Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Sergioramos
New Today: 0
New Yesterday: 3
Overall: 29353

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 A question for students and newbies
 E-DISCOVERY & DATA RECOVERY? WHICH ONE IS BETTER?
 Computer Forensic in e-commerce
 Computer Forensic as component in Information Security
 Small Business - Do You Prepared?

Computer Forensics World Forums


Pages Served
We received
51198593
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Analysis of a CD
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Analysis of a CD

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues: Peripherals
View previous topic :: View next topic  
Author Message
putergeek
Newbie
Newbie


Joined: Sep 02, 2008
Posts: 35

PostPosted: Tue Nov 18, 2008 6:38 am    Post subject: Analysis of a CD Reply with quote

Couple questions:

I have a cd with several Outlook e-mails on it that need to be examined.

I have played around with infinadynes cd/dvd inspector...is it better to do the whole examination on cd/dvd inspector or to image it and then put it into Encase?

To image it in cd/dvd inspector should you image using the infinadyne disc image or image it to a zip file?

Then lastly what is the best way to show the contents of the Outlook email in report format?

Any advice about cd analysis is greatly appreciated. Thank you in advance!
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Tue Nov 18, 2008 6:50 am    Post subject: Reply with quote

I look at CD/DVD Inspector as a tool to analyze the actual disk with the focus on media (pics, videos, music) analysis.

Does the CD contain individually saved messages, PST files, other?

If this is a mail analysis there are better tools than CD/DVD Inspector. EnCase and FTK create nice HTML presentations of E-Mail (although I prefer FTK for E-Mail).
Back to top
View user's profile
LarryEDaniel
Newbie
Newbie


Joined: Sep 30, 2008
Posts: 41
Location: Raleigh, NC

PostPosted: Sun Nov 23, 2008 2:39 pm    Post subject: Reply with quote

When you say Outlook emails do you mean .pst files? Just image the CD with Encase or FTK if you have it.

In Encase, add the CD .e01 file and you will see what appears to be two copies of the same CD. That is because Encase will see both the formats the CD is written in. UDF and ISO. (If that is the case anyway.)

Once you have it in Encase, just locate the .pst file, right click on it and select View File Structure. That will bring up all the emails in Encase so you can view them in the explorer pane and bookmark them as needed.
Back to top
View user's profile Visit poster's website
putergeek
Newbie
Newbie


Joined: Sep 02, 2008
Posts: 35

PostPosted: Tue Nov 25, 2008 2:28 am    Post subject: Reply with quote

The files are a .nws extension from ms outlook newsgroups. I have tried imaging the cds in Encase and it freezes everytime.
Back to top
View user's profile
athulin
Newbie
Newbie


Joined: Oct 19, 2007
Posts: 238

PostPosted: Tue Nov 25, 2008 10:04 pm    Post subject: Reply with quote

putergeek wrote:
The files are a .nws extension from ms outlook newsgroups. I have tried imaging the cds in Encase and it freezes everytime.


That is often an indication that the CD contains bad sectors: I think EnCase lets the CD drive do its own thing when it hits a bad sector (on my CD, it means up to 100 read attempts before it gives up). Then I supect EnCase tries one or two time more, just for safety. That obviously takes more time than it needs, and it very much looks as if Encase has frozen. (Checking the byte I/O for the process helps a bit in understanding what's going on)

If you have CloneCD from Slysoft, use that instead: it does the right thing for bad sectors -- gives up on bad sectors reasonably quickly. And you can configure it far more than Encase: you can create a 'forensic' profile to fit your own needs (added: as regards number of rewrites and how many sectors to skip after hitting a bad sector). Also recent versions of EnCase can read the image files produced by CloneCD.

I think there is a demo version of it to try out.

CD/DVD inspector should not hit those kind of problems, though -- I would be surprised if it did.


Last edited by athulin on Thu Nov 27, 2008 5:20 pm; edited 1 time in total
Back to top
View user's profile
dthstker
Newbie
Newbie


Joined: Aug 05, 2008
Posts: 82
Location: Colorado

PostPosted: Thu Nov 27, 2008 4:29 am    Post subject: Reply with quote

CD/DVD inspector will allow you to retry when it hits errors, or skip errors. It will also generate a report listing all the errors.

Don L.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues: Peripherals All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.