.sandersonforensics.co.uk =================================== -----Original Message----- From: Mike Shaw [mailto:mshawat_private] Sent: 21 March 2002 16:10 To: mail@computer-security-awareness.co.uk; rsgilmoreat_private; forensicsat_private Subject: Re: Encase and data recovery > >I'm afaid not. "Copy-II-PC" ran as a DOS application. I'm suggesting >a totally OS-free system using a few kB of dedicated machine code. I think the CopyIIPC system comment was somewhat toungue-in-cheek, but there was actually a CopyIIPC floppy controller you could get that would turn your PC into a byte by byte disk copying machine. This is pretty much what you're talking about right? -Mike ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 15:12:33 PST