PC-3000 and Digital Forensics

cyber-crime

The PC-3000 Systems are considered to be the most cutting-edge solutions for diagnosis, repair and data recovery from damaged storage devices.

The PC-3000 products have a lot of powerful functions that can be successfully used in the digital forensics field. The PC-3000 tools are often indispensable for cybercrime investigation. Even if a storage device is physically damaged, the investigative or/and judicial practice becomes possible due to the PC-3000 solutions.

When digital evidence is required, it’s sometimes impossible to get access to the data from damaged or password-locked drives. PC-3000 Systems help to make the data accessible for the operation system to proceed with crime investigation. It is true fact that the PC-3000 solutions possess a powerful potential for helping forensic experts in their every-day work with damaged storage devices.

Below are some features that can be helpful for evidence collection.

1. Support of forensic formats (*.E01; *.aff; *.s01; *.001.)

A disk or a partition can be exported into a selected format (*.E01;*.aff;*.001)

2016-04-22_11-36-52 (2)       2016-04-22_11-35-30 2016-04-22_11-35-52

2016-04-22_11-36-09 (2)

And it is possible to create a task based on disk and partition images in *.E01;*.aff;*.s01;*.001 formats:

2016-04-22_11-32-29

2. Possibility to export the lists of files and folders to CSV format and to calculate hash functions for folders, files, sectors and various sector ranges (using MD5 or SHA algorithms)

2016-04-22_11-25-57 (2)

After that you will see a dialog window. You can mark which fields you want to see in the csv report.

2016-04-22_11-26-42

And report will look like this:

2016-04-22_11-30-47

3. Password reset for HDDs

When you don’t know the master or user password, you can use special utilitites to remove it.

E.g. This is how it looks like on Seagate F3 drives. If a drive has ATA password set, you will see the following:

2016-04-22_14-20-30 (2)

And you can easily unlock it with Work with SA -> Reset passwords instrument

2016-04-22_14-23-53 (2)2016-04-22_14-28-29

4. Raw recovery mode

Powerful “last resort” mode for finding file headers when you are unable to recover the file structure.

2016-04-22_17-57-32

5. Check HPA

The PC-3000 products try not to look for data on the sectors that are out from translation. However, you can manually set max LBA and check if the hidden area contains any partitions or data.

6. Possibility to investigate the service area in order to find “backdoors”

2016-04-25_16-13-34

From time to time, we hear news about backdoors and malware in data storage devices. IT experts can examine service area via the PC-3000 software.

7. Data copy creation and saving the data to several healthy storage devices

2016-04-25_16-16-24

8. Possibility to build data storage maps for files, folders, used/unused spaces and metadata

fig_4

The PC-3000 products also have some other useful features that can be used for helping forensic experts in getting digital evidence.

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

This entry was posted in Data Extractor. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *