Manipulation of hard drive firmware to conceal entire partitions

Huw Read, Konstantinos Xynos, Iain Sutherland, Gareth Davies, Tom Houiellebecq, Frode Roarson, Andrew Blyth

    Research output: Contribution to journalArticlepeer-review

    Abstract

    Tools created by the computer hacking community to circumvent security protection on hard drives can have unintentional consequences for digital forensics. Tools originally developed to circumvent Microsoft's Xbox 360 hard drive protection can be used, independently of the Xbox 360 system, to change the reported size/model of a hard drive enabling criminals to hide data from digital forensic software and hardware. The availability of such concealment methods raises the risk of evidence being overlooked, particularly as triage and on-scene inspections of digital media become more common. This paper presents two case studies demonstrating the process using Western Digital and Fujitsu branded drives. It outlines the difficulties faced by standard computer forensic analysis techniques in revealing the true nature of the drive and finally provides suggestions for extra checks to reveal this type of concealment.
    Original languageEnglish
    Pages (from-to)281-286
    JournalDigital Investigation
    Volume10
    Issue number4
    DOIs
    Publication statusPublished - 1 Dec 2013

    Fingerprint

    Dive into the research topics of 'Manipulation of hard drive firmware to conceal entire partitions'. Together they form a unique fingerprint.

    Cite this