Data Recovery | DataRecoveryUnion.com

Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, Matt Pepe.

Paperback: 507 pages
Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
Language: English
ISBN-10: 007222696X
ISBN-13: 978-0072226966
Product Dimensions: 9.1 x 7.3 x 1.2 inches
Shipping Weight: 2 pounds
Popular:

Description:

A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway–they’re often hard to spot–and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.

Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don’t–and can’t–offer a foolproof guide to catching crackers in the act, but they do offer a great “best practices” guide to active surveillance. –David Wall

Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it’s detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier. –This text refers to an alternate Paperback edition.

Price:

List Price: $52.99 Price: $33.38 You Save: $19.61

Data Recovery

Data Recovery Glossary (Letter L)

DATARECOVERYUNION.COM15 years ago12 years ago05 mins

Landing Zone
The heads move to this location on the inner portion of the disk when commanded, or when the power has been turned off. User data is not stored in this area of the disk.

Laser Textured Media
Laser textured disks minimize the wear and friction on a hard drive. The precision and consistency of the laser zone texturing process is a major contributor to the robustness of newer model hard drives.

Latency
The period of time that the read/write heads wait for the disk to rotate to the correct position to access the desired data. For a disk rotating at 5200 RPM, the average latency is 5.8 milliseconds; or, the average time delay between the head arriving on track and the data rotating to the head. (Calculated as one-half the revolution period.)

Local Area Network (LAN)
A system in which computer users in the same company or organization are linked to each other and often to centrally-stored collections of data in LAN servers.

Logical Address
A storage location address that may not describe the physical location; instead, it used as a means to request information from a controller. The controller converts the request from a logical to a physical address that is able to retrieve the data from an actual physical location on the storage device.

LBA (Logical Block Addressing)
A method of addressing the sectors on a drive. Addresses the sectors on the drive as a single group of logical block numbers instead of cylinder, head and sector addresses. It allows for accessing larger drives than is normally possible with CHS addressing.

Logical Drive
A logical drive is a section of the hard disk that appears to be a separate drive in a directory structure. You create logical drives on the extended partition of a hard disk. While 26 letters exist for logical drives, the first three are reserved. A and B are reserved for floppy disk drives, and C is reserved for the first primary DOS partition. Therefore, you can create up to 23 logical drives on your extended partition. Logical drives are usually used to group directories and files.

Logistics Model
The systems by which a company organizes the physical distribution of its products. A hard drive manufacturer’s model might include portions to OEM customers, to distributors, to retail chains or to all of these.

Low-level formatting
The process of creating sectors on the disk surface; this permits the operating system to use the regions needed to create the file structure. Also called initialization. Low-level formatting is often performed at manufacturing facilities or in highend technciacl data facilities. There is no need (in most scenarios) for a typical consumer to low-level format a hard drive.

Low profile (LP)
Standard 3.5-inch hard drives are available in heights of 1.0-inch and 1.6-inches. Low-profile hard drives measure 1.0-inches in height.

Data Recovery

Data Recovery Glossary (Letter I)

DATARECOVERYUNION.COM15 years ago12 years ago03 mins

IDE (Integrated Drive Electronics)
A type of drive where the interface controller electronics are incorporated into the design of the hard drive rather than as a separate controller.

Index Pulse Signal
A digital pulse signal indicating the beginning of a disk revolution. An embedded servo pattern or other prerecorded information is present on the disk following index.

Initiator
A device in control of the SCSI bus that sends commands to a target. Most SCSI devices have a fixed role as an initiator or a target; however, some devices can assume both roles.

Initialization
See low-level formatting.

Input
The incoming data that the computer processes, such as commands issued by the user.

Input/output (I/O)
An operation or device that allows input and output.

Interface
A hardware or software protocol that handles the exchange of data between the device and the computer; the most common ones are AT (also known as IDE) and SCSI. (See AT and SCSI.)

Interface controller
The chip or circuit that translates computer data and commands into a form suitable for use by the hard drive and controls the transfer of data between the buffer and the host. (See disk controller and disk drive controller.)

Interleave
The arrangement of sectors on a track.

Interrupt
A signal sent by a subsystem to the CPU that signifies a process has either completed or could not be completed.

ISA
Industry Standard Architecture. The standard 16-bit AT bus designed by IBM for the PC/AT system. ISA was the only industry standard bus for PCs until the recent release of MCA (MicroChannel Architecture), EISA (Extended Industry Standard Architecture), and PCI (Peripheral Component Interconnect).

Data Recovery

Data Recovery Glossary (Letter H)

DATARECOVERYUNION.COM15 years ago12 years ago05 mins

Half-Duplex
A communications protocol that permits transmission in both directions but in only one direction at a time.

Half-height Drives
Standard 3.5-inch hard drives are available in heights of 1.0-inch and 1.6-inches. Half-height drives measure 1.6-inches in height.

Hard Disk
A mass storage device that transfers data between the computer’s memory and the disk storage media. Hard disks are rotating, rigid, magnetic storage disks.

Hard Drive
An electromechanical device used for information storage and retrieval, incorporating one or more rotating disks on which data is recorded, stored and read magnetically.

Hard Drive Industry
The combined manufacturers of hard drives. In the United States, the industry is led by IBM, Maxtor, Seagate, Quantum and Western Digital.

Hard Error
An error that is repeatable every time the same area on a disk is accessed.

Hard Sectored
A technique that uses a digital signal to indicate the beginning of a sector on a track.

Head
The minute electromagnetic coil and metal pole which write and read back magnetic patterns on the disk. Also known as a read/write head. A drive with several disk surfaces or platters will have a separate head for each data surface. See also MR Head.

Head Actuator
A motor that moves the head stack assembly in a hard drive to align read/write heads with magnetic tracks on the disks.

Head Crash
Refers to the damage incurred to a read/write head when the head comes into contact with the disk surface. A head crash might be caused by severe shock, dust, fingerprints, or smoke, and can cause damage to the surface of the disk and/or the head.

Head Disk Assembly (HDA)
The mechanical components of a hard drive, including the disks, heads, spindle motor and actuator.

Head Loading Zone
An area on the disk specifically reserved for the heads to use when taking off or landing when power to the drive is turned on or off. No data storage occurs in the head loading zone.

Head Stack Assembly
The electromechanical mechanism containing read/write heads and their supporting devices.

Headerless Format
The lack of a header or ID fields (track format). This enables greater format efficiency and increased user capacity.

High-end Market
The enterprise market.

High-Level Format
A high-level format must be performed (with EZ-Drive or the Format command) on a new hard drive (in most cases) before you can use it. Formatting erases all the information on a hard drive and it sets up the file system needed for storing and retrieving files.

Host
The computer that other computers and peripherals connect to. See also initiator.

Host Adapter
A plug-in board that acts as the interface between a computer system bus and the disk drive.

Host Interface
The point at which the host and the drive are connected to each other.

Host Transfer Rate
Speed at which the host computer can transfer data across the SCSI interface; or, the speed at which the host computer can transfer data across the EIDE interface. Processor Input/Output (PIO) modes and Direct Memory Access (DMA) modes are defined in the ATA-4 industry specifications for the EIDE interface.

Data Recovery

Computer Forensics: Incident Response Essentials

DATARECOVERYUNION.COM15 years ago4 years ago04 mins

Computer Forensics: Incident Response Essentials by Warren G. Kruse, Jay G. Heiser

Details:

Paperback: 416 pages
Publisher: Addison-Wesley Professional (October 6, 2001)
Language: English
ISBN-10: 0201707195
ISBN-13: 978-0201707199
Product Dimensions: 9.1 x 7.3 x 0.9 inches
Shipping Weight: 1.4 pounds
Popular:

Description:

Computer security is a crucial aspect of modern information management, and one of the latest buzzwords is incident response–detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did, and hopefully find out who they are.

There is little doubt that the authors are serious about cyberinvestigation. They advise companies to “treat every case like it will end up in court,” and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximize system uptime while protecting the integrity of the “crime scene.”

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a “white hat” hacker in order to combat the criminal “black hat” hackers. The message is clear: if you’re not smart enough to break into someone else’s system, you’re probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise in Unix/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and to probe your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll’s classic The Cuckoo’s Egg are still in use over 10 years later–both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. –Pete Ostenson

Price:

List Price: $54.99 Price: $34.64 You Save: $20.35

Data Recovery

Computer Forensics JumpStart (Jumpstart (Sybex))

DATARECOVERYUNION.COM15 years ago4 years ago02 mins

Paperback: 304 pages
Publisher: Wiley (December 10, 2004)
Language: English
ISBN-10: 078214375X
ISBN-13: 978-0782143751
Product Dimensions: 8.8 x 7.5 x 0.7 inches
Shipping Weight: 9.6 ounces
Popular:

Description:

At the heart of modern corporate crime and counter-terrorism investigations, computer forensics is now the fastest growing segment of IT and law enforcement. For everyone curious about this hot field, here is an in-depth introduction to the technological, social, and political issues at hand. Sybex’s JumpStart approach is ideal for those interested in computer forensics but not yet sure what it’s all about. It offers a complete overview of the basic skills and available certifications that can help to launch a new career.

Launch Your Career in Computer Forensics—Quickly and Effectively Written by a team of computer forensics experts, Computer Forensics JumpStart provides all the core information you need to launch your career in this fast-growing field:

Conducting a computer forensics investigation
Examining the layout of a network
Finding hidden data
Capturing images
Identifying, collecting, and preserving computer evidence
Understanding encryption and examining encrypted files
Documenting your case
Evaluating common computer forensic tools
Presenting computer evidence in court as an expert witness

Price:

List Price: $29.99 Price: $19.79 You Save: $10.20

Data Recovery

Data Recovery Glossary (Letter F)

DATARECOVERYUNION.COM15 years ago12 years ago05 mins

FAT (File Allocation Table)
A data table stored at the beginning of each partition on the disk that is used by the operating system to determine which sectors are allocated to each file and in what order.

Fdisk
A software utility used to partition a hard drive. This utility is included with DOS and Windows 95 operating systems.

Fetch
The process of retrieving data.

Fibre Channel (FC)
The general name given to an integrated set of standards being developed by an ANSI-approved X3 group. This set of standards defines new protocols for flexible information transfer. Fibre channel supports three topologies: point-to-point, arbitrated loop, and fabric.

Fibre Channel Arbitrated Loop (FC-AL)
A subset of fibre channel network systems interconnection. A serial storage interface designed to meet the needs of high-end applications.

Firmware
Permanent instructions and data programmed directly into the circuitry of read-onlymemory for controlling the operation of the computer.

Firewire
FireWire (also referred to as IEEE1394 High Performance Serial Bus) is a very fast external bus that supports data transfer rates of up to 800 Mbps. It is similar to USB. It preceded the development of USB when it was originally created in 1995 by Apple. FireWire devices can be connected and disconnected any time, even with the power on. When a new FireWire device is connected to a computer, the operating system automatically detects it and prompts for the driver disk.

FIT (Functional Integrity Testing)
A suite of tests on hard drive products to ensure compatibility with different hosts, operating systems, adapters, application programs, and peripherals. This testing must be performed before the product can be released to manufacturing.

Flow Control
In PIO transfers, the ability of an EIDE drive to control the speed at which the host transfers data to or from the drive by using the IORDY signal. The host temporarily stops transferring data whenever the drive deasserts the IORDY signal. When the drive reasserts the IORDY signal, the host continues the data transfer.

Format
A process that prepares a hard drive to store data. Low-level formatting sets up the locations of sectors so user data can be stored in them. Most hard drives are low-level formatted at the factory and therefore do not need to be low-level formatted by the end user. You need to perform a high-level format (with EZ-Drive or the Format command) on your new hard drive before you can use it. Formatting erases all the information on a hard drive and it sets up the file system needed for storing and retrieving files.

Formatted Capacity
The actual capacity available to store data in a mass storage device. The formatted capacity is the gross capacity minus the capacity taken up by the overhead data required for formatting the media.

Form Factor
The industry standard that defines the physical and external dimensions of a particular device.

Full-Duplex
A communication protocol that permits simultaneous transmission in both directions.

Data Recovery

Data Recovery Glossary (Letter E)

DATARECOVERYUNION.COM15 years ago12 years ago02 mins

EIDE (Enhanced Integrated Drive Electronics)
The primary interface used by desktop PCs to handle communication between hard drives and the central processing unit. The equivalent interface system in most enterprise systems is SCSI.

Embedded Servo Control
The embedded servo control design generates accurate feedback information to the head position servo system without requiring a full data surface (which is required with a “dedicated” servo control method) because servo control data is stored on every surface.

Encoding
The process of modifying data patterns prior to writing them on the disk surface.

Enterprise
The series of computers employed largely in high-volume and multi-user environments such as servers or networking applications; may include single-user workstations required in demanding design, engineering and audio/visual applications.

Error Correction Code (ECC)
A mathematical algorithm that detects and corrects errors in a data field.

Error Log
A record that contains error information.

Error Rate
The number of errors of a given type that occur when reading a specified number of bits.

Extended Partition
You can create multiple partitions on a hard disk, one primary partition and one or more extended partition(s). Operating system files must reside on the primary partition. An extended partition is a partition where non-system files (files other than DOS or operating system files) can be stored on a disk. You can also create logical drives on the extended partition.

Data Recovery

Acronis True Image Home 2010

DATARECOVERYUNION.COM15 years ago4 years ago03 mins

A perfect computer backup and hard disk recovery program that allows you to create hard disk drive images and file backups. Acronis® True Image Home 2010 helps you back up computer data and clone hard disk drives (HDD).

Acronis has stepped up its interface not only with an improved, Vista-like look, but with more-logical placement of options, a much better workflow, and much clearer language. Even the help file is friendlier. Combine the program’s nascent sociability with new features–such as One-Click backup, nonstop backup, and online backup–that are actually of use to the average customer, and 2010 is easily the best update to the program in years.

One-click backup is designed to allow less-experienced users to back up as quickly as possible. After you double-click the One-Click icon (the installation places it on your desktop), the program searches for the best location for an initial full backup and performs it. Its location choices were intelligent. With a nonpartitioned drive attached to the system, True Image created a Recovery Zone partition (Acronis’s hidden partition for disaster recovery without a boot disc). When I prepartitioned the same drive as E:, the program saved the image to E:\MyBackup. When no hard drive had enough room attached, the program detected that and started a backup using my DVD burner.

Acronis® True Image Version Comparison:

Features and technologies	2010	2009	11 Home	10 Home
Acronis Online Backup (New)	Yes	–	–	–
Acronis Nonstop Backup (New)	Yes	–	–	–
Supports Windows 7 (New)	Yes	–	–	–
Archive Encryption	Yes	Yes	–	–
Zip Format	Yes	Yes	–	–
Backup by File Type	Yes	Yes	–	–
Contents Search	Yes	Yes	–	–
Dual Destination Backup	Yes	Yes	–	–
File Shredder	Yes	Yes	Yes	–
Try&Decide	Yes	Yes	Yes	–
Drive Cleanser	Yes	Yes	Yes	–
Backup/Restore	Yes	Yes	Yes	Yes
Disk Imaging	Yes	Yes	Yes	Yes
Email Backup/Restore	Yes	Yes	Yes	Yes
Acronis Secure Zone	Yes	Yes	Yes	Yes
Store to Network Share/FTP	Yes	Yes	Yes	Yes

Data Recovery

Data Recovery Glossary (Letter D)

DATARECOVERYUNION.COM15 years ago12 years ago06 mins

Database
A collection of data stored on a computer system medium, such as a hard drive, CD-ROM, etc., that can be used for more than one purpose.

Data Recovery
Data recovery is the procedure used to recover data from a variety of media and operating systems that has been lost by either hardware failure, human error, software bugs, a virus or a natural disaster.

Data Synchronizer
An electronic circuit that uses a clock signal to synchronize data to facilitate interpretation.

Data Transfer Rate
The rate that digital data transfers from one point to another, expressed in bits per second or bytes per second. Data Transfer Rate to Disk: The internal disk transfer rate in Mbits per second.Data Transfer Rate from the Buffer to the Host: Based on the transfer of buffered data in MB per second.

Dedicated Landing Zone
The designated radial zone of the disk, usually at the inner portion of the disk, where the heads are stored to avoid contact with the data cylinders when power to the drive is off.

Defect Free
A term used to describe recording surfaces that have no detectable defects.

Defect Management
A general methodology of eliminating data errors on a recording surface by mapping out known defects on the media. The defective areas are rendered inaccessible, so that when information is written to the disk, it is stored to non-defective locations on the disk.

Differential SCSI
An electrical signal configuration which uses pairs of lines for data transfer. Used primarily in applications requiring long cable lengths of up to 82 feet (25 meters).

Direct Memory Access (DMA)
A process for transferring data directly to and from main memory, without passing through the CPU. DMA improves speed and efficiency by allowing the system to continue CPU processing even while it is transferring data to/from the hard drive.

Directory
A list of file names and locations of files on a disk.

Disk
A rigid platter, usually constructed of aluminum or mylar, with a magnetic surface that allows the recording of data, that is stored inside the drive.

Disk
A portion of a computer’s RAM set aside for temporarily holding information that has been read from a disk. The disk cache does not hold entire files as does a RAM disk, but information that has either been recently requested from a disk or has previously been written to a disk.

Disk Controller
The chip or circuit that controls the transfer of data between the disk and buffer. (See also disk drive controller and interface controller).

Disk Drive
The motor that actually rotates the disk, plus the read/write heads and mechanisms.

Disk Drive Controller
The hard disk drive controller electronics which include the disk controller and the interface controller. (See also disk controller and interface controller.)

Disk Operating System (DOS)
The computer program that controls the organization of data, files and processes on the computer.

Disk Transfer Rate
Speed at which data transfers to and from the disk media (actual disk platter); a function of the recording frequency. Typical units are bits per second (BPS), or bytes per second. Hard drives have an increasing range of disk transfer rates from the inner diameter to the outer diameter of the disk.

Distribution Channel
Electronics distributors and certain retail chains that deliver electronic goods to end users through value-added resellers and some retail stores.