FOR111 - Data Storage and Recovery Methods

This seminar covers how data is physically stored in a computer system, and provides detailed information on RAM, ROM, Flash, CD, DVD, Hybrid Hard Disks, and Blu-Ray.  Learn about the recovery potential from a variety of storage devices.

Level: Basic
Audience:

Cyber forensics investigators

Topics:
  • Data storage architectures

    • Standalone system storage architecture
    • Data center storage architectures
  • Understanding block storage devices

    • Blocks
    • Addressing
    • Reserved blocks
    • Interfaces
    • RAID
  • Understanding magnetic storage

    • Architecture
    • Disk vs. tape
    • Hard disk vs. floppy disk
    • Reading and writing
  • Understanding flash memory

    • NAND and NOR
    • Architecture
    • Pages and blocks
    • Reading, writing, and erasing
    • TRIM command
    • Wear leveling
  • Partitions and volumes

    • Partition features
    • Partition implementation
    • Disk images
    • Windows volumes
    • Examining partitions and volumes
    • Finding evidence of volumes
  • Encrypted storage

    • Host software encryption
    • Hardware encryption
  • Non-traditional storage locations

    • Motherboard
    • PCIe and mSATA devices
  • Media-specific details and recovery potential

    • Magnetic disks
    • Solid state disks
    • Hybrid and "hinted" hard disks
    • RAM
    • ROM
    • CD
    • DVD
    • Blu-Ray
    • Compact flash (CF) card
    • Secure Digital (SD) card
    • Multi-Media Card (MMC)
    • Smart card

 

Operating systems supported:

All Windows versions

Durations and formats: 2 days with labs