Cru Ditto Forensic FieldStation Manuale Utente Scaricare il pdf (Pagina 12)

Protecting Your Digital Assets

Ditto Forensic FieldStation User Manual

stamp format: “S_yyyymmddhhmmss”. Alternatively, you can click on the Logs button from the top

menu bar.

Scroll to “eSATA Extended Disk Info” to see recorded data, including S.M.A.R.T. and hdparm information.

4.1.8 NetView Scan

NetView is a network tool that can be used to discover machines on a network

and even probe them for specic services that they may be running. This capability

can help an investigator locate physically hidden computers or quickly determine

whether a machine is acting as a data storage device that the Ditto Forensic FieldSta-

tion can image.

See Section 11.1 for more information about the NetView Scan feature.

4.2 INVESTIGATION INFO

The Investigation Info panel groups related information that may also be used in creating

custom directories and le names (see Section 5.8). The “Hide” button allows you to

minimize the panel.

Click the Edit button to enter information about the Investigator, Case Number, Evi-

dence Number, Description, Notes, and a Base Filename prex for an E01 or DD image.

Each eld is ltered to block non-printable ASCII characters. Any characters at the le

system level that may not be safe for a directory name or le name will be ltered out

and replaced with an underscore. Only printable ASCII characters are currently allowed

for directory and lenames. Multiple underscores will also be reduced to a single under-

score per naming item.

The Ditto Forensic FieldStation will generate an error message if you enter a non-printable ASCII character or

if your message exceeds the 58 character limit. Additionally, when the nal directory or lename that uses

any of these elds is created, another level of ltering is applied.

Using apostrophes (‘) in the name elds will cause an error when the le or folder name is created. They

should not be used in the Investigation Info elds.

4.3 SYSTEM SETTINGS

Displays the current conguration settings of the Ditto Forensic FieldStation. These set-

tings are loaded as the default settings for the actions you perform in the “Action” panel.

The “Hide” button allows you to minimize the panel. Click the Edit button to customize

these settings. See Section 5.1 for details on each option.

4.4 CURRENT STATUS

Reports either as “Idle” or displays info about the action that the Ditto Forensic FieldSta-

tion is currently performing.

4.5 DISKS

Displays information about the attatched disks that are currently connected to the Ditto

Forensic FieldStation.The “Hide” button allows you to minimize the panel. To see the

Figure 10. The “Action” section on the “Home”

screen, showing the options available for the “Netview

Scan” action.

Figure 11. The “Investigation Info” section.

Figure 12. The “System Settings” section.

Figure 13. The “Current Status” section, displaying a

the status of a Physical Image action.

STOP!

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 37 38

Commenti su questo manuale

Nessun commento

Cru Ditto Forensic FieldStation Manuale Utente Pagina 12

Commenti su questo manuale

Prodotti e manuali riguardandi Accessori per computer Cru Ditto Forensic FieldStation