College of Arts and Sciences - Department of Computer Science and Statistics - Digital Forensics

• Digital Forensics
  Home
• Degree and
  Certificate Programs
  • Undergrad Minor
  • Professional Certificate
  • Graduate Certificate
  • Masters and PhD Programs
• Course
  Descriptions
  • HPR 108B
  • COMI 8035
  • CSC 414
  • CSC 491
  • CSC 485
  • CSC 486
  • CSC 499
  • CSC 585
  • CSC 586
  • CSC 590
  • CSC 592
  • CSC 599/699
• Faculty and Staff
• Research
• Internships
• FAQ

Research - Network Boot Disk

The Problem
Acquiring data in a network environment is currently very difficult, if near impossible, for investigators to do with today's existing tools. Current tools do not help investigators solve any of the following problems:

• Currently available forensic boot disks don't have the most up to date drivers to support the newest hardware.
• In many cases the hard drives that an investigator is trying to access are stored inside hardware that is difficult to access or even inaccessible all together.
• Current procedures, such as imaging with hardware write-blockers, create difficult issues when dealing with RAID. Currently, investigators must remove each individual disk from the array, block and image each individual disk, and then perform complex RAID reconstruction using the individual images.
• Currently hardware write-blockers do not offer support for SAS (Serial Attached SCSI) drives that are common in servers.
• Data storage is now wide-spread and investigators can face the challenge of having to seize data from geographically spread servers/storage.

Solution
The Network Boot Disk Research Group has developed a Forensically Sound Windows Boot Disk. This boot disk, known as SAFE, solves many of the above mentioned problems that investigators face.

• A Windows boot disk contains drivers for new hardware, and also gives investigators the ability to dynamically inject drivers on site.
• By using a boot disk to boot servers and storage controllers, an investigator no longer has to worry about having physical access to a device in order to image it.
• The Windows boot disk contains advance software write blocking technology that will block hardware RAID. This allows investigators to image the entire RAID volume at once.
• The advanced software write blocking technology also has the capability of blocking SAS drives.
• The Windows boot disk has the ability to export remote drives after the boot process.

Related Presentation
Network Boot Disk Research Presentation

Apply Now

Apply Now to the University of Rhode Island.

Apply Now to the Digital Forensics Undergraduate Minor.

Apply Now to our Digital Forensics Professional Certificate Program.

Apply Now to our Digital Forensics Graduate Certificate Program.

Coming Soon

Starting in Spring 2010 URI will be offering a full course in EnCase Forensics Software. This course will be eligible to any student who is currently enrolled in one of the degree or certificate programs and has successfully completed CSC485 or CSC585. Enroll now to be one of the first students eligible. Students who complete the course will be eligible to take their EnCe certification test.