[DFSci] Anounce: New project NBD SparseImager

Della Street dellastreet at live.nl
Tue Mar 30 14:15:45 PDT 2010 

Hi All,

 

The project below is 99% Proof of concept. Doing it in my spare time so do not expect too much activity.

Looking for people to read the ideas and comment on it.

 

Nothing to realy release yet.

 

What works:

* Windows app, offering NBD read-only access to first physical disk on windows

* Auto discovery daemon that adds discovered Windows boxes to the database

* Auto 'mounter' daemon that sets up a NBD-proxy and sets up the local /dev/nbd0 device to connect to it.

 

Thats about it.

 

Proof of concepts that have been tried and work:

Setting up the NBD-proxy for copy-on-write and booting a remote (running) XP image in a local qemu.

Mounting the /dev/nbd0p1 partition using ntfs-3g (fuse).

Reading the /deb/nbd0p1 partition with sleuthkit

.... and more

 

Awaiting your comments,

 

Della Street

 

 

NBD-SparseImager
================

What is it
^^^^^^^^^^

NBD-SparseImager is a solution for imaging medium quantities of hard-disks for forensic analysis.

The solution is intended to solve the folowing problems:

    * Disks get bigger all the time
    * Full imaging of several 1T disks becomes inpractical in terms of storage
    * Full imaging of several 1T disks becomes inpractical in terms of time
    * Depending on the type of investigation not all data is as relevant (e.g. content of dll’s and executables in ge
    neral are not that relevant)


How it works
^^^^^^^^^^^^

Use a system under investigation side NBD block server in combination
with a serverside NBD-client to do server side investigation of the
disk. All interpretation of the disk is performed server side.

****************************              ****************************
*  Client PC:              *              * Server:                  *
*                          *      TCP     * web-gui                  *
*                          * <----------> * forensic tools           *
*  nbd-forensic-imager.exe *              * nbd-proxy                *
*                          *              * nbd-client               *
****************************              ****************************


 

http://github.com/dellastreet/NBD-SparseImager
 		 	   		  
_________________________________________________________________
25GB gratis online harde schijf
http://skydrive.live.com

More information about the DFSci mailing list