opentext TD4 Forensic Duplicator
Ƙayyadaddun bayanai
- Samfura: BuɗeText Tableau Mai Duplicator na TD4
- Samfura: Saukewa: ISTD230400-UGD-EN-1
- Mai ƙira: Bude Text Corporation
- Adireshi: 275 Frank Tompa Drive, Waterloo, Ontario, Kanada, N2L 0A1
- Tuntuɓar: Tel: +1-519-888-7111, Kanada/Amurka Kyauta: 1-800-499-6544, Ƙasashen waje: +800-4996-5440, Fax: +1-519-888-0677
Bayanin samfur
The OpenText Tableau Forensic TD4 Duplicator mai ƙarfi ne kuma mai fa'ida mai kwafi wanda aka ƙera don ƙwararrun masana ilimin zamani. Yana ba da damar yin hoto mai girma a cikin ƙaramin fakiti mai ɗaukuwa. Fuskar mai amfani da allon taɓawa yana ba da masaniyar gogewa mai kama da kwamfutoci da wayoyin hannu na zamani.
Siffofin:
- Custom-gina don forensics
- Daidaitaccen fasali na hoto na ci gaba
- Zane mai ɗaukuwa da ƙaƙƙarfan ƙira
- Fuskar allo mai sauƙin amfani
Umarnin Amfani
Babi na 1: Gabatarwa
Wannan babin yana ba da bayanan fasaha da hanyoyin don
ta amfani da OpenText Tableau Forensic TD4 Duplicator.
Ƙarfin Tuƙi da Yarjejeniyar Auna Ma'aunin Canja wurin:
Samfuran Tableau suna ba da rahoton iya aiki da ƙimar canja wuri
bisa ga ma'aunin ma'auni na masana'antu na al'ada goma. Domin
example, rumbun kwamfutarka 4 GB tana adana har zuwa 4,000,000,000 bytes.
Babi na 2: Ƙarsheview
Tableau TD4 mai ƙarfi ne mai kwafi tare da a
mai amfani-friendly touch allon dubawa. Yana bayar da babban aiki
damar yin hoto a cikin kunshin šaukuwa.
Siffofin:
- ilhama mai amfani
- Daidaitaccen ƙarfin hoto da ci-gaba
- Karamin ƙira don ɗaukar nauyi
FAQs
- Tambaya: Za a iya amfani da Tableau TD4 Duplicator don yin hoto da yawa a lokaci guda?
- A: Ee, Tableau TD4 Duplicator yana goyan bayan ɗaukar hoto da yawa a lokaci guda don ingantacciyar ayyukan bincike.
- Q: Shin akwai garanti ga Tableau TD4 Duplicator?
- A: Open Text Corporation baya bayar da garanti don daidaiton fasalulluka da aka gabatar a cikin ɗaba'ar. Da fatan za a koma zuwa sashin disclaimer a cikin jagorar mai amfani don ƙarin bayani.
"'
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Jagorar Mai Amfani
Wannan jagorar yana gabatar da kewayon bayanan fasaha da hanyoyin amfani da OpenText Tableau Forensic TD4 Duplicator.
Saukewa: ISTD230400-UGD-EN-1
BuɗeTextTM TableauTM Jagorar Mai Amfani Mai Duplicator TD4 na Forensic ISTD230400-UGD-EN-1 Rev.: 2023-Oktoba-19
An ƙirƙiri wannan takaddun don OpenTextTM TableauTM Forensic TD4 Duplicator 23.4. Hakanan yana aiki don fitowar software na gaba sai dai idan OpenText ya samar da sabbin takardu tare da samfurin, akan OpenText. website, ko ta kowace hanya.
Bude Text Corporation
275 Frank Tompa Drive, Waterloo, Ontario, Kanada, N2L 0A1
Tel: +1-519-888-7111 Kudin Kuɗi Kyauta Kanada/Amurka: 1-800-499-6544 Ƙasashen waje: +800-4996-5440 Fax: +1-519-888-0677 Taimako: https://support.opentext.com Don ƙarin bayani, ziyarci https://www.opentext.com
Haƙƙin mallaka © 2023 Buɗe Rubutu.
Ɗaya ko fiye da haƙƙin mallaka na iya rufe wannan samfur(s). Don ƙarin bayani, da fatan za a ziyarci https://www.opentext.com/patents.
Disclaimer
Babu Garanti da Iyakancin Alhaki
An yi ƙoƙari don tabbatar da daidaiton fasali da dabarun da aka gabatar a cikin wannan ɗaba'ar. Koyaya, Buɗaɗɗen Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rukunin Rubutu da masu haɗin gwiwarsa ba su yarda da wani nauyi ba kuma ba su bayar da garanti ko bayyanawa ko bayyanawa, don daidaiton wannan ɗaba'ar.
Babi na 1
Gabatarwa
Wannan jagorar yana gabatar da kewayon bayanan fasaha da hanyoyin amfani da OpenText Tableau Forensic TD4 Duplicator, samfur na OpenText. An raba shi zuwa surori kamar haka:
· Samaview: Yana ba da cikakken bayani game da TD4 da kuma kwancewa, farawa, da kewaya menus na TD4 da karanta LEDs.
· Yana daidaita TD4: Yana ba da tsarin ƙarewaview bayanai game da TD4 da kuma hanyoyin daidaitawa da haɗa shi.
· Amfani da TD4: Yana ba da cikakkun bayanai da hanyoyin aiki don TD4.
· Adafta: Yana bayyana adaftan da ke tsawaita zaɓuɓɓukan sayan tuƙi da ƙarfin tuƙi na TD4.
Ƙayyadaddun ƙayyadaddun bayanai da gyara matsala: Yana ba da ƙayyadaddun TD4 da taƙaitaccen jerin yuwuwar matsaloli da mafita. Don ƙarin cikakkun bayanai na matsala na yanzu da kuma amsoshin tambayoyin da ake yawan yi (FAQ), ziyarci OpenText My Support (https://support.opentext.com).
1.1 Ƙarfin tuƙi da ƙa'idodin ma'aunin canja wuri
Masana'antar kwamfuta gabaɗaya tana bin ƙa'idodi daban-daban guda biyu don ma'anar kalmomin megabyte (MB) da gigabyte (GB). Domin RAM na kwamfuta, an bayyana 1 MB a matsayin 220 = 1,048,576 bytes kuma an bayyana 1 GB a matsayin 230 = 1,073,741,824 bytes. Don ajiyar tuƙi, 1 MB an bayyana shi azaman 106 = 1,000,000 bytes kuma an bayyana 1 GB a matsayin 109 = 1,000,000,000 bytes. Wadannan yarjejeniyoyin biyu an san su da ikon biyu da iko na goma bi da bi. Microsoft ya karkata daga yarjejeniyar auna ƙarfin rumbun kwamfutarka kuma yana amfani da ikon haɗin gwiwa biyu don tsarin aiki.
Samfuran Tableau suna ba da rahoton iyawa da ƙimar canja wuri bisa ga daidaitattun ikon masana'antu na babban taro goma. A cikin TD4 fuska, rahotanni, da takaddun bayanai, rumbun kwamfutarka 4 GB yana adana har zuwa 4,000,000,000 bytes; Hard Drive mai saurin canja wuri 150 MB/sec yana canja wurin 150,000,000 bytes a sakan daya.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
5
Babi na 2
Ƙarsheview
Tableau TD4 mai ƙarfi ne kuma mai fa'ida mai kwafi wanda ke ba da damar hoto mai ƙima, babban aiki a cikin ƙaramin fakiti mai ɗaukuwa. Mai amfani da allon taɓawa yana da sauƙin amfani kuma yana ba da ƙwarewar mai amfani da aka saba kama da allunan zamani da wayoyin hannu. TD4 an gina shi ne na al'ada don bincike-bincike kuma yana ba da daidaitattun ƙididdiga da abubuwan ci gaba waɗanda ke ba da buƙatu na musamman na ƙwararrun ƙwararrun ƙwararru na dijital, gami da:
· Samun PCIe, USB, SATA, SAS, FireWire, da IDE.
Lura: PCIe, IDE, da adaftar FireWire (ana sayar da su daban) ana buƙatar hoton waɗannan nau'ikan tuƙi.
Fitarwa zuwa PCIe, USB, da SATA.
· Ikon yin niyya file-shaida mai tushe tare da aikin hoto mai ma'ana da daidaitattun masana'antu file abubuwan fitarwa (lx01 da metadata csv files).
· Ƙarfin yin kwafin tuƙi mai tushe zuwa tuƙi masu zuwa guda biyar.
Ƙarfin hana lalacewa ga faifan diski ta hanyar juyar da su lokacin da aka fitar da su daga TD4 kafin cirewar jiki.
Ƙarfin ikon saukar da TD4 bayan aikin aiki na ƙarshe ya cika.
Ikon tsayawa da ci gaba da ayyukan Kwafi, gami da yanayin asarar wutar lantarki mai ban mamaki.
Ikon kulle takamaiman ayyuka da saituna tare da PIN mai gudanarwa don aiwatar da daidaitattun saituna da matakai don ayyukan sayan ku.
Mafi girman ƙimar canja wurin bayanai, ko da yayin yin lissafin ƙimar MD5, SHA-1, da SHA-256 hash.
· Ikon view cikakkun bayanai na tuƙi, gami da bangare da filebayanin tsarin.
· Turin bincike filetsarin.
· Mai girma filegoyon bayan tsarin - APFS, ExFAT, NTFS, EXT4, FAT (12/16/32), da HFS +.
Duk faifai, daidaitaccen buɗaɗɗe, ɓoyayyen tuƙi ta hanyar amfani da XTS-AES.
Ikon ganowa da sanar da kasancewar an kunna ɓoyayyen Opal, BitLocker, da ɓoyayyen APFS.
· Ƙarfin hawan kafofin watsa labaru na dijital a cikin na'urorin Apple masu goyan bayan Yanayin Disk na Target.
Cikakken wuri da damar gogewa na kayan haɗi, gami da gogewar NIST 800-88.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
7
Babi na 2 Samaview
Taimakon HPA, DCO, da AMA don ganowa da sarrafa wuraren ɓoye/kare bayanai akan tuƙi mai tushe. Wannan ya haɗa da nakasar HPA/DCO/AMA kaɗai, DCO/AMA “shelling,” da datsa tallafi don ƙirƙirar DCO ko AMA manufa.
· Keɓantaccen mahallin mai amfani da goyan bayan madannai na kama-da-wane don yaruka masu zuwa: Jamusanci, Ingilishi, Sifen (International), Faransanci, Koriya, Fotigal (Brazil), Baturke, da Sinanci (Sauƙaƙe)
Cikakken rajistan ayyukan bincike a cikin tsarin HTML don takaddun shari'a. · Ƙarfin tace lissafin rajistan ayyukan don kawai nuna rajistan ayyukan sha'awa bisa ga
takamaiman yanayin da/ko bayanan tuƙi. Hakanan za'a iya fitar da rajistan ayyukan da aka tace zuwa waje ko share su. · Goyan bayan sabunta firmware kyauta koyaushe. · Maɓuɓɓuka masu alama da launi (rubuta an katange) da tashar jiragen ruwa (karanta/ rubuta).
8
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
Madogaran hagu (rubuta an katange) gefen TD4.
2.1. Abubuwan da ke ciki na TD4
Wurin da ya dace (karanta/rubutu) gefen TD4.
2.1 TD4 kayan ciki
Jirgin TD4 a cikin akwati mai akwati tare da kumfa na al'ada wanda ya haɗa da abubuwa masu zuwa:
Abu
Samfurin # TD4
Bayani
BuɗeText Tableau Mai Duplicator na TD4
Saukewa: ISTD230400-UGD-EN-1
Saukewa: TP6
Yana ba da iko zuwa TD4. Amfani
na duniya 3-prong style AC
igiyar layi kuma ya dace
tare da layin AC 100-240V
voltage duniya.
Saukewa: TC4-8-R4
TC-PCIE-8 TCA-USB3-AC TPKG-VCT-5
Haɗin siginar SATA/SAS da ƙarfi zuwa 8in. SATA/SAS siginar da 8in. wutar lantarki (qty 3)
8 inci. PCIe adaftar USB. Dole ne a yi amfani da adaftar Tableau PCIe (qty 1)
Nau'in USB na mace zuwa Nau'in C na USB Adaftar Nami (qty 2)
5-yanki Velcro na USB tie kit
Jagorar Mai Amfani
9
Babi na 2 Samaview Abu
Samfurin # TPKG-CLOTH
Description Microfiber allon tsaftacewa zane
Jagorar Magana Mai Sauri
Kar a jefar da fakitin kumfa na TD4, saboda an ƙera shi don dacewa da nau'ikan nau'ikan nau'ikan masana'antu da yawa (ga misali.ample, da Pelican 1500). Idan kun karɓi kayan TD4 a cikin kwali da OpenText ya kawo, zaku iya sake amfani da abubuwan da aka saka kumfa a cikin naku mai gefe.
2.2 Kewayawa TD4
Yi amfani da nunin allo na TD4 don kewaya ayyukan TD4 da ke akwai. Yi amfani da madannai na kama-da-wane na kan allo ko madannai na USB don shigar da rubutun haruffa lokacin da aka sa. Duba "Maɓallin USB da tallafin linzamin kwamfuta" a shafi na 17.
2.2.1 Fuskar allo
Allon gida na TD4 yana nuna fale-falen fale-falen fale-falen fale-falen fale-falen buraka masu zuwa:
Kwafi · Hoto mai ma'ana · Hash · Tabbatarwa · Dawowa
Hakanan ya haɗa da tiles don shigarwa/viewbayani mai mahimmanci, kamar haka:
Bayanin Harka · Tarihin Aiki
10
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
2.2. Kewaya TD4
Ana iya buɗe kowane tayal ɗin aiki don nuna ƙarin bayani, shigar da bayanai, kuma, idan an zartar, fara aikin haɗin gwiwa. Dangane da yanayi daban-daban, aikin zai fara nan da nan bayan buga maɓallin Fara ko kuma za a nuna allon saitunan ci gaba don ba da damar daidaita takamaiman saitunan kafin fara aikin. Ana iya samun ƙarin cikakkun bayanai na kowane aikin allo na gida daga baya a cikin wannan jagorar mai amfani.
A saman mashigin kewayawa akwai maɓallan don shiga cikin sauri Menu Kewayawa tsarin da allon gida da zuwa view lokacin yanzu. Taɓa sunan ƙirar TD4 a saman mashaya kewayawa yana ɗaukar ku zuwa allon gida.
Lura: A yanayin yanayin sanyi mara kyau, za a nuna alamar faɗakarwar yanayin zafi a saman mashaya kewayawa zuwa dama na gunkin Menu Kewayawa na System. Ba za a taɓa ganin irin wannan gargaɗin a ƙarƙashin yanayin aiki na yau da kullun ba. Da fatan za a koma zuwa "Al'amurran da suka shafi zafi" a shafi na 94 don ƙarin bayani.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
11
Babi na 2 Samaview
2.2.2 Cikakken bayani
A gefen hagu da dama na allon gida zaku sami fale-falen fale-falen tuƙi waɗanda suka daidaita tare da tashoshin haɗin haɗin gwiwa na zahiri. Waɗannan fale-falen fale-falen ba za su yi aiki ba (mai launin toka) ga kowane tashar jiragen ruwa waɗanda ba su da abin hawa. Lokacin da aka makala tuƙi zuwa tashar da aka bayar, wannan tile ɗin zai yi aiki kuma ana iya taɓa shi don samun cikakken bayani game da wannan tuƙi da aiwatar da takamaiman ayyukan tuƙi.
Lura: Tile ɗin tuƙi don tashar haɗin haɗin kebul na baya zai bayyana ne kawai lokacin da aka haɗa abin hawa zuwa wannan tashar. Zai bayyana ƙarƙashin gunkin Menu Kewayawa na tsarin a kusurwar sama-hagu na allon gida.
Dubi "Amfani da TD4" a shafi na 33 don ƙarin bayani kan bayanan tuƙi.
2.2.3 Menu na kewayawa tsarin
Taɓa gunkin Menu Kewayawa Tsari a kusurwar hagu na sama na mashaya kewayawa yana nuna Menu na Kewayawa Tsarin TD4, kamar yadda aka nuna a ƙasa. Don ƙarin bayani kan abubuwan da ke cikin wannan menu, duba “Haɓaka TD4” a shafi na 19.
12
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
2.2. Kewaya TD4
2.2.4 Matsayin Aiki
Bayan aiki ya fara, allon matsayin aikinsa yana nunawa ta atomatik. Wannan allon matsayi yana nuna cikakkun bayanai game da aikin da aka bayar, gami da rubutun kai da ke nuna nau'in aikin, matsayinsa, lokacin farawa da ƙarshen sa, jimlar adadin bayanai, saura lokacin, da kashi cikakke. Ƙananan yanki na allon matsayin aikin yana nuna ƙarin cikakkun bayanai na aiki, gami da ƙimar zanta (idan akwai) ci gaban ƙaramin mataki (na misali.ample, Kwafi daban da Tabbatarwa a cikin aikin kwafi/tabbatacce), taƙaitaccen saiti, da abubuwan tafiyar da aikin. Taɓa tayal ɗin tuƙi yana buɗe allon bayanan tuƙi wanda ke ba da sauri view na duk bayanan da ke akwai don drive. Madaidaicin yanki na allon matsayin aikin ya haɗa da maɓalli don fitar da log ɗin bincike da soke aikin. ExampAna nuna allon halin aikin Kwafi mai aiki a ƙasa.
Lura: Idan an rufe cikakken allon matsayin aikin, taƙaitaccen taƙaitaccen matsayi na aikin yana nan har yanzu a cikin faɗuwar fale-falen aikin akan allon gida. Taɓa ƙaramin ɓangaren wannan tayal ɗin aikin zai sake buɗe cikakken allon yanayin aikin. Hakanan, lokacin da aiki ke gudana ana nuna madauwari mai madauwari a saman mashaya kewayawa zuwa dama na sunan ƙirar TD4. Taɓa maɓalli zai sake buɗe cikakken bayanin matsayin aikin.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
13
Babi na 2 Samaview
Da zarar aikin ya kammala, ana nuna allon matsayin aikin kuma yana nuna matsayin ƙarshe na wannan aikin. ExampAna nuna allon yanayin aikin Kwafi da aka kammala a ƙasa.
2.2.5 Tarihin Aiki
Alamun matsayin aikin tarihi na iya zama viewed daga lissafin Tarihin Ayyuka. Don samun damar lissafin Tarihin Ayuba, faɗaɗa tayal ɗin aikin Tarihin Ayuba akan allon gida. Takaitacciyar jimlar ayyuka da shari'o'i (dangane da saitin ID na Harka) za a nuna a cikin faɗuwar fale-falen aikin. Matsa ƙananan ɓangaren faɗuwar fale-falen tarihin Ayuba don buɗe lissafin Tarihin Ayuba. Ayyukan da ke cikin wannan jeri sun ci gaba da tafiya a cikin kewayon wutar lantarki. Duk wani aiki mai aiki zai nuna a cikin jeri tare da sandar ci gaba mai shuɗi mai aiki. Ayyukan da aka kammala cikin nasara za su nuna tare da cikakken koren ci gaba. Ayyukan da aka soke zasu nuna alamar ci gaba mai launin rawaya. Kuma guraben ayyukan da suka gaza za su nuna wani ɓangaren cikon jajayen ci gaba. Taɓa takamaiman tayal ɗin aiki daga lissafin zai buɗe cikakken allon matsayin aikin don wannan aikin. ExampAna nuna jerin tarihin Ayuba a ƙasa.
14
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
2.2. Kewaya TD4
Kamar yadda ake iya gani a saman allon Tarihin Ayuba da ke sama, ana nuna yanayin halin yanzu (kamar yadda aka gano ta tsarin tsarin ID na shari'a) tare da ƙididdige adadin lokuta daban-daban da aka haɗa a cikin jerin tarihin Ayuba.
A wasu yanayi, yana iya zama dacewa view kuma sarrafa (fitarwa ko share) rukunin ayyuka kawai daga jerin. Don tace jerin ayyuka, matsa akan alamar tace kusa da saman-dama na allon Tarihin Ayuba. Ana iya ƙara ma'aunin tacewa don nuna ayyukan da ake so kawai. Ana iya tace jerin ayyukan bisa ga ma'auni masu zuwa:
· Sunan jarrabawa
· ID na shari'a
· Bayanan kula
· Dillalin tuƙi
· Motocin tuƙi
· Turi serial number
Kawai danna filin tacewa da ake so kuma shigar da ƙimar tacewa. Ƙididdigar ayyuka nawa ne suka dace da ma'aunin tacewa za a nuna kusa da saman allon kusa da gunkin tacewa. Lura cewa lokacin da aka yi amfani da ma'auni da yawa, duk dole ne su dace da aiki
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
15
Babi na 2 Samaview
don nunawa a cikin jerin abubuwan da aka tace. Za a iya faɗaɗa sashin ma'aunin tacewa da rugujewa ta danna gunkin tacewa.
Lura: Akwai hanya mai sauƙi don tace lissafin Tarihin Ayuba don nuna kawai ayyukan da ke da alaƙa da takamaiman tuƙi. Don yin haka, matsa kan tayal ɗin tuƙi da ake so daga allon gida. Gungura zuwa sashin taƙaitaccen ayyuka a ƙasan allon bayanan bayanan, sannan danna kan View maballin. Za a nuna jerin ayyukan da ke da alaƙa da wannan tuƙi.
Don fitar da rajistan ayyukan da ke da alaƙa da ayyuka a cikin jerin Ayyukan Aiki, taɓa maɓallin fitarwa a ƙasan hagu na allon Tarihin Ayuba. Zaɓi abin da ake so filetsarin sannan ka matsa maɓallin Export a kusurwar dama-dama na taga mai bincike.
Don share ayyukan (da rajistan ayyukansu masu alaƙa) waɗanda aka nuna a cikin jerin Ayyukan Aiki, matsa maɓallin Share a ƙasa-dama na allon Tarihin Ayuba kuma bi saƙon.
Lura: Don duka fitarwa da share ayyukan yi/masu rajista, duk ayyukan da aka nuna a cikin Tarihin Ayyukan su ne za a yi aiki da su. Idan babu masu tacewa a wurin, to duk ayyukan / rajistan ayyukan za a fitar dasu ko share su. Idan ana amfani da tacewa don nuna juzu'in jerin ayyukan gabaɗaya, to waɗannan ayyukan da aka tace kawai za a fitar dasu ko share su.
Ana iya adana ayyuka har 100 akan TD4. Lokacin da aka buga wannan iyaka, farkon kowane ayyuka na gaba zai buƙaci yarda cewa za a share aikin mafi tsufa ta atomatik. Don guje wa wannan matakin fara aiki mara inganci, ana ba da shawarar cewa a fitar da rajistan ayyukan aiki a kuma share ayyukan a ƙarshen kowane harka.
2.3 Karatun matsayi LEDs
Mai nuna Kunnawa/Kashe LED: Maɓallin wutar lantarki yana cikin kusurwar sama-hagu na TD4, kuma yana nuna farin LED lokacin da naúrar ke kunne.
DC A cikin LED: Kebul ɗin samar da wutar lantarki na TP6 yana da zoben LED mai shuɗi kusa da ƙarshen mahaɗin ganga wanda ke nuna wutar lantarki ta TD4 tana karɓar isassun ƙarfin shigar da DC.
Ayyukan LED: Ayyukan LED masu launi masu yawa suna cikin ƙananan kusurwar dama na TD4. Yana da fari lokacin da naúrar ke tashi sama, tana lumshe fari idan an gano matsalar wuta, a kashe lokacin da naúrar ke kunne amma ba ta aiki, blue lokacin da ake ci gaba da aiki, tana kiftawa kore idan an gama aiki cikin nasara, kuma yana lumshe ja idan an fara aiki. kasa.
16
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
2.4. Fassara ra'ayoyin sauti
2.4 Fassarar ra'ayoyin mai jiwuwa
TD4 yana kunna ɗayan sautuna biyu waɗanda ke nuna matsayi a ƙarshen aiki. Sauti mai daɗi mai daɗi tare da ƙara bayanin kula yana wasa don aiki mai nasara. Don aikin da bai yi nasara ba, sautin yana da raguwar bayanin kula. Kuna iya canza ƙarar sautunan ko kashe su akan allon Saituna.
2.5 Gargaɗin kan allo
Lokacin da ya dace, TD4 zai ba da faɗakarwar kan allo a cikin saitunan daban-daban da allon ayyuka. Gargadin rawaya yana kiran hankalin mai amfani zuwa ga haɗari mai yuwuwa amma baya hana ayyuka. Gargaɗi na ja yana nufin cewa ba za a iya ɗaukar saitin da aka zaɓa ba, aiki ya gaza, ko yuwuwar akwai yuwuwar shaidar da za a rasa, kamar lokacin da aka gano DCO ko AMA kuma ba a cire ba. Ana ƙarfafa masu amfani da su mai da hankali ga karanta kowane faɗakarwa da aka nuna lokacin da suka bayyana kuma a ci gaba daidai da haka.
2.6 USB keyboard da goyan bayan linzamin kwamfuta
Kuna iya toshe daidaitaccen ma'auni, harshen Ingilishi na USB da/ko linzamin kwamfuta zuwa kowane tashar USB na TD4. (Yayin da na'urorin haɗi a bayan TD4 an yi niyya don wannan dalili, kowane tashar USB zai yi aiki.) Kuna iya samun ya fi dacewa don amfani da maɓalli na waje da/ko linzamin kwamfuta don kewaya UI kuma shigar da bayanai maimakon amfani da allon taɓawa. da maɓalli na kama-da-wane. Hakanan ana tallafawa adaftar madannai/ linzamin kwamfuta mara waya, gami da haɗakar adaftan.
Bayanan kula
TD4 tana goyan bayan maɓallan madannai mara waya da beraye. Don amfani da madannai ko linzamin kwamfuta mara igiyar waya, kawai toshe adaftan USB mara igiyar waya zuwa tashar kayan haɗi na TD4 na baya, kuma yakamata ta haɗa kai tsaye tare da madannai kuma ta fara aiki. Akwai da yawa dillalai na maɓallan madannai mara waya da beraye, kuma wasu ƙila ba za su dace da TD4 ba. Idan kun fi son amfani da madannai ko linzamin kwamfuta mara waya kuma naku baya aiki tare da TD4, tuntuɓi Taimakon Abokin Ciniki na OpenText don shawarwarin madannai.
Idan kana amfani da adaftar maɓalli/ linzamin kwamfuta mai haɗe-haɗe tare da linzamin kwamfuta kawai, ƙila maɓallin kama-da-wane baya bayyana akan allon TD4 don yanayin shigar bayanai. TD4 zai ga adaftar mara waya a matsayin madannai wanda ke sa shi son ɓoye maɓalli mai kama-da-wane a yanayin shigar bayanai. Don ɗaukar wannan yanayin amfani, an ƙara saitin tsarin allon madannai na Virtual don ba da damar a nuna madanni mai kama-da-wane koyaushe yayin shigar da bayanai. Wannan saitin zai kashe ta tsohuwa, wanda ke nufin cewa maballin kama-da-wane ba zai bayyana ba idan an gano madannai na USB.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
17
Babi na 3
Ana saita TD4
Wannan babin yana bayyana matakan daidaita TD4 kafin amfani da shi akai-akai.
3.1 Jerin farawa
Lokacin kunnawa, TD4 yana nuna allon farawa yayin jerin taya. Zagayen taya na farko (bayan sake saitin masana'anta) zai nuna mayen saiti wanda ke fitar da saitunan tsarin maɓalli don sauƙaƙe saita TD4 don amfani. Yin hulɗa da allon saitin mayen saitin (ta hanyar rufe shi ko danna maballin Saitunan Cikakkun) zai hana shi fitowa a hawan keke na gaba. Da zarar an kunna allon saitin wizard, TD4 yana nuna allon gida sannan ya kunna da sauri kuma ya gano abubuwan da aka haɗa kuma yana hawa duk wani tallafi. filetsarin.
3.2 Yana saita TD4
Ana bayyana saitunan tsoho na TD4 ta amfani da ma'ana, mafi kyawun dabi'u. Akwai zaɓuɓɓuka da saituna da yawa da zaku iya tsarawa da keɓancewa ga takamaiman buƙatunku. Matsa gunkin Menu Kewayawa System a kusurwar hagu na sama na mahaɗin mai amfani don samun dama ga Menu na Kewayawa, wanda ya haɗa da abubuwa masu zuwa:
Gida: Komawa kan allo na gida. · Saituna: Shiga allon saitunan tsarin. · Gudanarwa: Shiga allon saitin gudanarwa. Tsarin Kulle: Kulle allon tare da PIN don hana shiga yayin da ba a kula ba. Game da: Shiga Game da allo zuwa view ƙarin bayani kamar naúrar
lambar serial, sigar firmware/hash, haƙƙin mallaka, da bayanin lasisi. Hakanan an fara sabunta firmware da sake saitin masana'anta daga wannan allon.
3.2.1 Saituna
Matsa Saituna don nuna allon Saituna.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
19
Babi na 3 Yana Haɗa TD4
Hoton da ke sama yana nuna allon Saitunan TD4. Kowane saitin da zaɓuɓɓukansa da tsoffin ƙima an bayyana su a ƙasa.
Hashes: Yana ba da damar zaɓin lissafin lissafin da ake so don Kwafin ku, Hoto mai ma'ana, da ayyukan Hash. Zaɓuɓɓukan sune MD5, SHA-1, SHA-256, da Sauƙaƙe. Zaɓin Saurin zai ba da damar zaɓar hashes a lokacin farawa aiki. Zaɓuɓɓukan zanta na asali sune MD5 da SHA-1.
· 'Kwafi' File Nau'in: Yana ba da damar zaɓin fitarwa file rubuta don Duplicate (hoton jiki) ayyuka. Zaɓuɓɓukan sune: Ex01, E01, DD, DMG da Prompt. Zaɓin Saurin zai ba da damar file rubuta da za a zaba a lokacin farawa aiki. Saitin tsoho shine Ex01.
Max File Girman: Yana ba da damar zaɓin iyakar fitarwa da ake so file girman sashi. Zaɓuɓɓukan sune: 2 GB, 4 GB, 8 GB, da Unlimited. Saitin tsoho ba shi da iyaka.
Kuskure farfadowa da na'ura: Yana ba da damar zaɓi na Yanayin farfadowa da Sake gwada ƙidaya don lokacin da aka sami kurakuran karatun tushen tuƙi yayin ayyukan Duplicate da Hash.
Yanayin farfadowa: Wannan yana ƙayyade girman karatun da za a yi amfani da su don nemo bayanan da za a iya karantawa a cikin yankunan da ke da kurakurai. Zaɓuɓɓukan sune: Standard and Exhaustive. Daidaitaccen yanayin yana nufin cewa ƙoƙarin dawo da kuskure zai karanta
20
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.2. Ana saita TD4
tubalan bayanan da koyaushe 32,768 bytes ne. A cikin yanayin ƙaƙƙarfan yanayi, karatun dawo da kurakurai zai faru ƙasa zuwa mafi girman matakin mai yuwuwa, wanda shine sassa ɗaya. Yanayin ƙarewa zai tabbatar da iyakar adadin bayanan da za a iya dawo da su, amma kuma zai ƙara lokaci zuwa aikin. Saitin tsoho shine Standard.
Sake gwada ƙididdigewa: Wannan yana gaya wa TD4 sau nawa don ƙoƙarin sake karanta katangar bayanai lokacin da aka sami kuskure. Zaɓuɓɓukan sune: 0, 1, 10, da 100. Saitin tsoho shine 1.
Tsanaki
Ba a ba da shawarar saitin ƙidaya 100 na sake gwadawa ba. Idan karatun ya ci gaba da yin kurakurai sama da ƙoƙari 10, da alama ba zai taɓa yin nasara ba, kuma ci gaba da ƙoƙarin karantawa da yawa na iya lalata abin da ya rigaya ya gaza kuma ya ɓata lokacin bincike mai mahimmanci.
Matsawa: Yana ba da damar zaɓi na matse bayanai don abubuwan E01, Ex01, da LX01. Zaɓin akwatin zai tabbatar da cewa ana amfani da matsawar bayanai a duk lokacin da zai yiwu. Saitin tsoho shine don damfara idan zai yiwu.
· Shaida File Hanya: Yana ba da damar ma'anar takamaiman filesuna da kundin adireshi don fitarwa files. Lura cewa ana iya amfani da katuna don shigar da bayanan maɓalli ta atomatik a cikin filesunaye da/ko kundin fitarwa, kamar haka:
Katin %d %t %e %s %m %c
Littafi/filebayanan suna Kwanan wata (kwandin tsarin na yanzu a lokacin saye) Lokaci (lokacin tsarin na yanzu a lokacin sayan) ID na shaida don tuƙin tushen da ake amfani da shi Serial Number na tushen abin da ake amfani da shi a cikin amfani da Model lambar tushen tuƙi a amfani da Case ID a lokaci. na samu
Tsohuwar filesunan hoton. Sunan adireshin tsoho shine hotuna td4/%d_%t/.
Tabbatar da sake dawowa: Yana ba da damar zaɓi na tabbatar da sake karantawa da za a yi a ƙarshen ɓangaren aikin kwafi/ma'ana, don tabbatar da bayanan da aka adana sun yi daidai da abin da aka samu. Zaɓin Akwatin Tabbatarwa zai ba da damar tabbatar da sake dawowa ga duk ayyuka. Zaɓin Saurin zai ba da damar tabbatar da sake dawowa aiki a lokacin fara aiki. Saitin tsoho shine Tabbatarwa.
· Gyara Clones: Yana ba da damar zaɓin saitin “datsa” da ake so don duk ayyuka. Yanke hanyar tuƙi yana nufin cewa za a yi amfani da DCO ko AMA a kan inda ake nufa (idan yana goyan bayan su) ta yadda girman maƙasudin zai bayyana ya yi daidai da na asalin tushen tushen clone. Zaɓuɓɓukan sune: Ba, Lokacin da zai yiwu, da Gaggawa. Zaɓin Saurin zai ba da damar zaɓin saitin Gyara Clones a lokacin farawa aiki. Saitin tsoho baya Taba.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
21
Babi na 3 Yana Haɗa TD4
Lura: Don gyaran clone don aiki, zaɓin wurin da aka zaɓa dole ne ya goyi bayan DCO ko AMA.
· Sauti: Yana ba da damar zaɓin matakin ƙarar tsarin da za a yi amfani da shi don duk faɗakarwar da ake ji. Zaɓin Akwatin Chirp mara aiki zai sa a sake kunna sautin kammala aikin kowane minti ɗaya har sai an rufe allon matsayin aikin. Lura cewa, ko da Idle Chirp ya kasance naƙasasshe, za a kunna sautin kammala aikin sau ɗaya a ƙarshen aikin kuma LED ɗin mai nuna alama zai haskaka matsayin kammalawa har sai an rufe allon matsayin aikin. Saitin tsoho shine don kunna Idle Chirp.
Nuni lokaci: Yana ba da damar zaɓin yankin lokacin tsarin da aka nuna da yanayin nunin lokaci (awa 12 ko awa 24). Dole ne a adana canje-canjen saitin nunin lokaci a sarari don yin tasiri. Lura cewa canza saitunan da suka shafi lokaci ba a yarda ba yayin da aiki ke gudana. Saitin yanayin nuni na asali shine yanayin awa 12.
· Lokacin Tsari: Yana ba da damar shigar lokacin tsarin. Canje-canjen saitin lokacin tsarin dole ne a adana shi a sarari don yin tasiri. Lura cewa canza saitunan da suka shafi lokaci ba a yarda ba yayin da aiki ke gudana.
· Kwanan tsarin: Yana ba da damar shigar da kwanan wata tsarin. Canje-canjen saitin tsarin kwanan wata dole ne a adana shi a sarari don yin tasiri. Lura cewa canza saitunan da suka shafi lokaci ba a yarda ba yayin da aiki ke gudana.
Haske: Yana ba da damar zaɓi na hasken allon LCD.
· Allon madannai na Virtual: Yana ba da zaɓi don nuna kullun akan allo, maballin kama-da-wane, koda lokacin da aka gano maballin waje. Wannan yana da amfani ga takamaiman yanayi, inda aka haɗa haɗin kai (manufa biyu) madannai mara waya/ linzamin kwamfuta zuwa TD4, amma ɓangaren linzamin kwamfuta kawai ake amfani da shi. Zaɓi zaɓin 'Koyaushe nuna' don tabbatar da cewa madannai na kama-da-wane ya bayyana a wannan yanayin. Ta tsohuwa ana ɓoye maɓallan kama-da-wane lokacin da aka gano maɓallin kebul na USB.
Harshe: Yana ba da damar zaɓin yaren tsarin. Zaɓuɓɓukan sune: Jamusanci, Ingilishi, Sifen, Faransanci, Koriya, Fotigal, Baturke, da Sinanci. Harshen tsoho shine Ingilishi.
Lura: Lokacin da aka canza yaren tsarin, za a canza maballin kama-da-wane ta atomatik zuwa wannan yaren. Idan ana so, ana iya canza maballin kama-da-wane da hannu zuwa harshen da ya bambanta da tsarin tsarin harshe. Don zaɓar yaren madannai na kama-da-wane da hannu, matsa filin shigarwa sannan ka matsa maɓallin kewayawa a kan madannai don zaɓar yaren da ake so.
22
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.2. Ana saita TD4
3.2.2 Gudanarwa
A wasu wuraren aikin bincike, yana iya zama kyawawa a hana masu amfani mara izini shiga rukunin ko canza takamaiman saituna. TD4 yana ba mai amfani matakin matakin gudanarwa damar kulle takamaiman wurare na mai amfani don ba da damar irin wannan iko. Matsa maɓallin Gudanarwa a cikin Menu Kewayawa Tsarin don fara wannan saitin. Ana nuna allon saitin Gudanarwa na farko a ƙasa.
Matsa Kunna Gudanarwa don farawa. Mataki na farko shine saita PIN na Gudanarwa mai lamba shida. Dole ne a shigar da PIN sau biyu don tabbatar da daidaito.
Da zarar an kunna Gudanarwa, za a iya zaɓar wuraren masu zuwa don toshe shiga ga kowa ba tare da PIN ba:
Kulle Boot na System: Idan aka zaɓa, naúrar za ta yi tawa kai tsaye zuwa ga ma'aunin PIN, kuma ana buƙatar shigar da PIN na Administrator don amfani da naúrar.
· Kanfigareshan Kwafi: Idan an kunna, saitunan Kwafi masu zuwa zasu buƙaci PIN mai gudanarwa don yin kowane canje-canje:
Hashes
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
23
Babi na 3 Yana Haɗa TD4
'Kwafi' File Nau'in Max File Kuskuren Girman Shaida na Matsawa File Tabbacin Karatun Hanyar Gyaran Clones
Hoton da ke ƙasa yana nuna menu na Saituna bayan an kunna ikon sarrafawa don Kanfigareshan Kwafi. Kula da garkuwa tare da alamar alamar bincike kusa da abubuwan saitin da aka lissafa a sama. Wannan yana nuna waɗanne saituna zasu buƙaci PIN mai gudanarwa don yin canje-canje. Duk masu amfani za su iya view saituna na yanzu, amma duk wani ƙoƙari na canza kowane saitunan da aka kulle zai sa mai amfani ga PIN ɗin Mai Gudanarwa.
Don musaki Gudanarwar TD4, matsa Gudanarwa daga Menu Navigation na System sannan ka matsa Kashe Gudanarwa. Ana buƙatar shigar da PIN na Gudanarwa don kammala naƙasasshe.
24
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.2. Ana saita TD4
Lura: Lokacin da aka kunna Gudanarwa, koda kuwa ba a zaɓi ɗayan zaɓuɓɓukan sarrafawa ɗaya ba, za a buƙaci PIN mai gudanarwa don sabunta firmware akan naúrar. Wannan yana hana kewaya saitunan Gudanarwa ta rage darajar firmware.
3.2.3 Kulle tsarin
Yana iya zama kyawawa don kulle tsarin TD4 ɗin ku yayin da ba a kula da shi ba don tabbatar da cewa ba a canza saituna ko kuma ba a canza ayyukan ku ta kowace hanya ba. Don kulle tsarin ku, kawai danna abun Tsarin Kulle a cikin Menu na Kewayawa tsarin. Allon zai bayyana wanda ke ba da izinin shigar da lambar tantance mutum mai lamba shida (PIN), kamar yadda aka nuna a ƙasa.
Kuna buƙatar shigar da lambar lambobi shida a karo na biyu don tabbatar da PIN. Da zarar an tabbatar da PIN ɗin, za a kulle naúrar, yana nuna kushin PIN kawai akan allon.
Don buɗe tsarin, kawai shigar da PIN.
Lura: Maɓallin da ke ƙasa-hagu na faifan maɓalli yana ba da damar bazuwar tsarin lambobi akan faifan maɓalli. Ana iya amfani da wannan don tabbatar da cewa PIN ɗin da aka saba amfani da shi ba sa ƙirƙirar keɓaɓɓen tsari akan allon.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
25
Babi na 3 Yana Haɗa TD4
Wannan tsarin kulle PIN na ɗan lokaci ne ta ma'anar cewa kowane taron buɗewa zai kiyaye naúrar a buɗe har sai an sake kulle ta. Lura cewa TD4 keken keke zai share allon kulle PIN.
3.2.4 Ana ɗaukaka firmware TD4
Ana adana firmware na TD4 akan na'urar ƙwalƙwalwar ajiya mara ƙarfi, mara cirewa a cikin naúrar. Lokacin da sabunta firmware na TD4 ya zama samuwa akan OpenText website (Cibiyar Zazzagewar Tableau), zaku iya zazzage fakitin firmware file kuma amfani da shi don sabunta naúrar.
Lura: Ba za a iya fara sabunta firmware ba yayin da aiki ke gudana.
Don sabunta firmware na TD4, je zuwa Cibiyar Zazzagewa ta Tableau a https://www.opentext.com/products/tableau-download-center, sannan bi waɗannan matakan:
1. Nemo sashin TD4 akan shafin Cibiyar Zazzagewar Tableau, sannan ka matsa sabuwar firmware file hanyar haɗi don fara saukewa zuwa kwamfutarka.
Lura: fakitin firmware TD4 files suna da .td4_pkg file tsawo.
2. Kwafi fakitin firmware da aka sauke file zuwa sandar USB sannan ka cire kuma cire wannan drive daga kwamfutarka.
3. Saka sandar USB a cikin kowane tashar USB na TD4. 4. Jeka Menu Navigation System ta danna gunkin gefen hagu na
saman kewayawa mashaya. Sa'an nan kuma matsa Game da abin menu. 5. A cikin Game da allo, matsa Sabunta Firmware button. 6. Zaɓi abin da ya dace /filetsarin ta danna kan filetsarin tile. 7. Yi lilo zuwa wurin da ake so .td4_pkg file sannan ka danna hakan file. 8. Da zarar kun tabbata kuna son fara sabuntawa tare da zaɓin da aka zaɓa file, tap da
Zaɓi maɓallin a kasa-dama na allon.
TD4 zai fara aiwatar da sabunta firmware ta amfani da firmware da aka zaɓa file.
Tsanaki
Da zarar tsarin sabunta firmware ya fara, kar a cire ko ƙara kowane abin tafiyarwa, kashe naúrar, ko cire wuta daga naúrar. Yin hakan na iya haifar da al'amura tare da tsarin sabunta firmware mai yiwuwa haifar da TD4 mara aiki. Idan wani abu ya faru yayin tsarin sabunta firmware wanda ke haifar da gazawar sabuntawa, yana yiwuwa ana iya buƙatar hanyar dawo da firmware. Dubi "Masu matsala gama gari" a shafi na 92 don bayani kan tsarin dawo da firmware.
TD4 za ta sake yi ta atomatik cikin sabon firmware da zarar an kammala aikin sabuntawa.
26
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.3. Haɗa faifai
Lura cewa ƙimar hash SHA-256 na fakitin firmware da aka ɗora a halin yanzu ana ƙididdige shi kuma an nuna shi a cikin babban ɓangaren Game da allo tare da cikakken sigar firmware. Wannan yana ba da damar tabbatar da cewa ingantaccen sigar firmware yana gudana kuma ba a canza shi ba. Don dalilai na tabbatar da hash, ƙimar zanta don sigar firmware da aka bayar tana samuwa a cikin takaddar bayanan bayanan don kowane sabuntawa na TD4, wanda ke samuwa akan Cibiyar Zazzagewar Tableau a https://www.opentext.com/products/tableau-download- tsakiya.
3.3 Haɗin tafiyarwa
Sassan da ke gaba suna ba da bayanan da za su ba da izinin amintaccen haɗin haɗin kai zuwa TD4.
Lura: Don abubuwan tafiyarwa waɗanda ke buƙatar kebul na adaftar don haɗawa zuwa TD4, OpenText yana ba da shawarar sosai barin igiyoyin adaftar da aka toshe cikin TD4 da haɗawa/cire faifai daga ɗayan ƙarshen igiyoyin. Duk da yake masu haɗin tuƙi akan TD4 suna da ƙarfi kuma an tsara su don hawan keke da yawa, haɗawa / cire abubuwan tafiyarwa daga ɗayan ƙarshen igiyoyin zasu taimaka haɓaka rayuwar TD4 ɗin ku.
3.3.1 kebul na USB da nau'ikan masu haɗawa
Bayanin kebul na USB sun canza akan lokaci, kuma, tare da su, yarjejeniyar suna don mashigai/gudu na USB daban-daban shima ya canza. Don misaliample, lokacin da USB 3.0 (SuperSpeed USB) ya fara fitowa, saurin mu'amala ya yi tsalle zuwa 5 Gbps akan saurin USB 2.0 na baya na 480 Mbps. Tare da zuwan USB 3.1, an gabatar da manufar tsararraki don rufe saurin mu'amala daban-daban. Don misaliample, USB 3.0 SuperSpeed yayi daidai da USB 3.1 Gen 1 a 5 Gbps, kuma USB 3.1 Gen 2 ya ninka wancan gudun zuwa 10 Gbps. Kwanan nan, an fitar da ma'aunin USB 3.2. Koyaya, bayanin tsara tsara don saurin ya kasance iri ɗaya da USB 3.1, tare da USB 3.2 Gen 1 kasancewa 5 Gbps da USB 3.2 Gen 2 kasancewa 10 Gbps. Yin amfani da yaren ƙayyadaddun USB na kwanan nan, tashar tashar USB ta TD4 shine USB 3.2 Gen 1 yana gudana a 5 Gbps. Makomar tashar tashar USB shine USB 3.2 Gen 2 yana gudana akan 10 Gbps. Don sauƙi, waɗannan tashoshin jiragen ruwa ana lakafta su da "USB" akan TD4 kanta kuma ana kiran su da tashoshin USB a cikin wannan jagorar mai amfani.
Tashoshin USB na TD4 duk suna amfani da haɗin USB Type C. Nau'in C da kebul na tuƙi ana iya saka su cikin TD4 ba tare da la'akari da fuskantarwa ba. Don haɗa kebul na Type A drive zuwa TD4, ana buƙatar kebul na adaftar Nau'in TCA-USB3-AC Nau'in A-zuwa nau'in C (ko makamancin adaftar kasuwanci).
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
27
Babi na 3 Yana Haɗa TD4
3.3.2 Drive adaftar
Don wasu tashoshin jiragen ruwa na TD4, ana buƙatar adaftar waje don haɗa wasu nau'ikan tuƙi. Babi na 5 na wannan jagorar mai amfanin ya ƙunshi cikakken jerin abubuwan adaftar tuƙi na Tableau. Anan ga taƙaitaccen adaftar da aka saba amfani da su:
Drive Type PCIe add-in card SSD m.2 PCIe SSD Apple PCIe SSD 2013+ u.2 SSD (PCIe) IDE Apple PCIe SSD 2016+ FireWire mSATA/m.2 SATA SSD
Tableau Adaftar Sashin Lamba TDA7-1 TDA7-2 TDA7-3 TDA7-4 TDA7-5 TDA7-7 TDA7-9 TDA3-3
3.3.3 Tiles ɗin tuƙi
A gefen hagu da dama na allon gida zaku sami fale-falen fale-falen tuƙi waɗanda suka daidaita tare da tashoshin haɗin haɗin gwiwa na zahiri. Waɗannan fale-falen fale-falen za su kasance masu launin toka don kowane tashar jiragen ruwa waɗanda ba su da makaɗa. Lokacin da aka makala tuƙi zuwa tashar da aka bayar, wannan tile ɗin zai yi aiki kuma ana iya taɓa shi don samun cikakken bayani game da wannan tuƙi da aiwatar da takamaiman ayyukan tuƙi.
Lura: Tile ɗin tuƙi don tashar haɗin haɗin kebul na baya zai bayyana ne kawai lokacin da aka haɗa abin hawa zuwa wannan tashar. Zai bayyana ƙarƙashin gunkin Menu Kewayawa na System a saman kusurwar hagu na allon gida.
3.3.4 Tushen Tushen
TD4 yana gudanar da aikin bincike guda ɗaya a lokaci guda, kuma, saboda haka, an ƙirƙira shi don ba da damar haɗa tushen tuƙi ɗaya a lokaci guda. Ana iya haɗa kayan tafiyarwa da yawa ta jiki zuwa TD4 kuma yin hakan ba zai haifar da wata lahani ga na'urar ba. Koyaya, lokacin da aka haɗa tushen tushen sama da ɗaya, tiles ɗin tushen tushen zai zama ja kuma za a hana duk ayyukan da ke buƙatar tushen tushen (Duplication, Logical Hoto, Hash, da Restore). Tabbatarwa shine aiki ɗaya wanda har yanzu ana iya yin shi tare da haɗe-haɗe na tushen tushe, saboda yana amfani da fayafai kawai.
Haɗa faifai (ko adaftar tuƙi tare da tuƙi a wurin) zuwa ɗaya daga cikin hanyoyin haɗin TD4 tushen (hagu): SATA/SAS, PCIe, USB. Tile mai amfani da keɓancewa mai alaƙa zai zama aiki kuma ana iya taɓa shi view cikakken bayani game da tuƙi da aiwatar da takamaiman ayyuka. Don abubuwan tuƙi na tushen, ayyukan tuƙi da ke akwai kamar haka:
· Bincike filetsarin
28
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.3. Haɗa faifai
Dubawa mara laifi · Cire HPA/DCO/AMA · Buɗe ɓoyayyen tebur
Takaitaccen bayanin aikin na iya zama viewed akan allon bayanan bayanan, tare da hanyar haɗi zuwa view lissafin tarihin aikin da aka tace don wannan tuƙi. Maɓallin fitarwa na kowane tuƙi yana a gefen dama-dama na allon bayanan bayanan.
3.3.5 Manufa masu tuƙi
Haɗa faifai ɗaya ko fiye zuwa gefen TD4 (dama): SATA (x2), PCIe, da/ko USB (x2). Tile(s) mai haɗin haɗin haɗin mai amfani zai zama aiki kuma ana iya taɓa shi view cikakken bayani game da tuƙi da aiwatar da takamaiman ayyuka. Don abubuwan tuƙi na zuwa, ayyukan tuƙi da ke akwai kamar haka:
· Bincike fileTsare-tsare · Duba mara komai · Sake saitawa (duba “Sake daidaitawa” a shafi na 42 don cikakken bayani
game da inda ake nufi da aikin Sake saitawa) · Buɗe ɓoyayyiyar teburau
Takaitaccen bayanin aikin na iya zama viewed akan wannan allon, tare da hanyar haɗi zuwa view Tace lissafin Tarihin Ayuba na wannan tuƙi. Maɓallin fitarwa na kowane tuƙi yana a gefen dama-dama na allon bayanan bayanan.
Dubi "Kwafi" a shafi na 58 da "Yin hoto mai ma'ana" a shafi na 69 don cikakkun bayanai kan gudanar da ayyukan Kwafi da Ma'ana.
3.3.6 Na'urorin haɗi
Ana samun tashar USB ta Na'ura a bayan TD4. Ana iya amfani da wannan tashar jiragen ruwa don haɗa kebul na USB don ba da izinin fitar da rajistan ayyukan ko sabunta TD4 firmware. Hakanan ana iya amfani dashi don haɗa maɓalli da/ko linzamin kwamfuta (mai waya ko mara waya).
Tsanaki
Tashar na'ura ta USB a bayan TD4 ba ta da kariyar rubutu! Kada a taɓa haɗa kafofin watsa labarai na shaida zuwa wannan tashar jiragen ruwa.
Lokacin da kebul na na'ura mai haɗi yana haɗe zuwa TD4 kuma an gano shi, ƙaramin tayal ɗin tuƙi zai bayyana a ƙasan gunkin Menu Kewayawa na System a saman hagu na mai amfani.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
29
Babi na 3 Yana Haɗa TD4
3.3.7 Ganewar tuƙi
Bayan booting, TD4 ya fara gano abubuwan da aka haɗa a jere. Fale-falen fale-falen fale-falen fale-falen fale-falen buraka da aka nuna a gefen hagu da dama na allon za su zama cikakke ganuwa kuma suna aiki lokacin da aka gano abin tuƙi. Matsa kowane tayal ɗin tuƙi zuwa view cikakken bayani game da abin da aka haɗa da kuma yin takamaiman ayyuka na tuƙi. Dubi "Masu tuƙi" a shafi na 28 da "Masu tuƙi" a shafi na 29 a baya a wannan babin don ƙarin bayani kan ayyukan da ake da su.
Hoton da ke ƙasa yana nuna allon gida na TD4 tare da haɗe-haɗe masu zuwa: tushen USB, kayan haɗi na USB, wurin SATA, wurin PCIe.
30
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
3.4. Kashe TD4
3.4 Kashe TD4
Don kashe TD4 ɗin ku, kawai danna maɓallin wuta a saman kusurwar hagu na naúrar. Tabbatar da buƙatun ta hanyar latsa maɓallin Kashewa ko matsa maɓallin Soke don ci gaba da kunna naúrar.
A wasu lokuta, yana iya zama kyawawa don samun ikon TD4 da kansa bayan an gama aikin na yanzu. A cikin yanayin gudanar da aiki na dare ko a karshen mako tare da naúrar ba tare da kulawa ba, wannan na iya taimakawa rage yawan amfani da wutar lantarki da lokacin aiki maras buƙata akan kowane maƙallan da aka haɗa. Don kashe TD4 lokacin da aikin na yanzu ya cika, kawai danna maɓallin wuta a kusurwar hagu na sama na naúrar kamar yadda kuka saba, sannan danna maɓallin Rufewa. Aikin na yanzu zai kammala sannan naúrar zata kashe kanta. Wannan zai yi aiki ga kowane nau'in aiki.
Lura: Idan ana amfani da hanyar rufe maɓallin wuta da aka kwatanta a sama, babu buƙatar fitar da duk wani abin da aka haɗa kafin rufe TD4. Yin amfani da wannan ingantaccen hanyar kashewa yana bawa software damar bincika kowane ɗawainiya mai aiki da fitar da tuƙi kafin a kashe naúrar. Tilasta TD4 kashe wuta ta hanyar ja igiyar wutar lantarki ko riƙe maɓallin wuta ba a ba da shawarar ba saboda yana iya lalata duk wani bangare na yanzu.filebayanin tsarin.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
31
Babi na 4
Yin amfani da TD4
Wannan babin ya ƙunshi cikakkun hanyoyi da bayanai don amfani da TD4.
4.1 Fuskar allo
Allon gida na TD4 yana nuna fale-falen fale-falen fale-falen fale-falen fale-falen fale-falen buraka masu zuwa: · Kwafi · Hoto mai ma'ana · Hash · Tabbatarwa · Mayar kuma ya haɗa da tiles don shigarwa/viewBayar da mahimman bayanai, kamar haka: · Bayanin Harka · Tarihin Aiki
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
33
Babi na 4 Amfani da TD4
Ana iya buɗe kowane tayal ɗin aiki don nuna ƙarin bayani, shigar da bayanai, kuma, idan an zartar, fara aikin haɗin gwiwa. Dangane da yanayi daban-daban, aikin zai fara nan da nan bayan buga maɓallin Fara ko kuma za a nuna allon saitunan ci gaba don ba da damar daidaita takamaiman saitunan kafin fara aikin. Ana iya samun ƙarin cikakkun bayanai na kowane aikin allo na gida daga baya a cikin wannan babi.
A saman mashigin kewayawa akwai maɓallan don shiga cikin sauri Menu Kewayawa tsarin da allon gida da zuwa view lokacin yanzu. Taɓa sunan ƙirar TD4 a saman mashaya kewayawa yana ɗaukar ku zuwa allon gida.
Lura: A yanayin yanayin sanyi mara kyau, za a nuna alamar gargaɗin zafi a saman mashaya kewayawa zuwa dama na gunkin Menu Kewayawa na System. Ba za a taɓa ganin irin wannan gargaɗin a ƙarƙashin yanayin aiki na yau da kullun ba. Dubi "Al'amurran da suka shafi zafi" a shafi na 94 don ƙarin bayani.
34
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.2. Cikakken bayani
4.2 Cikakken bayani
A gefen hagu da dama na allon gida zaku sami fale-falen fale-falen tuƙi waɗanda suka daidaita tare da tashoshin haɗin haɗin gwiwa na zahiri. Waɗannan fale-falen fale-falen ba za su yi aiki ba ga kowane tashar jiragen ruwa waɗanda ba su da abin hawa. Lokacin da aka makala tuƙi zuwa tashar da aka bayar, wannan tile ɗin zai yi aiki kuma ana iya taɓa shi don samun cikakken bayani game da tuƙi da aiwatar da takamaiman ayyukan tuƙi.
Lura: Tile ɗin tuƙi don tashar haɗin haɗin kebul na baya zai bayyana ne kawai lokacin da aka haɗa abin hawa zuwa wannan tashar. Zai bayyana ƙarƙashin gunkin Menu Kewayawa na System a saman kusurwar hagu na allon gida.
Duba"Viewtushen tushe da wuraren zuwa” a shafi na 39 don ƙarin bayani kan allon bayanan tuƙi da ayyukan haɗin gwiwa.
4.3 Menu na kewayawa tsarin
Taɓa gunkin Menu Kewayawa Tsari a kusurwar hagu na sama na mashaya kewayawa yana nuna Menu na Kewayawa Tsarin TD4, kamar yadda aka nuna a ƙasa. Don ƙarin bayani kan abubuwan da ke cikin wannan menu, duba “Haɓaka TD4” a shafi na 19.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
35
Babi na 4 Amfani da TD4
4.4 Matsayin Aiki
Bayan aiki ya fara, allon matsayin aikinsa yana nunawa ta atomatik. Wannan allon matsayi yana nuna cikakkun bayanai game da aikin da aka bayar, gami da rubutun kai da ke nuna nau'in aikin, matsayinsa, lokacin farawa da ƙarshen sa, jimlar adadin bayanai, sauran lokacin, da kashi cikakke. Ƙananan yanki na allon matsayin aikin yana nuna ƙarin cikakkun bayanai na aiki, gami da ƙimar zanta (idan akwai) ci gaban ƙaramin mataki (na misali.ample, Kwafi daban da Tabbatarwa a cikin aikin kwafi/tabbatacce), taƙaitaccen saiti, da jerin abubuwan tuƙi da ke cikin aikin. Taɓa tayal ɗin tuƙi yana buɗe allon bayanan bayanansa wanda ke ba da a view na duk bayanan da ke akwai don drive. Kafaffen yanki na allon matsayin aikin ya haɗa da maɓalli don fitar da log ɗin binciken don wannan aikin da soke aikin. ExampAna nuna allon halin aikin Kwafi mai aiki a ƙasa.
Lura: Idan allon matsayin aikin yana rufe, taƙaitaccen taƙaitaccen matsayi na aikin yana nan har yanzu a cikin faɗuwar fale-falen aikin akan allon gida. Matsa ƙananan ɓangaren tayal ɗin aikin zai sake buɗe allon halin aikin. Hakanan, lokacin da aiki ke gudana, ana nuna madauwari mai madauwari a saman sandar kewayawa zuwa dama na sunan ƙirar TD4. Taɓa mai juyawa yana sake buɗe allon matsayin aikin.
36
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.5. Tarihin aiki
Da zarar aikin ya kammala, ana nuna allon matsayin aikin kuma yana nuna matsayin ƙarshe na wannan aikin.
Idan an bar allon matsayin aikin a buɗe bayan kammala aikin, alamun yanayin kammala aikin zai ci gaba har sai an rufe allon matsayin aikin. Waɗancan alamomin matsayin kammalawa sun haɗa da matsayin LED mai walƙiya kuma, idan an kunna Idle Chirp a cikin saitunan tsarin, sanarwa mai ji (sau ɗaya kowane minti). Idan Idle Chirp ya naƙasa, sanarwar ƙarar aikin kammala aikin za a ba da ita sau ɗaya kawai.
4.5 Tarihin Aiki
Allon halin aiki na iya zama viewed daga jerin ayyuka wanda ke samuwa daga tayal Tarihin Ayyuka akan allon gida. Taɓa ƙaramin yanki na faɗuwar fale-falen tarihin Ayuba yana buɗe jerin ayyuka na wannan rukunin. Ayyukan da ke cikin wannan jeri ana adana su a kan naúrar kuma suna ci gaba da zagayowar wutar lantarki. Duk wani aiki mai aiki zai nuna a cikin jeri tare da sandar ci gaba mai shuɗi mai aiki. Ayyukan da aka kammala cikin nasara za su nuna tare da cikakken koren ci gaba. Ayyukan da aka soke zasu nuna alamar ci gaba mai launin rawaya. Kuma ayyukan da suka gaza za su nuna tare da wani yanki cike da sandar ci gaba. Taɓa wani takamaiman tayal aiki daga lissafin zai buɗe allon matsayin aikin don wannan aikin. ExampAna nuna jerin tarihin Ayuba a ƙasa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
37
Babi na 4 Amfani da TD4
Kamar yadda ake iya gani a saman allon Tarihin Ayuba da ke sama, ana nuna yanayin halin yanzu (kamar yadda aka gano ta wurin saitin ID na Case) tare da ƙididdige adadin lokuta daban-daban da aka haɗa a cikin jerin tarihin Ayuba.
A wasu yanayi, yana iya zama dacewa view kuma sarrafa (fitarwa ko share) rukunin ayyuka kawai daga jerin. Don tace jerin ayyuka, matsa akan alamar tace kusa da saman-dama na allon Tarihin Ayuba. Ana iya ƙara ma'aunin tacewa don nuna ayyukan da ake so kawai. Lura cewa lokacin da aka yi amfani da ma'auni da yawa, duk dole ne su dace don aiki don nunawa a cikin lissafin da aka tace. Ana iya tace jerin ayyukan bisa ga ma'auni masu zuwa:
· Sunan jarrabawa
· ID na shari'a
· Bayanan kula
· Dillalin tuƙi
· Motocin tuƙi
· Turi serial number
Lura: Akwai hanya mai sauƙi don tace lissafin Tarihin Ayuba don nuna kawai ayyukan da ke da alaƙa da takamaiman tuƙi. Don yin haka, matsa kan tayal ɗin da ake so daga
38
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
allon gida. Gungura zuwa sashin taƙaitaccen ayyuka a kasan allon bayanan bayanan sannan ka matsa View maballin. Za a nuna jerin ayyukan da ke da alaƙa da wannan tuƙi. Kuna iya faɗaɗa tacewa a ciki view don ganin takamaiman ma'auni da aka yi amfani da su don tace jerin.
Don fitar da rajistan ayyukan da ke da alaƙa da ayyuka a cikin jerin Ayyukan Aiki, taɓa maɓallin fitarwa a ƙasan hagu na allon Tarihin Ayuba. Zaɓi abin da ake so filetsarin da babban fayil sannan ka matsa maɓallin Export a kusurwar dama-dama na taga mai bincike.
Don share ayyukan da aka nuna a cikin jerin tarihin Ayuba, matsa maɓallin Share a ƙasa-dama na allon Tarihin Ayuba kuma bi saƙon.
Lura: Don duka fitar da log ɗin da gogewar aiki, duk ayyukan da aka nuna a cikin jerin Ayyukan Aiki sune waɗanda za a yi aiki da su. Idan babu tacewa a wurin, to duk rajistan ayyukan / ayyuka za a fitar da su zuwa waje ko share su. Idan aka yi amfani da tacewa don nuna juzu'in jerin ayyuka na gaba ɗaya, to waɗannan rajistan ayyukan / ayyukan kawai za a fitar da su ko share su.
Ana iya adana ayyuka har 100 akan TD4. Lokacin da aka buga wannan iyaka, farkon kowane ayyuka na gaba zai buƙaci yarda cewa za a share aikin mafi tsufa ta atomatik. Don guje wa wannan matakin fara aiki mara inganci, ana ba da shawarar cewa a fitar da rajistan ayyukan sannan a goge ayyukan a ƙarshen kowane harka.
Dubi "Logs na Forensic" a shafi na 79 don ƙarin bayani game da rajistan ayyukan bincike na TD4.
4.6 Viewtushe da wuraren zuwa
Don samun damar allon bayanan tuƙi don tushe ko makoma, matsa tayal ɗin tuƙi da ake so akan allon gida na TD4. Ana nuna fale-falen fale-falen fale-falen a gefen hagu (tushen) da dama (makomar) ɓangarorin mai amfani da TD4. Ana nuna bayanan bayanan tuƙi don tushen SATA drive an nuna a ƙasa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
39
Babi na 4 Amfani da TD4
Filin ID na shaidar da ke saman allon bayanan bayanan tuƙi yana ba da damar taƙaita bayanin abin tuƙi. Wannan ƙimar ID ɗin Shaida hanya ce ta yau da kullun don gano abubuwan tafiyarwa wanda ke ba su damar samun sauƙin ganewa cikin sauƙin mai amfani da TD4. Wannan ID ɗin Shaida zai bayyana a cikin bayanan bayanan tuƙi da katunan tuƙi, waɗanda ake gani a wurare daban-daban kamar a cikin sassan Tushen da Manufofi na allon matsayin aiki. Hakanan ID na shaida zai bayyana a cikin rajistan ayyukan bincike. Idan ba a shigar da ID na shaida don abin da aka bayar ba, za a gano motar ta sunan mai siyarwa, samfurin, da lambar serial.
Bayan filin ID na Shaida, babban ɓangaren allon bayanan bayanan tuƙi yana nuna mahimman bayanai game da faifan da aka zaɓa, kamar girman, mai siyarwa, ƙirar ƙira, sake fasalin firmware, lambar serial (s), girman yanki, da sassa (an ruwaito). Kebul na USB za su sami ƙarin bayani da aka nuna, gami da takamaiman lambar serial na USB.
Sashen abubuwan da ke ciki na allon bayanan bayanan yana ba da bayanai game da abin da ke kan tuƙi, kuma yana ba da izinin fitar da takamaiman ayyuka kamar Binciken Blank, Reconfigure (makamai kawai), Cire HPA/DCO/AMA (maɓuɓɓuka kawai), da Encryption Tableau Buɗe Don tuƙi masu iya ganowa filetsarin, babban ɓangaren ɓangaren abubuwan da ke ciki yana nuna nau'in tebur na bangare, adadin ɓangarori, da adadin filetsarin. Kowane mai iya ganowa filetsarin zai yi a filekatin tsarin da ke nuna ƙarin bayani game da filetsarin. Don lilo a filetsarin, matsa filekatin tsarin. Idan tuƙi yana da wasu iyakoki a wurin (HPA/DCO/AMA), a
40
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Za a bayar da saƙon gargaɗi a cikin babban ɓangaren ɓangaren abubuwan ciki. Irin wannan
Hakanan ana gano iyakokin sassan tare da alamar da aka haɗe zuwa tayal ɗin tuƙi akan allon gida.
Sashen Ayyuka na allon Cikakkun Bayanai yana ba da bayanai game da ayyukan da aka yi tare da wannan tuƙi. Ƙididdiga na Ayyuka yana nuna adadin duk ayyukan bincike da aka yi ta amfani da wannan tuƙi, kuma ya haɗa da ayyuka masu zuwa: Kwafi, Hotunan Ma'ana, Hashes, Tabbatarwa, Sake daidaitawa, Binciken Blank, Maidowa, da Cire Iyakokin Sashe. Ƙididdiga na Ƙarshen Saye yana nuna adadin da aka kammala cikakke, nau'ikan ayyukan saye masu nasara, wato Kwafi da Hotunan Ma'ana. Idan duk ayyukan da aka ba su suna da ID na Case iri ɗaya, ana nuna ID ɗin Case ɗin a wannan sashin kuma. Idan akwai ID na Harka da yawa da ke da alaƙa da abin da aka bayar, "Multiple" za a nuna a cikin filin ID na Case. The View maballin da ke ƙasan dama na sashin Ayyuka zai nuna jerin tarihin Ayuba da aka tace wanda ke nuna kawai ayyukan da ke da alaƙa da waccan tuƙi.
A ƙasan dama na kowane allon Bayanan Bayanan Drive shine maɓallin Fitarwa. Kawai danna maballin fitarwa kuma ba da amsa ga faɗakarwa don fitar da tuƙi daga tsarin. Fitar da tuƙi yana cire shi daga software na tsarin cikin aminci kuma ana ba da shawarar kafin cire duk wata hanyar sadarwa da aka haɗe daga TD4 mai ƙarfi da kuma kafin saukar da TD4 tare da haɗe-haɗe. Don inda ake nufi da na'urorin haɗi na musamman (tunda ana karantawa/ rubuta su), gazawar fitar da tuƙi kafin cirewa daga tsarin na iya lalata injin ɗin. filetsarin, wanda zai iya haifar da asarar shaidar / bayanai da aka kama a baya. Lura cewa ba za a yarda da fitar da kafofin watsa labarai da ake amfani da su a cikin aiki ba har sai an kammala aikin.
Baya ga tambayar tuƙi don cire tsarin, danna maɓallin Eject zai ba da umarnin saukar da ATA zuwa abubuwan tafiyarwa waɗanda zasu iya tallafawa. Ana ba da shawarar jujjuya faifan diski mai jujjuyawa don rage damar lalacewar platter akan cirewar tuƙi daga tsarin. Lura cewa ba duk faifai ke goyan bayan wannan umarni ba, kuma wasu na iya ɗaukar lokaci mai tsawo don fitarwa daga tsarin saboda rashin tallafin umarni. Amma ana ɗaukar wannan a matsayin ƙaramar rashin jin daɗi idan aka kwatanta da fa'idar rage girman lalacewar tuƙi.
Tsanaki
Ana ba da shawarar sosai don fitar da duk abubuwan tafiyarwa daga tsarin kafin a cire su ta jiki daga TD4. Wannan yana sanya masu tuƙi a cikin yanayin sanyi, wanda zai tabbatar da kwanciyar hankali na tsarin da amincin bayanan da ke kan faifai.
Don kafofin watsa labaru da aka haɗe zuwa tashar jiragen ruwa na TD4 PCIe, ana buƙatar fitarwa kafin cirewa. Motocin PCIe masu zafi mai zafi ba tare da fitar da su ba na iya haifar da rashin kwanciyar hankali na tsarin da halayen TD4 mara tabbas.
Cire wutar tilas (ta hanyar ja igiyar wutar lantarki ko riƙe maɓallin wuta) na iya haifar da al'amura tare da haɗe-haɗe, gami da lalata bayanan tsarawa. Idan za ta yiwu, ana ba da shawarar sosai don kunna wuta ta hanyar mai amfani (ta hanyar latsa maɓallin wuta mai sauri), wanda zai fitar da duk abubuwan da aka makala ta atomatik kafin rufe naúrar.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
41
Babi na 4 Amfani da TD4
4.6.1 Tambarin blank
The Blank Check mai amfani yana duba tuƙi don kasancewar bayanai masu ma'ana. Don samun dama ga allon Saita Duba Blank, matsa Blank Check a cikin sashin abubuwan da ke ciki na kowane allon bayanan bayanan tuƙi.
Tebur mai zuwa yana ba da cikakkun bayanai na zaɓin Binciken Blank:
Saurin zaɓi
Bazuwar
Litattafai
Bayani
Da sauri bincika don sanin ko motar ta bayyana babu ta ta hanyar karantawa da duba sassan da ke cikin Babban Boot Record, GPT na Firamare, da GPT na Sakandare.
Yana yin rajistan sauri, sannan ya karanta har zuwa kashi 75% na sassan da ake da su ba da gangan don tantance ko babu komai. Duban mara komai zai tsaya da zaran an gano tsarin bayanan mara komai.
Yana karantawa kai tsaye har zuwa kashi 100 na sassan da ake da su don bincika ko tuƙin babu kowa. Duban mara komai zai tsaya da zaran an gano tsarin bayanan mara komai.
Ana ɗaukar sashe babu komai idan ya ƙunshi tsarin maimaita 2-byte kawai. Duk wani tsari mara maimaitawa ana ɗaukarsa ba mara komai bane. Koyaya, kowane sashe ɗaya na iya ƙunsar tsarin maimaitawa daban-daban. Idan an sami wani sashe ba kowa ba, ba a ɗaukar tuƙi a sarari, kuma cak ɗin da ba kowa ba zai tsaya.
Lura: Zaɓuɓɓukan rajistan shiga mara sauri da bazuwar ba sa yin cikakken bincike na tuƙi. Yana yiwuwa direban ya bayyana ba komai bisa ga binciken gaggawa ko bazuwar yayin da yake adana bayanan da suka dace.
4.6.2 Sake saitawa
Mai amfani da Sake saitawa yana ba da damar aiwatar da takamaiman ayyuka na tuƙi, galibin alaƙa da shirya tuƙi mai zuwa da za a yi amfani da su don ayyukan Kwafi da Ma'auni na gaba. Saboda yanayin canjin tuƙi na ayyukan da ake samu a cikin wannan kayan aikin, Sake saitawa yana samuwa ne kawai don tuƙi masu zuwa. Don samun dama ga allon saitin kayan aiki na sake saitawa (wanda aka nuna a ƙasa), matsa Sake saitawa daga sashin abubuwan da ke ciki na allon bayanan bayanan.
42
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Sake saitawa yana ba da damar kammala ayyukan da aka nema a jere ba tare da buƙatar sa hannun mai amfani ba. Wannan yana sauƙaƙa aiwatar da matakan shirye-shiryen kafofin watsa labarai gama gari a cikin salo mai sarrafa kansa, ba tare da yin kowannensu a matsayin mataki na daban ba. Don misaliampHar ila yau, za a iya goge hanyar da za a nufa sannan a tsara shi a cikin aiki ɗaya ta zaɓar Shafa da Tsara, saita zaɓuɓɓukan kowane mataki na ƙasa, sannan danna Fara. Lura cewa jera tsarin na zaɓin ƙananan ayyuka na Reconfigure na ganganci ne kuma yayi daidai da tsarin da za a yi amfani da su a cikin tuƙi. Ana ba da cikakkun bayanai kan kowane ƙaramin aikin Reconfigure a cikin ƙananan sassan da ke ƙasa.
4.6.2.1 Cire iyakokin sassan
A da, hanyar da aka fi sani da gangan don iyakance ƙarfin da aka ruwaito na tuƙi ita ce ta amfani da ATA HPA (yankin da aka karewa) da/ko DCO (mai rufin tsarin na'ura). An fara da sabuntawar ƙayyadaddun ƙayyadaddun ƙayyadaddun ACS-3 (ATA/ATAPI Command Set 3), an gabatar da manufar Addressable Maximum Address (AMA). Sabbin faifai na iya goyan bayan wannan hanyar iyakance ƙarfin tuƙi da aka ruwaito. TD4 yana goyan bayan duk waɗannan hanyoyin tare da ganowa ta atomatik, ganowa, da sanarwa wanda zai sa mu'amala da su mara kyau da sauƙi. Daga binciken bincike na view, yana da mahimmanci a san ko ana amfani da HPA, DCO, ko AMA. Tare da wannan ilimin, mai aikin bincike zai iya yanke shawara game da ko samun bayanai a cikin ɓoyayyun yankunan tuƙi.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
43
Babi na 4 Amfani da TD4
Lura cewa waɗannan hanyoyin (HPA/DCO da AMA) sun keɓanta da juna. Motar da ke goyan bayan HPA/DCO ba za ta goyi bayan AMA ba, kuma tuƙin da ke goyan bayan AMA ba zai goyi bayan HPA/DCO ba. Hakanan, yayin da HPA da DCO ke da alaƙa masu alaƙa don tuƙi da aka bayar, HPA tana da sifa ta musamman (mai canzawa, ko na ɗan lokaci, cirewa) wanda ke bambanta shi da DCO da AMA. Don haka, wannan sashe zai rufe cirewar HPA maras tabbas azaman keɓantaccen jigo kafin magance rashin maras tabbas (na dindindin) kawar da HPA/DCO ko AMA.
TD4 kuma yana ba da damar "shelve" DCO ko AMA, wanda ke nufin kashe tushen tushen DCO ko AMA don dalilai na kwafin shaida sannan a mayar da DCO/AMA iri ɗaya bayan aikin ya cika. Dubi "Kwafi" a shafi na 58 don ƙarin cikakkun bayanai kan tanadin DCO.
4.6.2.2 Cire HPA maras tabbas
Ana iya kashe HPA ba tare da yin gyare-gyare na dindindin ga tuƙi ba. Wannan ana kiransa maras tabbas, ko na ɗan lokaci, kawar da tsarin HPA. Lokacin da aka cire drive ɗin da aka cire HPA ta wannan hanyar daga TD4 (ko kuma aka kunna ta ba haka ba) sannan a sake haɗa shi, koyaushe zai dawo cikin asalinsa (tare da ainihin asalin HPA da aka saita kuma yana kunna). Tun da yake wannan canjin sanyin tuƙi na ɗan lokaci ne kawai (ba canji ga bayanan da aka adana akan tuƙi ba), TD4 ta atomatik tana kashe HPA akan duk wata hanyar da aka haɗa zuwa ɗaya daga cikin mashigai na tushen sa. Tunda saitin DCO da AMA kawai za a iya kashe su ta dindindin, TD4 baya kashe su ta atomatik akan abubuwan tafiyar da aka haɗa.
A cikin yanayin cirewar HPA ta atomatik, maras tabbas daga tushen abin da aka haɗa, mai amfani da TD4 yana bayyana abin da ya faru ta hanyar bayyana yawancin sassan HPA da aka fallasa, kamar yadda aka nuna a hoto mai zuwa.
44
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Magana game da bayanan bayanan tuƙi a sama, gaskiyar cewa an cire HPA yana nunawa ta hanyoyi biyu. Na ɗaya, filin Girman abin tuƙi yana nuna cikakken ƙarfin abin tuƙi (tare da cire HPA). Kuma na biyu, sashin abubuwan da ke ciki yana nuna yawancin sassan HPA da aka fallasa a cikin rubutun ja. Lura cewa wannan bayanin da ke da alaƙa kuma an kama shi a cikin rajistan ayyukan bincike.
TD4 ba ta taɓa yin canje-canje ta atomatik zuwa kowane ƙarfin tuƙi yana iyakance ƙayyadaddun ƙayyadaddun abubuwan tuƙi. An ƙirƙira TD4 don baiwa mai aikin binciken cikakken iko akan tuƙi. Idan ka zaɓi ƙuntata ƙarfin tuƙi ta amfani da HPA, DCO, ko AMA, TD4 ba zai soke wannan shawarar ba.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
45
Babi na 4 Amfani da TD4
4.6.2.3 Cire HPA/DCO/AMA mara maras tabbas
Mai amfani da Cire Iyakokin Sashin yana hana daidaitawar HPA, DCO, ko AMA akan faifan da aka zaɓa. Waɗannan canje-canjen na dindindin ne, ba za a iya soke su ba, kuma za su dawwama akan zagayowar wutar lantarki.
Don abubuwan tuƙi na gaba, an haɗa kayan aikin Cire Iyakokin Sashin a cikin aikin Sake saitawa, wanda ke akwai a cikin ɓangaren abubuwan da ke cikin allon bayanan bayanan. Matsa wurin da ake so tile ɗin tuƙi daga allon gida, sa'an nan kuma danna maɓallin sake saitawa akan allon bayanan bayanan. A cikin Reconfigure Setup allon, zaži Cire Sector Limitations, sa'an nan kuma danna Fara button. Duk wani iyakokin yanki da aka gano (HPA/DCO ko AMA) za a cire su daga inda ake nufi.
Don abubuwan tuƙi na tushen, ana samun amfanin Cire Iyakokin Sashin kai tsaye a cikin sashin abubuwan da ke ciki na allon bayanan bayanan. Wannan shi ne saboda babu wani abin da aka sake saitawa don tuƙi na tushen, tunda yawancin zaɓuɓɓukan Sake fasalin an yi niyya musamman don tuƙi masu zuwa.
Lura cewa don HPA/DCO, ba za ku iya cire yankin da ke da DCO akan tuƙi ba tare da cire kowane yanki mai kariyar HPA ba, kamar yadda ƙayyadaddun ATA suka ayyana.
Idan drive yana da an daidaita HPA/DCO ko AMA, ana nuna saƙon gargaɗin ja a cikin ɓangaren abubuwan da ke cikin allon bayanan tuƙi wanda ke nuna adadin sassan da HPA/DCO/AMA ke ɓoye. Hakanan ana nuna alamar a gefen tayal ɗin tuƙi akan allon gida kuma kusa da saman allon bayanan bayanan don samar da ganowa a-kallo na kasancewar ƙayyadaddun yanki. Hoton da ke ƙasa yana nuna bayanan bayanan tuƙi don tuƙi tare da yanki mai kariya na DCO.
46
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Motocin IDE tare da DCO suna buƙatar la'akari na musamman tare da TD4. Canje-canjen saitin DCO yana buƙatar hawan keken wuta wanda, don abubuwan tafiyar SATA kai tsaye, ana yin su ta atomatik ta TD4. Duk da haka, tun da ana iya samar da wutar lantarki ta IDE ta hanyoyi da yawa, TD4 ba zai iya ƙayyade ikon IDE ɗin ba.
Don musaki DCO akan faifan IDE, tabbatar da cewa IDE drive (ta hanyar TDA7-5) ita ce tushen tushen tushen kawai da aka haɗa sannan kuma kammala matakan masu zuwa:
1. Matsa Cire Iyakokin Sashe daga allon bayanan bayanan tushen kuma tabbatar da cewa ana son cire DCO don fara aikin.
2. Matsa Fitar a kasa-dama na allon bayanan bayanan.
3. Cire wuta daga IDE drive.
4. Cire TDA7-5 daga TD4.
5. Sake haɗa TDA7-5 (tare da haɗin IDE drive) zuwa TD4.
6. Sake haɗa wuta da IDE drive.
Lura: Musamman don faifan IDE da aka haɗa ta TDA7-5, rajistan bincike na aikin cirewa na DCO/AMA zai ba da rahoton nasarar kammala aikin cirewar DCO nan da nan bayan an ba da umarni ga tuƙi. TD4
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
47
Babi na 4 Amfani da TD4
ba shi da hanyar sanin ko a zahiri an gama umarnin a matakin tuƙi. Yakamata a tabbatar da jihar DCO da hannu bayan an gama sake kunnawa kuma kafin a fara ayyuka na gaba.
4.6.2.4 Shafa wuri ko na'urorin haɗi
Mai amfani da kafofin watsa labaru na Wipe yana ba da nau'ikan gogewa guda shida don inda ake nufi da na'urorin haɗi. Teburin da ke ƙasa yana ba da cikakkun bayanai kan kowane nau'in gogewa da aka goyan baya.
Lura: Idan tsarin HPA/DCO/AMA ya kasance akan drive ɗin da kuke son gogewa kuma kuna son gogewa gabaɗayan drive ɗin (ba kawai ɓangaren da aka fallasa ba), zaɓi aikin Cire iyakokin Sashe a cikin sake saita allon saitin tare da Shafa aikin kafin fara aikin sake saitawa.
Tsanaki
Shafa yana haifar da ci gaba da rubutu na kafofin watsa labarai, wanda zai iya haifar da yanayin aiki mai zafi mara kyau a cikin tuƙi. OpenText yana ba da shawarar amfani da fan ko na'ura mai sanyaya waje yayin shafan kafofin watsa labarai a kan TD4 don taimakawa hana lalacewar zafin jiki ga tuƙi.
Zabi Mai Rubutu
Bayani
Pass Single: TD4 zai rubuta tsari akai-akai (duk sifili) zuwa tuƙi a cikin fasfo ɗaya. Tabbatarwa na zaɓi ne.
Multiple Pass: TD4 yana aiwatar da cikakken rubutattun izinin rubutu guda uku zuwa makoma ko kayan haɗi. Fassara ta farko tana rubuta sifili (0x0000) fas ɗin na biyu kuma ya rubuta waɗanda (0xFFFF), fas ɗin na uku kuma yana rubuta ƙima ta dindindin tsakanin 0x0001 da 0xFFFE. Tabbatarwa na zaɓi ne. Idan an kunna, ana iya saita shi don tabbatarwa bayan kowace share fasfo ko bayan wucewar ƙarshe kawai.
48
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Zabin Amintaccen Goge (SSD kawai)
Sanitize - Block Goge (SSD kawai)
Sanitize Overwrite
Bayani
Umurnin ATA Secure Erase yana ba da umarni don sake saita duk abubuwan da ke akwai zuwa yanayin shafewa. Yadda ake aiwatar da yanayin shafewa akan tuƙi ba a ba da izini ta ƙayyadaddun ATA ba, wanda ke nufin yanayin bayanan ƙarshe akan faifai ya dogara da masana'anta (kuma ba lallai ba ne duk sifili). Don tafiyarwa waɗanda ba sa goyan bayan Secure Ease, TD4 zai nuna wannan iyakance yayin zaɓin nau'in gogewa.
Saboda rashin ƙayyadaddun yanayin yanayin bayanan bayan-shafe, TD4 baya bayar da tabbaci don goge goge mai aminci.
Saboda sanannun al'amurran da suka shafi rashin daidaituwa kuma maras tabbas Tabbatacciyar Goyon baya akan faifai masu juyawa (HDDs), TD4 kawai yana goyan bayan wannan fasalin akan SSDs.
Yi la'akari da cewa Secure Goge zai shafe duk sararin tuƙi mai isa, amma ba lallai ba ne ya goge sararin da aka yi sama da shi ko wani sarari da mai sarrafa na ciki ya keɓe.
TD4 zai tilasta cire duk wani saitin HPA/DCO/AMA da aka gano kafin a fara goge gogewar Tsaro.
Umurnin ATA da SCSI Sanitize Block Ease sun umurci tuƙi don goge duk wani tubalan ƙwaƙwalwar filashi. Ana yin wannan yawanci ta hanyar lantarki, ba ta hanyar rubuta bayanai zuwa tuƙi ba. Yayin da yanayin bayanan goge bayan bayanan ATA/SCSI ba su da izini, Sanitize Block Erase yawanci yana barin tuƙi a cikin yanayin da aka share (duk sifili), wanda ke ba da izinin tabbatarwa bayan gogewa. Don faifan da ba sa goyan bayan Gogewar Sanitize Block, TD4 zai nuna wannan iyakance yayin zaɓin nau'in gogewa.
Lura cewa Sanitize Block Gogewa zai shafe duk sararin tuƙi mai isa ga mai amfani da sararin sama da aka tanadar da duk wani sarari da mai sarrafa na ciki ya keɓe.
TD4 zai tilasta cire duk wani saitin HPA/DCO/AMA da aka gano kafin fara gogewar gogewar Sanitize Block.
Umurnin ATA da SCSI Sanitize Overwrite sun umurci tuƙi don sake rubuta duk bayanan tuƙi a cikin ma'ajin ajiya da na ondrive tare da sifili. Ana aiwatar da wannan fasalin galibi akan HDDs amma ana samunsa akan wasu SSDs. Don tafiyarwa waɗanda basa goyan bayan Sanitize Overwrite, TD4 zai nuna wannan iyakance yayin zaɓin nau'in gogewa.
Lura cewa, don SSDs waɗanda ke goyan bayan Sanitize Overwrite, ban da duk sararin tuƙi mai isa ga mai amfani, sarari da aka tanadar da sauran sararin da mai sarrafa na ciki ya keɓe kuma za a share shi.
TD4 zai tilasta cire duk wani saitin HPA/DCO/AMA da aka gano kafin a fara gogewar Rubutun Sanitize.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
49
Babi na 4 Amfani da TD4
Zaɓin NIST 800-88 R1 Share
NIST 800-88 R1 Tsaftace
Bayani
Goge NIST mai share zai yi goge-goge tare da tabbatarwa bayan gogewa. Don kebul na USB zai yi wucewa uku, kuma ga duk sauran faifai zai yi fas ɗaya.
TD4 zai tilasta cire duk wani saitin HPA/DCO/AMA da aka gano kafin a fara goge gogewar NIST 800-88 R1.
Don ƙarin cikakkun bayanai game da NIST 800-88 R1 Clear, koma zuwa SP 800-88 r1: Jagororin Tsaftar Media wanda ke samuwa akan NIST's web site.
Gogewar NIST yana yiwuwa ne kawai idan drive ɗin yana goyan bayan wasu umarnin gogewa. Don SSDs masu goyan bayan Sanitize Block Ease, za a yi amfani da wannan hanyar tare da tabbatarwa bayan gogewa. In ba haka ba, idan drive yana goyan bayan Sanitize Overwrite (HDD ko SSD), to za a yi amfani da wannan hanyar tare da tabbatarwa bayan gogewa. Direbobin da ba su goyan bayan ɗayan waɗannan umarni ba ba za su iya zama NIST 800-88 R1 Purged ba, kuma TD4 zai nuna wannan iyakance yayin zaɓin nau'in gogewa.
TD4 zai tilasta cire duk wani saitin HPA/DCO/AMA da aka gano kafin a fara goge gogewar NIST 800-88 R1.
Don ƙarin cikakkun bayanai game da NIST 800-88 R1 Purge, koma zuwa SP 800-88 r1: Sharuɗɗa don Tsaftar Media wanda ke samuwa akan NIST's web site.
Lura: Amintaccen gogewa da goge goge suna da sanannen nuances, kamar haka:
Haƙiƙanin bambance-bambance tsakanin Secure Goge da Sanitize na iya zama da dabara, ya danganta da aiwatar da masana'anta. Amma, a cikin sharuddan gabaɗaya, Secure Ease ya isa ga mahalli waɗanda ba su damu da cire duk wata shaida ta bayanan da suka gabata a cikin kwakwalwan ƙwaƙwalwar ajiya ta zahiri ba. Amintaccen gogewa zai ba da garantin cewa tsarin karantawa na yau da kullun zai dawo da bayanan da aka goge kawai, amma wani wanda ke da ƙarfin ci gaba don yin nazarin tsarin ƙwaƙwalwar guntu-kashe zai iya fahimtar bayanan bit ɗin da suka gabata. Sanitize yana nufin rufe yanayin da ke buƙatar ƙarin amintaccen cire bayanai inda manyan dabarun dawo da bayanai ke da damuwa, tare da faɗuwar sa yana ɗaukar lokaci mai tsawo don kammalawa.
Amintaccen gogewa da buƙatun umarni ba sa tabbatar da yanayin ƙarshe na bayanan akan abubuwan da aka goge, wanda zai iya haifar da goge gazawar aiki waɗanda ba su da iko da TD4. Daga BuɗeText gwajin gwaji akan babban sampGirman faifai daga masana'antun daban-daban, Secure Ease zai dogara da gogewa a cikin ɗan gajeren lokaci, amma tare da mafi girman yuwuwar yanayin yanayin bayanan da ba a tabbatar da shi ba idan ya cika, wanda ke sa tabbataccen tabbaci ba zai yiwu ba. Sanitize ya tabbatar da ya zama abin dogaro wajen share duk bayanai zuwa sifili, wanda ke ba da damar tabbatarwa bayan gogewa. Idan kun fuskanci gazawar tabbatarwa ta Sanitize, tuntuɓi OpenText My Support a https://support.opentext.com don bayar da rahoton takamaiman kerawa da ƙirar tuƙi, kuma ƙungiyar Tableau za ta bincika.
50
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
4.6.2.5 Encrypting manufa da na'urorin haɗi
TD4 na iya ɓoyayyen wuri da na'urorin haɗi ta amfani da tushen kalmar sirri ta XTS-AES gabaɗayan ɓoyayyen faifai. Wannan boye-boye na tushen Tableau ya dace da Tableau TD2u Forensic Duplicator, TX1 Tableau Forensic Imager, da kuma buɗe tushen VeraCrypt mai amfani. Za'a iya saita ɓoyayyen ɓoyewa a kan inda ake nufi da na'urorin haɗi kamar yadda yake buƙatar gyara rubutu zuwa tuƙi.
Tsanaki
Tsarin boye-boye yana sake rubuta maƙasudi / kayan haɗi, don haka ku tuna don ɓoye mashin ɗin da aka nufa kafin amfani da shi a cikin aikin siye na TD4.
Don ɓoye rumbun kwamfutarka da ke haɗe zuwa wurin TD4 ko tashar haɗi, zaɓi Encrypt daga jerin zaɓi na sake saitawa. Shigar da kalmar sirrin da ake so sannan ka matsa maɓallin Fara.
Lura: TD4 tana goyan bayan sanya hannun jari ta atomatik don filayen shigarwar rubutu. Wannan yana nufin cewa harafin farko a cikin shigarwar za ta zama babba, kuma shigarwar haruffa na gaba za a canza ta kai tsaye zuwa ƙaramin harafi. Banda shi ne filayen shigar da kalmar sirri. An kashe babban jari ta atomatik don filayen shigarwar kalmar sirri don guje wa rudani da hana shigar da kalmar wucewa ba daidai ba. Ana ba da shawarar duba shigar da kalmar sirri sau biyu ta viewshigar da su cikin rubutu a sarari (ta amfani da gunkin ido a ƙarshen filin shigarwa) kafin ƙaddamarwa.
Ana iya buɗe maƙasudin rufaffiyar Tableau ko kayan haɗi tare da kalmar wucewa don ba da damar yin bincike ko hoto/mayarwa zuwa kwandon rufaffiyar.
Za a iya buɗe mashigin tushen-Tableau da kalmar sirri don ba da damar yin bincike ko hoto/mayar da ɓoyayyun abubuwan da ke cikin tuƙi zuwa inda ake nufi.
OpenText baya iya dawo da kalmomin sirri da suka ɓace don rufaffen kafofin watsa labarai na TD4, don haka ɗauki matakan da suka dace don tabbatar da cewa ba ku taɓa rasa kalmar sirrinku ba.
Don cire boye-boye daga faifai, haɗa motar zuwa wurin TD4 ko tashar kayan haɗi sannan, ba tare da buɗe ɓoyayyen ba, goge drive ɗin.
Lura: Idan an buɗe faifan drive ɗin Tableau kafin a goge, ɓoyayyen ɓoyayyen zai ci gaba da kasancewa kuma abin da ke cikin buɗaɗɗen akwati ne kawai za a goge. Idan ana son share ɓoyayyen yanayin, dole ne ɓoyayyen abin tuƙi ya kasance a kulle kafin a fara gogewa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
51
Babi na 4 Amfani da TD4
4.6.2.6 Tsara manufa da kayan haɗi
Don yin kwafin hoto zuwa ko ajiye rajistan ayyukan zuwa faifai, dole ne ka tsara wurin da aka nufa ko na'urar haɗi tare da a filetsarin da aka gane ta TD4. TD4 yana goyan bayan tsara tsarin makoma da na'urorin haɗi a cikin masu zuwa fileTsarin tsarin: exFAT, NTSF, FAT, HFS+, ko EXT4.
Lura: TD4 ba zai iya tsara abin tuƙi tare da APFS ba kuma ba zai iya rubuta wa tuƙi tare da APFS da aka rigaya ba. Za ta hau kundin tsarin APFS azaman karantawa-kawai akan duk tashoshin TD4 (tushe, makoma, da kayan haɗi). Irin wannan fileBa za a iya amfani da tsarin don kowane ayyuka da ke buƙatar rubutu ba, har ma a kan inda ake nufi da na'urorin haɗi.
exFAT ana ba da shawarar don dacewa mafi kyau lokacin samun damar tuki tare da duk tsarin aiki na zamani. An ba da shawarar EXT4 don amfani tare da kayan aikin bincike na Linux. Ana ba da shawarar HFS+ don amfani da kayan aikin bincike na MacOS.
Lura: Lokacin da aka zaɓi FAT azaman fileNau'in tsarin don tsarin tuƙi na makoma, TD4 zai tsara drive ɗin azaman FAT32. Koyaya, rajistan ayyukan aiki (gami da tsarin log ɗin) da duk abubuwan haɗin mai amfani zasu nuna wannan azaman FAT kawai. Wannan saboda TD4 yana goyan bayan karantawa daga duk nau'ikan FAT (12, 16, da 32) kuma kawai gano su duka kamar yadda FAT ke ɗaukar karɓuwa kuma daidai ga filedalilai gano tsarin.
Don tsara maƙasudi ko na'urar haɗi, haɗa tuƙi zuwa tashar TD4 da ake so sannan kuma danna kan tayal ɗin da ke hade akan allon gida na TD4. Matsa maɓallin sake saitawa a cikin sashin abubuwan da ke ciki na allon bayanan bayanan sannan sannan zaɓi Zaɓin Tsarin. Zaɓi abin da ake so filenau'in tsarin sannan ka matsa maɓallin Fara.
Lura: OpenText yana ba da shawarar kar a yi amfani da FAT azaman makoma ko kayan haɗi filetsarin. A TD4, FAT filetsarin yana iyakance zuwa iyakar fitarwa file girman 2GB kuma karanta daga ko rubuta musu yana da hankali fiye da sauran filenau'ikan tsarin. Hakanan, FAT baya goyan bayan tuƙi sama da 2TB.
4.6.3 Rufin opal
Rufin opal hanya ce ta tushen ɓoyayyen kayan aiki wanda mai kula da ke kan tuƙi ke sarrafa tare da ƙaramin tsarin hulɗar mai masaukin baki. Opal mizanin masana'antu ne wanda ƙungiyar Amintattun Ƙwallon Ƙirar (TCG) ta ƙirƙira wanda ke bayyana, a tsakanin sauran abubuwa, ƙa'idar mu'amala ga waɗannan nau'ikan ɓoyayyen kayan aiki. Waɗannan ana kiran su da fayafai masu ɓoye kansu (SEDs) kamar yadda tsarin runduna ya yi kadan fiye da samar da ƙirar gaba-gaba don sarrafa ɓoyewar. Tsarin sarrafawa akan faifan yana da alhakin ɓoyewa/ ɓoye duk bayanan da aka adana akan tuƙi da sarrafa damar zuwa gare ta.
TD4 na iya gano Opal SEDs waɗanda aka kunna ɓoyayyen su kuma zai yi gargaɗin kasancewar ɓoyewar Opal a wurare daban-daban a cikin mahallin mai amfani da rajistan ayyukan bincike. Makullin Opal ɗin da aka gano zai kasance yana da gunkin kulle ja (tare da kulle kulle) a kunne
52
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
gefen tile ɗin motar allo. Irin wannan tuƙi zai kuma haɗa da saƙon faɗakarwa kusa da saman saman bayanan bayanan tuƙi wanda ke nuna motar Opal ɗin kulle ce kuma ba za a iya karanta ta ba, kamar yadda aka nuna a hoton da ke ƙasa.
Lura cewa Motocin Opal waɗanda ba a kunna ɓoyayyen su ba za su kasance kamar na yau da kullun, abubuwan da ba a ɓoye ba.
Ƙarin abin la'akari don abubuwan tafiyar Opal wani tsari ne na musamman wanda ke fallasa MBR inuwa. Ana iya kunna wannan inuwa MBR ta hanyar tuƙi/tsarin masu haɓakawa don fallasa ƙaramin yanki na abin tuƙi azaman akwati mara rufaffiyar, wanda ke ƙetare babban bayanan tuƙi da aka gabatar ga mai watsa shiri. Halin yanayin amfani na yau da kullun don wannan ƙayyadaddun shine don baiwa masana'antun kwamfuta damar neman takaddun shaida daga mai amfani kafin bayyana babban ɓangaren tuƙi. Ko da kuwa yanayin amfani, yana da mahimmanci a iya gano yanayin da kawai inuwa MBR ya bayyana, don tabbatar da cewa ba a ganin duk abin da ke cikin drive ɗin. TD4 zai gano lokacin da aka kunna Opal inuwa MBR, kuma a fili ya sanar da kasancewar sa. Alamar kulle za ta nuna a cikin tayal ɗin tuƙi da abin ya shafa akan allon gida, kuma kasancewar Opal MBR za a kira shi a fili a cikin bayanan bayanan tuƙi. A halin yanzu, gudanar da ɓoyayyen Opal baya samun goyan bayan TD4 (gami da buɗe ɓoyayyen Opal da naƙasasshiyar inuwar Opal MBR). Da fatan za a tuntuɓi Taimakon Abokin Ciniki na OpenText don zaɓuɓɓukan saye don irin waɗannan abubuwan tafiyarwa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
53
Babi na 4 Amfani da TD4
Tsanaki
Nau'in tashar docking na'urorin da ke da faifan Opal a cikinsu dole ne su goyi bayan izinin wucewa ta ATA don TD4 don gano kasancewar ɓoyewar Opal daidai. Tashoshin docking waɗanda ba sa goyan bayan wucewar umarni na ATA na iya gabatar da makullan kafofin watsa labarai na Opal kamar yadda duk sifili ba tare da wata alamar ɓoyewar Opal a cikin mai amfani da TD4 ba. Yi taka tsantsan lokacin samun kowane kafofin watsa labarai ta tashar jirgin ruwa. Idan kuna zargin tuƙi a tashar docking ɗin Opal ɓoyayye ne amma ba a gabatar da shi ta wannan hanyar a cikin ƙirar mai amfani da TD4, cire abin tuƙi daga shingen da haɗa shi kai tsaye zuwa TD4 na iya haifar da sakamakon da ake so.
4.6.4 APFS da BitLocker boye-boye
TD4 na iya gano kasancewar filerufaffen tsarin tare da APFS na Apple da ɓoyayyen BitLocker na Microsoft. Waɗannan hanyoyin boye-boye sun shafi kawai filetsarin, wanda ya bambanta da cikakkun (ko gabaɗayan) hanyoyin ɓoyayyen faifai waɗanda ake amfani da su a matakin tuƙi, ba tare da la'akari da tsarawa ba. A sakamakon haka, nuna kasancewar APFS da BitLocker boye-boye akan TD4 ana yin su daban da sauran nau'ikan ɓoyayyen ɓoyayyen diski (Tableau da Opal).
TD4 zai nuna kasancewar APFS da ɓoyewar BitLocker a cikin filetsarin fale-falen buraka da aka nuna akan allon bayanan tuƙi, kamar yadda aka nuna a hotunan kariyar kwamfuta da ke ƙasa.
Lura: Ba kamar sauran cikakkun hanyoyin ɓoyayyen faifai ba (Tableau da Opal), masu tafiyarwa tare da APFS da BitLocker rufaffen. fileAna iya samun tsarin jiki (aikin kwafi) a cikin kulle-kulle, sannan a buɗe su yayin matakan aikin bincike na gaba ta amfani da kayan aikin kamar OpenText EnCase Forensic.
54
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.6. Viewtushe da wuraren zuwa
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
55
Babi na 4 Amfani da TD4
Lura: Ba kamar sauran cikakkun hanyoyin ɓoyayyen faifai ba (Tableau da Opal), masu tafiyarwa tare da APFS da BitLocker rufaffen. fileAna iya samun tsarin jiki (aikin kwafi) a cikin kulle-kulle sannan a buɗe su yayin matakan aikin bincike na gaba ta amfani da kayan aikin kamar OpenText's EnCase Forensic.
4.7 Bincike
Ayyukan bincike yana ba da hanya mai sauƙi don view abun ciki na wani sakawa filetsarin. Don lilo a filetsarin, matsa tayal ɗin da ake so daga allon gida. Za a nuna allon bayanan tuƙi don abin da aka zaɓa. Don tuƙi tare da aƙalla hawa ɗaya filetsarin, sashin abubuwan da ke ciki na allon bayanan tuƙi zai nuna cikakken bayani game da ɓangaren (s) /filetsarin (s), da kuma a fileZa a nuna katin tsarin da ke nuna mahimman bayanai ga kowane filetsarin. Don bincika abin da aka bayar filetsarin, kawai danna filekatin tsarin daga sashin abubuwan da ke ciki na allon bayanan bayanan, wanda zai nuna tsarin bincike. A sampAna nuna tsarin bincike a ƙasa.
56
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.7. Yin lilo
Babban ɓangaren taga mai bincike zai nuna filebayanan tsarin, sannan na yanzu file hanya. Hanyar farawa koyaushe shine tushen tushen filetsarin, kamar yadda aka nuna ta slash na gaba (/) a sama kawai filesashin abun ciki na tsarin. Za a sabunta wannan bayanin hanyar yayin da ake kewaya manyan fayiloli zuwa ko da yaushe suna nuna hanyar yanzu.
A cikin sashin burauzar allo, zaku iya gungurawa sama da ƙasa zuwa view jerin kundayen adireshi da files. Ana kuma kunna gungura dama/hagu idan fileSunaye suna da tsayi kuma sun kashe allon. Girman kowanne file ana nunawa a cikin baka a ƙarshen filesuna.
Don buɗe kundayen adireshi ɗaya, danna sunan directory sau biyu ko danna directory ɗaya don zaɓar, sannan danna gunkin buɗaɗɗen directory. Matsa gunkin directory sama
ja da baya daga kundin adireshi.
Don inda ake nufi da na'urorin haɗi, ana iya ƙirƙirar sabbin kundayen adireshi da kundayen adireshi/ files za a iya sharewa. Don ƙirƙirar sabon kundin adireshi, kawai danna alamar ƙirƙira kuma shigar da sabon sunan directory. Don share directory ko file, danna directory guda ɗaya ko file don zaɓar, sannan ka matsa gunkin sharewa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
57
Babi na 4 Amfani da TD4
4.8 Bayanin shari'a
Bayanin shari'a muhimmin sashi ne na kowane bincike na dijital. Lokacin da aka shigar akan TD4, za a nuna bayanan shari'a a cikin mahimman wurare a duk faɗin mahaɗin mai amfani yayin aiwatar da aikin kuma a kama shi a cikin rajistan ayyukan bincike. Wannan yana ba da damar sauƙaƙe alaƙar mahimman kayan tarihi na siye tare da takamaiman lokuta yayin bincike.
Don shigar da bayanan shari'a, faɗaɗa tayal ɗin aikin Bayanin Case daga allon gida. Matsa kowane filin don shigar da rubutun da ake so. Lura cewa filayen shigarwar rubutu akan TD4 suna raye. Wannan yana nufin abin da ka rubuta zai sami ceto ta atomatik lokacin da kake kewayawa daga filin shigarwar rubutu, ba tare da buƙatar ajiye sabuwar shigarwar a sarari ba.
Ana iya shigar da bayanan shari'o'i masu zuwa akan TD4: Sunan Mai jarrabawa, ID na shari'a, da Bayanan kula.
A kasan tayal ɗin aikin Bayanin Case akwai akwatin zaɓi wanda zai fitar da hanzari don shigar da Bayanan Aiki a farkon kowane aiki. Lokacin da aka duba wannan akwatin, babban allon saiti zai bayyana kafin fara kowane aiki wanda zai ba da damar shigar da Bayanan Aiki. Wannan yana ba da damar takamaiman bayani game da takamaiman yanki na shaida na dijital da za a shigar da kuma kama shi a cikin rajistar bincike na kowane aiki.
4.9 Kwafi
TD4 za ta kwafi hanyar tuƙi guda ɗaya zuwa abubuwan tuƙi guda biyar. Za a iya haɗa tushen guda ɗaya kawai a lokaci guda don haka aikin bincike ɗaya ne kawai za a iya gudanar da shi a lokaci guda. Don aikin da aka ba shi, wuraren da aka nufa na iya zama haɗuwa na kwafi na cloned da hoto.
Lura: Wannan sashe yana mai da hankali ne kan ayyukan kwafi gabaɗaya, wanda kuma aka sani da hoton jiki. Dubi "Hoton Ma'ana" a shafi na 68 don cikakkun bayanai kan waccan hanyar siye.
Kafin fara kowane aikin bincike, TD4 yana bincika ƙa'idodi ta atomatik. Waɗannan sharuɗɗan suna da alaƙa da takamaiman sigogin saitin aiki waɗanda zasu iya tasiri ikon TD4 don aiwatar da aikin da ake so. Wasu sharuɗɗa suna samar da faɗakarwa waɗanda ke bayyana a cikin faɗuwar tayal aiki akan allon gida. Wasu daga cikin waɗannan gargaɗin suna buƙatar canje-canje kafin samun damar fara aikin, yayin da wasu na da bayanai kuma ba sa hana aikin farawa. Ga kowane precondition cak wanda zai iya buƙatar canje-canje, babban allon saiti zai bayyana bayan danna maɓallin Fara don ba da damar daidaita saitunan da suka dace kafin fara aikin.
58
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.9. Kwafi
4.9.1 Cloning
Clone, wanda kuma aka sani da kwafin diski-zuwa-faifai, yana yin ainihin kwafin abin tuƙi zuwa inda ake nufi.
TD4 za ta zaɓi clone ta atomatik don duk wuraren da ba a iya gano su ba filetsarin. Idan an haɗa kowane irin waɗannan wuraren, saƙon bayanai zai bayyana a cikin faɗuwar fale-falen aikin Duplicate akan allon gida don nuna cewa waɗancan faifan za su zama clones.
Lura: Alamar tana nuna ba a iya ganowa filetsarin kuma za'a nuna su kusa da saƙon bayanin clone a cikin faɗuwar fale-falen aikin Duplicate da kuma gefen hagu na kowane fale-falen fale-falen buraka. Waɗancan nau'ikan abubuwan tuƙi masu zuwa koyaushe za su zama clone na tuƙin tushen.
Zai fi dacewa a goge kafofin watsa labaru kafin yin kwafin su saboda wannan na iya taimakawa wajen gano hanyoyin da za su iya yin lahani da kuma ɓangarori marasa kyau, kuma yana iya rage haɗarin haɗe-haɗe da kwafi na clone tare da tsayayyen bayanai.
Lura cewa, a farkon clone da mayar da ayyukan yi, TD4 yana shirya tafiyar tafiya ta hanyar shafe sassan 0, 1, da kuma ƙarshen-drive debe 1. Wannan yana tabbatar da cewa babu wani bayanan tebur na tsattsauran ra'ayi akan drive, wanda ya rage yiwuwar yiwuwar. na abubuwan gano tuƙi a ƙarshen aikin.
Lura: Saboda bayanin tebur na ɓangaren yana da alaƙa da girman sashin tushen abin tuƙi, ba a yarda cloning zuwa wurin tuƙi tare da girman sassa daban-daban. TD4 zai gano wannan batun rashin daidaituwa girman sashin kuma ya gargadi mai amfani. Wannan yanayin zai buƙaci gyara kafin a fara aikin clone.
4.9.2 Hoto
Hoton, wanda kuma aka sani da diski-to-file Kwafi, kwafi tushen tuƙi zuwa jerin files (wani lokaci ana kiransa segments) akan tuƙi mai zuwa. TD4 yana goyan bayan EnCase file Formats Ex01 da E01 da raw file tsarin dd da dmg. Don nau'ikan fitarwa na Ex01 da E01, ana tallafawa matsawa kuma ana kunna ta ta tsohuwa.
Don hoto file fitarwa, matsakaicin girman yanki za a iya saita shi a cikin saitunan tsarin zuwa kowane ɗayan masu zuwa: 2 GB, 4 GB, 8 GB, ko Unlimited. Ƙananan sassa suna ƙirƙirar ƙarin sashi files da Unlimited suna haifar da babba ɗaya file sashi.
Note: Ba duka hoto bane file Zaɓuɓɓukan girman suna samuwa a kowane yanayi. Sakamakon filetsarin magance gazawar, FAT32 tsararrun wuraren da aka tsara suna da iyaka file girman 2 GB.
Idan direban da aka nufa ya yi ƙasa da tushen, hoton dd ko dmg ba zai dace da tuƙin da aka nufa ba. Koyaya, idan kuna amfani da Ex01 ko E01, tushen tushen yana iya dacewa akan ƙaramin faifai saboda waɗannan nau'ikan suna iya damfara bayanan kafin rubutawa zuwa inda ake nufi. Babu tabbacin cewa za a matsa bayanan da za su dace a kan ƙaramin tuƙi, musamman ma a lokuta da yawancin bayanan ba su iya haɗawa kamar bayanan ɓoyewa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
59
Babi na 4 Amfani da TD4
Lura: Yi hankali lokacin ƙoƙarin yin hoton tuƙi zuwa girman guda ɗaya ko ƙarami na tuƙi, koda an kunna matsi. Hoto file Tsarin yana ƙara sama kuma, idan an haɗa su tare da bayanan da ba za a iya haɗawa ba (kamar rufaffiyar bayanai), ana iya buƙatar babbar hanyar tafiya.
Idan akwai fileTsarin sararin samaniya akan tuƙi mai zuwa yana da girman girman ko ƙarami fiye da tushen tuƙi don aikin hoto (tsarin Ex01 ko E01), kuma an kashe matsawa, TD4 zai hana fara aikin. Kunna matsawa da/ko amfani da wuri mai ƙarin samuwa filesararin tsarin don samun damar fara irin wannan aikin.
4.9.3 Yin kwafi
Don yin kwafi:
1. Bi matakan da aka jera a “Connecting Drives” a shafi na 27 don haɗa tushen tuƙi da mashigar (s) zuwa gaba.
2. Tabbatar da cewa an tsara duk abubuwan da za a yi amfani da su bisa ga nau'in kayan aikin kwafi da ake so ga kowane tuƙi. Wuraren da suke da filetsarin zai karɓi hoto ta atomatik file rubuta fitarwa bisa ga 'Duplicate' File Nau'in saitin tsarin (Ex01, E01, DD, ko DMG). Wuraren da ba su da ganewa fileTsarukan za su karɓi clone ta hanyar tuƙi ta atomatik.
Lura: Lokacin a'a fileAna gano tsarin akan hanyar da aka nufa, injin ɗin zai karɓi clone ta hanyar tuƙi ta atomatik. A wannan yanayin, saƙo zai bayyana a cikin tayal ɗin Duplicate kafin fara aiki kuma ƙaramin gunki zai bayyana a wurin kuma akan tayal ɗin allo don nuna cewa drive ɗin zai zama clone. Wannan alamar kuma za ta kasance a kan tayal ɗin tuƙi mai zuwa a cikin allon matsayin aiki.
3. Fadada tayal ɗin aikin Duplicate akan allon gida. Za a nuna taƙaice na babban saitunan aiki tare da kowane saƙon gargaɗi masu dacewa, kamar yadda ake iya gani a hoton da ke ƙasa. Tabbatar da saitunan, warware duk wani gargadi na toshewa, sannan ka matsa maɓallin Fara. Idan babu wani saitin da aka saita don faɗakarwa kuma babu wasu batutuwan daidaita aikin da ake buƙatar warwarewa, aikin zai fara, kuma za a nuna allon matsayin aikin.
60
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.9. Kwafi
Idan an saita kowane saitunan aiki zuwa Gaggawa, allon saitunan ci gaba zai bayyana wanda zai ba da damar zaɓi na takamaiman saitunan da ake so don aikin mai zuwa. Zaɓin Sauƙaƙe yana samuwa don saitunan tsarin masu zuwa: Hashes, 'Duplicate' File Buga, Tabbatar da sake dawowa, da Gyara Clones.
Idan akwai wasu batutuwa tare da saitin aiki / daidaitawa wanda TD4 yayi la'akari da cewa yana toshewa ko kuma yana da mahimmanci, allon saitunan ci gaba zai bayyana kuma ya ba da bayani game da batun da ikon gyara shi, idan zai yiwu. ExampMatsalar daidaitawa shine idan an zaɓi SHA-256 hash tare da E01 file nau'in fitarwa. E01 baya goyan bayan hashes SHA-256.
Hoton da ke ƙasa wani tsohon neampna babban allon saiti don aikin Kwafi tare da saitin gaggauwa (Tabbatar karantawa) da kuma batun mahimmancin bincike (DCO yana nan akan tushe).
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
61
Babi na 4 Amfani da TD4
Da zarar an warware/tabbatar da duk saitunan saitin allo na ci gaba, matsa maɓallin Fara don fara aikin Kwafi.
4. Bayan an fara aikin Kwafi, allon matsayin aiki zai bayyana, kamar yadda aka nuna a ƙasa.
62
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.9. Kwafi
Kuna iya soke aiki mai aiki ta danna Cancel a kusurwar dama-kasa na allon matsayin aikin. Hakanan kuna iya fitar da log ɗin aiki daga wannan allon (har ma don ayyukan da ba su ci gaba ba, idan ana so) ta danna maɓallin fitarwa a kusurwar hagu na ƙasa sannan zaɓi wurin da ake so ko kayan haɗi /filetsarin.
Ana nuna tushen da abubuwan tuƙi da aka yi amfani da su a cikin aiki kusa da kasan allon matsayin aikin. Waɗannan katunan tuƙi suna ba da ainihin bayanan tuƙi, kamar sunan tashar jiragen ruwa da aka haɗa, girman girman abin tuƙi, da ko dai ID ɗin Evidence (idan an shigar da shi) ko lambar ƙirar motar.
Lura: Ana iya taɓa katunan tuƙi a allon matsayin aiki don nuna cikakken bayanin tuƙi. Duk da haka, a lokacin da drive bayanai ne viewed daga wannan yanki, ana ɗaukar bayanan tarihi kamar yadda aka fara aikin, kamar yadda aka nuna ta kwanan wata da bayanin lokaci a saman kusurwar dama na allon bayanan tuƙi. Wannan yana nufin cewa canje-canjen don fitar da bayanai yayin aikin (kamar rage sarari kyauta akan tuƙin da aka nufa) ba za a nuna su ba da kuma bincika duk wani wanda aka saka. filetsarin yana kashe. Don ganin sigar kai tsaye na bayanan tuƙi kuma don samun damar yin lilo da aka ɗora fileTsarukan (ko da a lokacin aiki mai aiki), yi amfani da fale-falen fale-falen buraka akan allon gida don samun damar allon bayanan tuƙi.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
63
Babi na 4 Amfani da TD4
Gumaka za su bayyana akan katunan tuƙi na allo na matsayin aikin don samar da alamar-kallo na abubuwa kamar babu ganowa filetsarin yanzu , HPA/DCO/AMA a wurin , ko gaban boye-boye na Tableau (kulle ko buɗe) .
Lura: Hanya mai sauƙi don gaya wa waɗanne hanyoyin tafiyar da ke samun irin nau'in fitowar aikin Kwafi (clone ko hoto) shine a nemi 'a'a fileicon system' a saman-dama na katunan tuƙi masu zuwa akan allon matsayin aiki. Ganin wannan alamar yana nufin cewa drive za a sanya clone na tushen drive.
4.9.4 Files halitta a lokacin faifai-to-file kwafi
Lokacin yin aikin kwafi na tushen hoto, TD4 yana ƙirƙira files (wani lokaci ana kiransa segments) akan hanyar da aka nufa wacce ke ɗauke da bayanan da aka kwafi daga faifan.
An rubuta ɓangarori zuwa wurin da aka nufa bisa ga yarjejeniya mai zuwa (Fitowar Ex01 da aka nuna azaman example): ku
[directory_name]/
[filesuna].Ex01
[filesuna].Ex02
.
.
.
[filesuna].Ex99
[filesuna].log.html
[filesuna].td4_packed_log
[directory_name] an bayyana shi a cikin Shaidar File Saitin Jagorar Hanya. Matsakaicin ƙimar shine /td4_images/%d_%t/, inda %d shine kwanan wata kuma %t shine lokacin yanzu a farkon aikin Kwafi.
[filesuna] an bayyana shi a cikin Shaidar File Hanya Filesaitin suna. Ƙimar tsoho shine hoto.
[filesuna].Ex01 (ko .E01 ko, don abubuwan dd/dmg, .001) shine kashi na farko ko ɓangaren bayanan da aka kwafi daga tushen tushen. Duk sauran sassan suna da daidaitattun sunaye na jeri (misaliampda, [filesuna].Ex02, [filesuna].Ex03, da sauransu). Lura cewa, don ayyukan da aka soke ko gazawa, ana iya samun [filesuna].Ex01.bangare file a cikin kundin fitarwa.
Lura: Max File Saitin tsarin girman zai ƙayyade girman ɓangaren fitarwa files. Zaɓuɓɓukan sune 2GB, 4GB, 8GB, da Unlimited. Bayanin
64
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.9. Kwafi
sama game da sashi file Yarjejeniyar suna ya shafi kowa amma saitin Unlimited. Don Unlimited, TD4 zai kama duk bayanan tuƙi a cikin babban yanki ɗaya file akan kowace manufa tare da tsawo na .EX01, .E01, ko, don dd/dmg, .001. Hakanan, saboda FAT32 fileƘayyadaddun tsarin, idan an tsara kowane ɗayan wuraren da aka tsara a matsayin FAT32, duk wuraren da za su sami kashi 2GB. files.
TD4 yana haifar da [filesuna].log.html file ga kowane aikin hoto. Wannan shi ne tsarin bincike na kowane aiki. Hakanan yana haifar da [filesuna].TD4_packed_log file, wanda za a iya amfani da shi don tabbatar da ainihin hoton ko don mayar da hoto file zuwa tsarin tuƙi na asali.
4.9.5 Tsayawa da ci gaba da aikin kwafi
A wasu yanayi, za a iya adana adadi mai yawa na lokacin hoto ta samun damar tsayawa da kuma ci gaba da aikin kwafi. Kuma asarar sa'o'i na lokacin daukar hoto saboda asarar wutar lantarki da ba zato ba tsammani na iya zama mai takaici da rashin inganci. TD4 ya rufe ku, yana ba da hanyoyin da za a dakatar da ci gaba da ayyukan hoto tare da fitarwa mai zuwa file Tsarin: e01, ex01, dd, da dmg.
Don dakatar da aikin hoton kwafin aiki, kawai danna maɓallin Dakata kusa da saman allon halin aiki kuma tabbatar da sha'awarka na dakatar da aikin. Za a dakatar da aikin, kamar yadda aka nuna a hoton da ke ƙasa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
65
Babi na 4 Amfani da TD4
Don ci gaba da aikin da aka dakatar, danna maɓallin Play kusa da saman allon matsayin aikin. Idan allon matsayin aikin aikin da aka dakatar ba a nuna shi a halin yanzu, ana iya sake nuna shi ta danna kan aikin da aka dakatar a cikin jerin Ayyukan Aiki.
Lura: Idan an dakatar da aikin hoto kuma an fara sabon aikin Duplicate, wannan sabon aikin zai fara daga farko. Don ci gaba da aikin da aka dakatar a baya, dole ne ku nemo aikin da aka dakatar a cikin jerin Ayyukan Aiki sannan ku taɓa shi don nuna allon matsayin aikin sa kafin danna maɓallin Play.
Idan maɓallin Play ɗin ya yi launin toka akan allon matsayin aiki na aikin da aka dakatar a baya, yana iya nufin cewa yanayin aikin bai zama ɗaya da na gabanin dakatarwar ba. Wannan na iya haɗawa da bayyananniyar yanayi kamar asalin tushen asali da abubuwan tafiyar da babu inda suke. Wani dalili mai yuwuwa na maɓallin Play mara aiki shine idan wurin da aka ɓoye cikakken faifan faifai ne kuma naúrar tana yin keken keke bayan dakatawar farko, kuma ba a buɗe ɓoyayyen ɓoyayyen bayan an kunna wuta ta gaba ba. Gabaɗaya, bincika don tabbatar da cewa yanayin aikin daidai yake kafin yunƙurin ci gaba da aikin da aka dakatar a baya.
TX1 kuma yana goyan bayan ci gaba da aiki bayan asarar wutar lantarki. Don nau'ikan ayyuka masu tallafi (e01, -ex01, ¬dd, ¬dmg), idan wuta ta ɓace ba zato ba tsammani yayin aikin hoto (ciki har da kashe hannun hannu daga maɓallin wuta na dogon lokaci), ana iya ci gaba da shi.
66
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.9. Kwafi
bayan an dawo da wutar lantarki. Don ci gaba da aiki bayan abin da ya faru na asarar wutar lantarki, tabbatar cewa an haɗa na'urori na asali zuwa TD4 kafin kunna shi. Sannan nemo aikin da aka dakatar a allon Tarihin Ayuba. Lura cewa ayyukan da aka dakatar za su nuna tare da wani ɓangaren da aka kammala shudin matsayi. Matsa aikin da aka dakatar don view allon halin aikin sa, sannan danna maɓallin Play don ci gaba da aikin.
Rubutun bayanan shari'a na ayyukan da aka dakatar da ci gaba za su samar da wasu takamaiman bayanai na musamman. Bayanin ya bambanta dan kadan dangane da tushen taron dakatarwa (da hannu farawa ko asarar wuta). A cikin yanayin taron dakatarwar da hannu, za a ƙara layi a cikin log ɗin don nuna kwanan wata da lokacin taron. Kowane dakatawar na gaba (idan an fara da hannu) kuma an ci gaba da taron ana shiga, yana ba da cikakken kamannin adadin dakatawar/ci gaba da hawan keke da suka faru yayin aikin. Lokacin da asarar wutar lantarki ba zato ba tsammani ya zama sanadin dakatarwa, babu lokacin da tsarin zai iya shiga lokacin dakatarwa kafin a rufe, ta yadda ba a samu bayanai ba don haka ba a saka su cikin log ɗin ba. A wannan yanayin, ana ƙara saƙo a cikin log ɗin bayan an dawo da aikin don nuna cewa bayanan dakatawar da suka ɓace na iya yiwuwa saboda asarar wutar lantarki, kuma ba a ƙididdige lokacin aikin da ya wuce, tunda ba za a iya tantance shi daidai ba. Login mai zuwa sample yana nuna an dakatar da asarar wutar lantarki da aka kammala. Lura cewa, idan wannan ya kasance aikin dakatarwa/ci gaba da hannu, layin da ke da yuwuwar gargadin asarar wuta za a maye gurbinsa da filin da aka dakatar, tare da kwanan wata da lokacin taron dakatarwa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
67
Babi na 4 Amfani da TD4
4.10 Hoto mai ma'ana
TD4 yana ba da damar yin amfani da manyan fayilolin tuƙi na tushen hoto da hankali files daga ganowa filetsarin. Lokacin amfani da haɗin gwiwa tare da hoton faifai na zahiri, hoto mai ma'ana yana ba da damar samun tushe cikin sauri file bayanai, samar da masu amfani da TD4 ikon daidaita daidaito tare da lokacin saye da ƙoƙari don buƙatun da aka bayar.
Ayyukan hoto na ma'ana na TD4 zai haifar da ma'aunin masana'antu Lx01 shaida ma'ana files, waɗanda suka dace da EnCase Forensic da sauran kayan aikin bincike na yau da kullun na dijital. Kowane aikin hoto mai ma'ana kuma zai ƙirƙiri bayanan bincike file, da a file tsawo na .log.html. Don cikakkun bayanai kan duk fitowar hoto mai ma'ana files, gani"Files halitta yayin aikin hoto mai ma'ana" a shafi na 73.
TD4logical Hoto yana samun duka files/ manyan fayiloli akan tushen filetsarin ba tare da damar saukar da zaɓi ko takamaiman manufa ba files/ manyan fayiloli kamar yadda zai yiwu akan TX1. Har ila yau ana ɗaukar hoto na ma'ana na TD4 a matsayin zaɓi mai mahimmanci don yanayi mai saurin lokaci inda samun cikakken hoton abin tuƙi ba zai yiwu ba ko kuma a yi tsalle. file nazari/kalami yayin da ake samun hoton zahiri na biyu.
Saboda gaskiyar cewa tushen file Ba a ƙayyade damfara bayanai ba kafin fara aikin hoto mai ma'ana, ba zai yiwu a tantance da tabbaci ba idan bayanan daga tushe filetsarin zai dace a inda ake nufi filetsarin. Sakamakon haka, TD4 yana gargadin mai amfani kawai cewa makoma na iya zama ƙanƙanta lokacin da sararin da aka yi amfani da shi filetsarin ya fi girma fiye da samuwa sararin samaniya a kan manufa, kuma har yanzu ana iya fara aikin. Koyaya, idan bayanan tushen ba su da ƙarfi sosai (ko kuma idan an kashe matsawa), yana yiwuwa ga inda ake nufi. filetsarin ya cika, don haka yana haifar da gazawar aikin.
Lura: Yi taka tsantsan lokacin yunƙurin yin hoto ta asali daga tushe filetsarin zuwa ƙarami manufa filetsarin. Idan bayanan tushen ba su da ƙarfi, aikin na iya gazawa saboda rashin sarari a wurin da ake nufi.
Ba kamar aikin kwafi na zahiri ba, zaɓin tanadin tushen tuƙi DCO/AMA (cire shi sannan sake amfani da shi a ƙarshen aikin) ba ya wanzu a cikin hoto mai ma'ana. Kasancewar DCO ko AMA zai kasance a bayyane (kowace gargadi a wurare da yawa), amma DCO/AMA za a buƙaci a cire su ta dindindin ta amfani da Cire HPA/DCO/AMA mai amfani kafin samun dama ga duk sassan kafofin watsa labarai.
Filekurakuran karanta tsarin da aka ci karo da su yayin ayyukan hoto na ma'ana na iya haifar da halayen saye mara tabbas. Lokacin da suka faru, irin waɗannan kurakurai ana nuna su ta hanyar jan saƙon gargaɗi a saman sashin ci gaban Hoto na Ma'ana na allon matsayin aiki. TD4 zai tsallake kowane file wannan yana haifar da kuskuren karantawa kuma zai yi ƙoƙarin karanta duk abin da ya rage files. Fitowar CSV zai nuna matsayin kuskure ga kowane files da ba a samu ba. Idan kun haɗu filetsarin karanta kurakurai yayin aikin hoto mai ma'ana, muna ba da shawarar cewa ku haɗa ko hoto ta zahiri (e01, ex01, dd, dmg) maimakon ƙoƙarin yin hoto mai ma'ana.
68
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.10. Hoto na ma'ana
4.10.1 Yin hoto mai ma'ana
Don yin hoto mai ma'ana:
1. Bi matakan da aka jera a cikin "Connecting Drives" a shafi na 27 don haɗa tushen da abubuwan tafiyarwa.
2. Tabbatar cewa duk inda za'a zagaya yana da aƙalla mai hawa ɗaya filetsarin. Wuraren da suka hau filetsarin zai karɓi hoton Lx01 file fitarwa. Wuraren da ba su da ganewa fileTsarukan ba za su sami wani fitarwa daga aikin Hoton Ma'ana ba.
Lura: Kowane wurin da ake amfani da shi a cikin aikin Hoto na Ma'ana dole ne ya kasance yana da a filetsarin don adana sakamakon saye da aka samu files. Idan ɗaya daga cikin abubuwan da aka makala makala ba su da abin ganowa filetsarin, saƙon gargaɗi zai bayyana a sama da maɓallin Fara yana nuna cewa dole ne a sami inda ake nufi filetsarin. Idan akwai aƙalla tuƙi guda ɗaya tare da a filetsarin, aikin Hoton Ma'ana mai yiwuwa har yanzu ana iya farawa, amma kawai wuraren da suka hau filetsarin zai karbi shaidar fitarwa files.
3. Fadada tayal aikin Hoto na Ma'ana akan allon gida. Za a nuna taƙaice na babban saitunan aiki tare da kowane saƙon gargaɗi masu dacewa kamar yadda ake iya gani a hoton da ke ƙasa. Tabbatar da saitunan, warware duk wani gargadi na toshewa, sannan ka matsa maɓallin Fara. Idan babu wani saitin da aka saita don faɗakarwa kuma babu wasu batutuwan daidaita aikin da ake buƙatar warwarewa, aikin zai fara, kuma za a nuna allon matsayin aikin.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
69
Babi na 4 Amfani da TD4
Idan an saita kowane saitin aikin zuwa Gaggawa, babban allon saiti zai bayyana wanda zai ba da damar zaɓin takamaiman saitunan da ake so don aikin mai zuwa. Zaɓin Sauƙaƙe yana samuwa don saitunan tsarin masu zuwa masu alaƙa da Hoto Mai Ma'ana: Hashes da Tabbatarwa Mai Karatu.
Idan akwai wasu batutuwa tare da saitin aikin Hoto na Ma'ana / daidaitawa wanda TD4 yayi la'akari da cewa yana toshewa ko kuma yana da mahimmanci, allon saitunan ci gaba zai bayyana kuma ya ba da bayani game da batun da ikon gyara shi, idan zai yiwu. ExampMatsalar daidaitawa shine idan an zaɓi SHA-256 a cikin saitunan tsarin. LX01 baya goyan bayan SHA-256 hashing.
Hoton da ke ƙasa wani tsohon neampna babban allon saiti don aikin Hoto Mai Ma'ana tare da saitin Gaggawa (Tabbatar Karantawa) da kuma batun mahimmancin bincike (SHA-256 da aka zaɓa). Lura cewa abubuwan da suka haifar da nunin allon saitin ci-gaba kai tsaye ana nuna su azaman faɗaɗa amma sauran abubuwan saiti masu yuwuwar suma zasu bayyana a wannan allon ba a faɗaɗa ba.
70
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.10. Hoto na ma'ana
Da zarar an warware/tabbatar da duk saitunan saituna na ci gaba, matsa maɓallin Fara don fara aikin Hoton Ma'ana.
Lura: Kamar yadda aka nuna ta saƙon bayanin da ke cikin hoton sikirin da ke sama ("Wannan shine tsohowar tsarin ku"), duk lokacin da aka canza saiti a cikin babban allon saiti a matsayin wani ɓangare na saitin takamaiman aiki, wanda yayi daidai da canza wannan saitin a ciki. babban menu na Saituna.
4. Bayan an fara aikin Hoto na Ma'ana, allon matsayin aikin sa zai bayyana, kamar yadda aka nuna a kasa.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
71
Babi na 4 Amfani da TD4
Yawan files samu a kan tushen filetsarin tare da jimlar girman wadanda files yana nunawa a ƙarƙashin sashin kai na allon matsayi na aiki, sama da ma'aunin ci gaban Hoto na Ma'ana. Lura cewa TD4 hoto mai ma'ana yana samun duka files/ manyan fayiloli akan tushen filetsarin ba tare da damar saukar da zaɓi ko takamaiman manufa ba files/ manyan fayiloli kamar yadda zai yiwu akan TX1.
Kuna iya soke aikin Hoto Mai Ma'ana ta danna Soke a kusurwar dama ta ƙasa na allon matsayin aikin. Hakanan zaka iya fitarwa da log log daga wannan allon (har ma don aikin ci gaba, idan ana so) ta danna maɓallin fitarwa a kusurwar hagu na ƙasa sannan zaɓi wurin da ake so ko kayan haɗi /filetsarin.
Ana nuna tushen da wuraren da ake amfani da su a cikin aikin Hoton Ma'ana kusa da kasan allon matsayin aikin. Waɗannan katunan tuƙi suna ba da ainihin bayanan tuƙi, kamar sunan tashar jiragen ruwa da aka haɗa, girman girman abin tuƙi, da ko dai ID ɗin Evidence (idan an shigar da shi) ko lambar ƙirar motar. Alamomi za su bayyana akan waɗannan katunan tuƙi don samar da alamar-kallo na abubuwa
kamar babu ganowa filetsarin yanzu, HPA/DCO/AMA a wurin, ko kuma
kasancewar boye-boye na Tableau (kulle ko buɗe) .
Lura: Ana iya taɓa katunan tuƙi a allon matsayin aiki don nuna cikakken bayanin tuƙi. Duk da haka, a lokacin da drive bayanai ne viewed daga
72
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.10. Hoto na ma'ana
wannan yanki, ana ɗaukar bayanan tarihi kamar yadda aka fara aikin, kamar yadda aka nuna ta kwanan wata da bayanin lokaci a saman kusurwar dama na allon bayanan tuƙi. Wannan yana nufin cewa canje-canjen don fitar da bayanai yayin aikin (kamar rage sarari kyauta akan tuƙin da aka nufa) ba za a nuna su ba da kuma bincika duk wani wanda aka saka. filetsarin yana kashe. Don ganin sigar kai tsaye na bayanan tuƙi kuma don samun damar yin lilo da aka ɗora fileTsarukan (ko da a lokacin aiki mai aiki), yi amfani da fale-falen fale-falen buraka akan allon gida don samun damar allon bayanan tuƙi.
4.10.2 FileAn ƙirƙira yayin aikin hoto mai ma'ana
Lokacin yin hoto mai ma'ana akan TD4, mabambanta daban-daban fileAna iya fitar da s zuwa kowace manufa dangane da tsarin aikin, kamar haka:
· {image_name}.Lx01, {image_name}.Lx02, da dai sauransu su ne shaidun bincike. files don aiki. Sun ƙunshi duk bayanai da metadata ga kowane file da babban fayil samu.
· {image_name}.csv ƙimar waƙafi ce file wanda ya ƙunshi takamaiman metadata ga kowane file da kuma babban fayil samu. Irin wannan file ana iya shigo da su cikin sauƙi cikin aikace-aikacen sarrafa bayanai na gama gari kamar Microsoft Excel. CSV file Ana iya samun abubuwan da ke cikin bayanai da bayanan tsari a cikin “Source file metadata" a shafi na 73.
· {image_name}.log.html yana ƙunshe da bayanan bincike na aikin hoto na hankali.
· {image_name}.TD4_packed_log yana ƙunshe da kwafin TD4 da za a iya karantawa na log ɗin binciken da za a iya amfani da shi don tabbatar da Lx01 kaɗai. file saita.
4.10.3 Tabbatar da hoto na ma'ana
Tabbatar da Lx01 files ya bambanta da tabbatar da ayyukan hoton jiki saboda, a cikin Lx01 file, babu cikakken zanta. Kowanne fileBayanan da aka adana a cikin Lx01 yana da hash mai alaƙa wanda aka ƙididdige shi yayin sayan asali. Aikin tabbatar da hoto mai ma'ana yana karanta baya file bayanai daga Lx01 akan makoma, yana ƙididdige sabon ƙimar zanta ga kowane file, kuma yana kwatanta ƙimar hash ɗin da ainihin ƙimar hash ɗin da aka adana. Rashin gazawar kowa file don daidaita ainihin ƙimar hash ɗin saye zai haifar da gazawar tabbatarwa.
4.10.4 Tushen file metadata
Hoto mai ma'ana tare da TD4 ya haɗa da tushe file metadata a cikin fitowar CSV file, kamar yadda aka nuna a teburin da ke ƙasa.
Hanyar ginshiƙi
Nau'in
Abun ciki
Ya ƙunshi cikakken, filetsarin-dangi hanya don wannan shigarwa. Example: / masu amfani/charles/hotuna.
Ko dai ya ƙunshi "Directory,""Symlink," ko "File,” ya danganta da irin shigar da wannan layin ke wakilta.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
73
Babi na 4 Amfani da TD4
Rukunin FileGirman Kwanan Ƙirƙirar Ƙirƙirar Kwanan Ƙirar Kwanan Ƙirar Ƙirar Ƙirar Ƙirar Ƙirar Ƙirar Ƙirar MD5 Hash
Farashin SHA1
File Matsayi
Abun ciki
The file girman, a cikin bytes, na shigarwa. Wannan filin fanko ne don kundin adireshi.
Kitin IS0 8601 UTC kwanan wata/lokaci don ranar ƙirƙirar wannan shigarwar. Wannan filin babu komai idan babu ranar ƙirƙirar.
Igiyar IS0 8601 UTC kwanan wata/lokaci don ranar samun damar wannan shigarwa. Wannan filin babu komai idan babu ranar da aka shiga.
Kitin IS0 8601 UTC kwanan wata/lokaci don sabunta kwanan watan wannan shigarwa. Wannan filin babu komai idan babu ranar da aka gyara.
Kitin IS0 8601 UTC kwanan wata/lokaci don rubuta kwanan watan wannan shigarwa. Wannan filin babu komai idan babu rubutaccen kwanan wata.
MD5 Hash na shigarwa. Wannan filin fanko ne don kundin adireshi. Hakanan babu komai idan ba a ƙididdige hash na MD5 ba, ba a saita hash ɗin MD5 ba, ko shigarwar bai dace da ƙa'idodin saye ba.
SHA1 Hash na shigarwa. Wannan filin fanko ne don kundin adireshi. Hakanan babu komai idan ba a ƙididdige hash na SHA1 ba, ba a saita hash ɗin SHA1 ba, ko shigarwar bai dace da ƙa'idodin saye ba.
Ok idan babu matsala karatu file bayanai / metadata.
KUSKURE idan an sami kurakurai karatu file bayanai da/ko metadata.
Dokokin Daidaita
Wannan filin fanko ne don kundin adireshi.
"Y" idan file ya dace da ka'idojin saye don haɗawa. Don TD4, wannan koyaushe zai nuna wasa kamar file/ babban fayil ƙasa zaɓi/tace baya goyan bayan.
4.11 Hasashen
Kwararrun likitocin na iya buƙatar ƙididdige ƙimar hash, ko sawun yatsu, don tuƙi mai tushe ba tare da yin kwafin abin tuƙi ba. Ayyukan Hash na iya samar da ƙimar hash MD5, SHA-1, da SHA-256 don tuƙi mai tushe, kamar yadda saitin tsarin Hashes ya ƙaddara.
1. Bi matakan da aka jera a "Connecting Drives" a shafi na 27 don haɗa tushen abin da ake so.
Lura: Tun da TD4 kawai yana ba da damar tuƙi mai tushe guda ɗaya don amfani da kowane aiki, haɗa tushen tushen zanta da ake so kawai kuma tabbatar da cewa ba a haɗe wasu kayan aikin tushen ba. Idan an haɗa wasu kayan aikin tushen, za a ba da gargaɗi a cikin tayal ɗin aikin Hash kuma maɓallin Fara zai zama mara aiki (mai launin toka).
2. Fadada tayal ɗin aikin Hash akan allon gida. Za a nuna taƙaitaccen saitunan ayyukan da suka dace tare da kowane saƙon faɗakarwa. Tabbatar da saitunan, warware duk wani gargadi na toshewa, sannan ka matsa maɓallin Fara. Idan babu wani saitin da aka saita zuwa Ƙaddamarwa kuma babu wasu matsalolin daidaitawar aiki da ke buƙatar warwarewa, aikin zai fara, kuma za a nuna allon matsayin aikin.
74
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.11. Hashing
Idan an saita saitin tsarin Hash zuwa Gaggawa, babban allon saiti zai bayyana wanda zai ba da damar zaɓin nau'ikan zanta don aikin. Zaɓi nau'in hash da ake so sannan kuma danna maɓallin Fara don fara aikin Hash. 3. Bayan an fara aikin Hash, allon matsayin aikin zai bayyana, kamar yadda aka nuna a ƙasa.
Kuna iya soke aikin Hash mai aiki ta danna Cancel a kusurwar dama-kasa na allon matsayin aikin. Hakanan kuna iya fitar da log ɗin aikin daga wannan allon (har ma don aikin ci gaba, idan ana so) ta danna maɓallin fitarwa a kusurwar hagu na ƙasa sannan zaɓi wurin da ake so ko kayan haɗi /filetsarin.
Tushen tushen da aka yi amfani da shi a cikin aikin Hash za a nuna shi kusa da kasan allon matsayin aikin. Wannan katin tuƙi yana ba da ainihin bayanan tuƙi, kamar sunan tashar tashar jiragen ruwa da aka haɗa, girman girman abin tuƙi, da ko dai ID ɗin Evidence (idan an shigar dashi) ko lambar ƙirar motar. Gumaka za su bayyana akan waɗannan katunan tuƙi don samar da alamar-kallo na abubuwa kamar babu ganowa
filetsarin yanzu, HPA/DCO/AMA a wurin, ko gaban Tableau
boye-boye (kulle ko a buɗe) .
Lura: Ana iya taɓa katunan tuƙi a allon matsayin aiki don nuna cikakken bayanin tuƙi. Duk da haka, a lokacin da drive bayanai ne viewed daga wannan yanki, ana ɗaukar bayanan tarihi kamar yadda aka fara aikin,
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
75
Babi na 4 Amfani da TD4
kamar yadda bayanin kwanan wata/lokaci ya nuna a saman kusurwar dama na allon bayanan bayanan. Don ganin sigar kai tsaye na bayanan tuƙi kuma don samun damar yin lilo da aka ɗora fileTsarukan, yi amfani da fale-falen fale-falen tuƙi akan allon gida don samun damar allon bayanan bayanan.
4.12 Tabbatarwa
Aikin Tabbatar da tsaye yana tabbatar da ingancin hoton data kasance file ta hanyar sake karanta bayanan daga hoton file, ana ƙididdige ƙimar hash na waccan bayanan, sannan kuma kwatanta waccan ƙididdige ƙimar hash tare da ƙimar ainihin hash ɗin saye.
Lura cewa, yayin da za a iya amfani da aikin Tabbatar da guda ɗaya don tabbatarwa na tsaye na hotuna na zahiri da na hankali, tsarin tushen ya bambanta. Wannan saboda Hotunan zahiri sun ƙunshi gabaɗayan sayan faifai ƙimar hash da hotuna masu ma'ana sun ƙunshi file- tushen saye ƙimar zanta. Ba za a lura da wani bambanci yayin aikin tabbatarwa kanta ba, amma nau'in hoton tushen zai haifar da bambanci a yadda aka ba da rahoton sakamakon. Don aikin tabbatar da hoton zahiri, za a ba da rahoton ƙimar hash-matakin karatun baya a cikin log ɗin bincike. Don aikin tabbatar da hoto mai ma'ana, za a ba da rahoton fasfo / alamar gazawa mai sauƙi a cikin bayanan bincike. Fassara yana nuna cewa duk fileHashes na tushen tabbatarwa sun dace da siye na asali file hashes. Idan kowane mutum file a cikin hoto mai ma'ana file ya kasa tabbatarwa, duk aikin tabbatarwa zai nuna kamar ya gaza.
1. Bi matakan da aka jera a "Connecting Drives" a shafi na 27 don haɗa abin da ake so.
Lura: Ayyukan tabbatarwa suna amfani da makoma ko na'urorin haɗi kawai azaman tushen abubuwan da aka tabbatar.
2. Expand da Verify function tile a kan home allo, sa'an nan kuma matsa Fara button.
3. A cikin ci-gaba allon saituna, matsa Zaɓi log file maballin don ƙaddamar da tsarin bincike. Bincika zuwa wurin da ya dace / kayan haɗi da kuma filetsarin, gano wuri da ake so .td4_packed_log file, kuma zaɓi wancan file ta hanyar danna shi sau daya. Sannan danna maballin Zaɓi.
Lura: Lokacin lilo don cikekken log files, kawai files tare da tsawo na .td4_packed_log za a nuna a cikin taga mai bincike.
4. Review wanda aka zaba filetsarin da file bayanin hanyar, kuma, idan daidai ne, matsa maɓallin Fara don fara aikin tabbatarwa. Nunin Tabbatar da halin aiki zai bayyana.
Kuna iya soke aikin Tabbatar da aiki ta danna Soke a kusurwar dama-kasa na allon matsayin aikin. Hakanan zaka iya fitarwa da log log daga wannan allon (har ma don aikin ci gaba, idan ana so) ta danna maɓallin fitarwa a kusurwar hagu na ƙasa sannan zaɓi wurin da ake so ko kayan haɗi / filetsarin.
76
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.13. Maidowa
Za a nuna abin tuƙi da aka yi amfani da shi a cikin aikin Tabbatarwa kusa da kasan allon matsayin aikin. Wannan katin tuƙi yana ba da ainihin bayanan tuƙi, kamar sunan tashar tashar jiragen ruwa da aka haɗa, girman girman abin tuƙi, da ko dai ID ɗin Evidence (idan an shigar dashi) ko lambar ƙirar motar. Gumaka za su bayyana akan waɗannan katunan tuƙi don samar da alamar-kallo na abubuwa kamar babu ganowa filetsarin yanzu , HPA/DCO/AMA a wurin , ko gaban boye-boye na Tableau (kulle ko buɗe) .
Lura: Ana iya taɓa katunan tuƙi a allon matsayin aiki don nuna cikakken bayanin tuƙi. Duk da haka, a lokacin da drive bayanai ne viewed daga wannan yanki, ana ɗaukar bayanan tarihi kamar yadda aka fara aikin, kamar yadda aka nuna ta kwanan wata da bayanin lokaci a saman kusurwar dama na allon bayanan tuƙi. Don ganin sigar kai tsaye na bayanan tuƙi kuma don samun damar yin lilo da aka ɗora fileTsarukan, yi amfani da fale-falen fale-falen tuƙi akan allon gida don samun damar allon bayanan bayanan.
4.13 Maidowa
Ayyukan Maidowa yana ba da damar yin nishaɗin ainihin tsarin tuƙi daga hoton binciken bincike na TD4 da aka ƙirƙira a baya file. Abubuwan amfani don wannan fasalin sun bambanta amma sun haɗa da ikon yin amfani da abin da aka dawo da shi azaman faifan boot na tsarin kuma don ƙirƙirar kwafin shaidar kawai a cikin tsarinsa na asali don bayanin shari'ar gaba.
Aikin Mayar yana aiki tare da duk hoton kwafin jiki file iri (E01, Ex01, dd, dmg). Ba ya goyan bayan maidowa daga hoto mai ma'ana file kafa (Lx01).
Zai fi dacewa a goge kafofin watsa labaru kafin maido da su saboda wannan na iya taimakawa wajen gano hanyoyin da za su iya yin lahani da ɓangarori marasa kyau, kuma yana iya rage haɗarin lalata hanyar da aka maido da bayanan da ba su da kyau.
Yi la'akari da cewa, a farkon aikin Maidowa, TD4 yana shirya hanyar tafiya ta hanyar shafa sassan 0, 1, da kuma ƙarshen-drive debe 1. Wannan yana tabbatar da cewa babu bayanan tebur mai lalacewa akan drive wanda ke rage yiwuwar tuƙi. abubuwan ganowa a ƙarshen aikin.
Lura: Saboda bayanin tebur na ɓangaren yana da alaƙa da girman sashin tuƙi na tushen, maidowa zuwa wurin tuƙi tare da girman sashe daban ba a yarda ba. TD4 zai gano wannan batun rashin daidaituwa girman sashin kuma ya gargadi mai amfani. Ana buƙatar gyara wannan yanayin kafin a fara aikin Restore.
Don mayar da tuƙi daga hoto file:
1. Bi matakan da aka jera a cikin "Connecting Drives" a shafi na 27 don haɗa tushen da ake so da abubuwan tafiyarwa.
Lura: Mayar da ayyuka suna amfani da tutocin tushe azaman tushen shigarwar files (cushe log file da sashin hoto files). Hakanan, aikin Maidowa zai goge duk wata hanyar da aka makala / gano a lokacin aikin.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
77
Babi na 4 Amfani da TD4
ya fara. Tabbatar cewa babu ɗayan wuraren da kuke zuwa da ke da mahimmanci files akan su kafin fara aikin Maida.
2. Expand the Restore function tile a kan home allo, sa'an nan kuma matsa Fara button. Allon Saitin Maidowa zai bayyana.
3. A cikin Mayar da Saita allo, matsa Zaɓi log file maballin don ƙaddamar da tsarin bincike. Bincika zuwa tushen abin da ya dace /filetsarin, gano wuri da ake so .td4_packed_log file (wanda kake son dawo da shi), sannan ka zabi wancan file ta hanyar danna shi sau daya. Sannan danna maballin Zaɓi.
Lura: Lokacin lilo don cikekken log files, kawai files tare da tsawo na .td4_packed_log za a nuna a cikin taga mai bincike.
4. Review wanda aka zaba filetsarin da file bayanin hanyar, tabbatar da duk wani saiti a cikin Mayar da Saita allo, kuma, idan an saita komai da kyau, matsa maɓallin Fara don fara aikin Mayar. Allon halin Mayar da aiki zai bayyana.
Bayanan kula
A lokacin aikin Maidowa, ana ƙididdige hashes kamar yadda ake fitar da bayanai daga shaidar tushe file saita kuma rubuta zuwa wurin da aka nufa. Ana ɗaukar waɗannan hashes a matsayin tushen hashes kuma ana kama su a cikin sashin tushen na Mayar da log ɗin binciken aikin. Ko da ba a kunna Tabbatar da sake dawowa don aikin Maido ba, ana kwatanta waɗannan hashes na asali da hashes na ainihin hoton zahiri kuma, idan aka gano rashin daidaituwa, aikin Mayar zai gaza.
Idan an kunna Tabbatar da sake dawowa don aikin Restore, za a sake karanta ɓangaren mashigar inda aka nufa da aka rubuta yayin Mayar da (wanda ya yi daidai da girman asalin abin da aka samo asali) a baya, kuma za a ƙididdige ƙimar hash ɗin sake dawowa kuma a kwatanta shi da shi. tushen hashes. Idan an gano rashin daidaituwa, ɓangaren tabbatarwa na aikin Dawowa zai gaza. An kama waɗannan hashes na sake dawowa a cikin sashin da aka nufa na Mayar da log ɗin binciken binciken aikin. Lura cewa idan ƙimar hash ɗin da aka sake karantawa sun dace da ƙimar hash na tushen, za a yi la'akari da ƙananan fifikon mahimman bayanai a cikin rajistan ayyukan bincike na HTML kuma don haka ɓoye ta tsohuwa. Wadannan hashes na iya zama viewed ta hanyar faɗaɗa sashin (s) tuƙi na maƙasudi na log ɗin shari'a.
78
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
4.14. Dokokin shari'a
4.14 Lissafin labarun kan layi
TD4 yana haifar da cikakken log don duk ayyukan bincike da yawancin ayyukan amfanin kafofin watsa labarai. Ana amfani da bayanan da aka kama yayin kowane aiki don ƙirƙirar duka fuskan matsayin aikin da aka gani a cikin mahallin mai amfani (samuwa daga jerin Ayyukan Aiki) da kuma rajistan ayyukan bincike na yau da kullun waɗanda za'a iya fitar dashi zuwa waje. Wannan sashe ya keɓance ga rajistan ayyukan bincike da aka fitar. Don bayani kan jerin tarihin Ayuba da allon yanayin aiki, duba “Tarihin Aiki” a shafi na 37 da “Matsayin Aiki” a shafi na 36.
Cikakkun bayanan da aka kama a cikin rajistan ayyukan bincike zai dogara ne akan nau'in aikin. An nuna taƙaitaccen bayanin da aka ɗauka don aikin kwafi na tushen hoto a ƙasa. Duba sample rajistan ayyukan a karshen wannan sashe ga wani takamaiman aiki log examples.
Matsayi: Matsayin aikin gabaɗaya (Ba a cika ba, Ok, Kuskure/Ba a yi nasara ba, An soke), kwanan wata/lokaciamps, gano TD4 azaman tsarin saye, da sigar firmware da ake amfani da ita a lokacin sayan. Hakanan za'a haɗa waɗannan abubuwan zaɓi na zaɓi a cikin wannan sashe: Sunan jarrabawa, ID na shari'a, Bayanan shari'a, da Bayanan Aiki.
Tushen: cikakkun bayanan tuƙi, gami da bayanan tuƙi gabaɗaya (ID ɗin shaida (idan an saita), nau'in dubawa, tashar TD4, lambar yin/samfuri, sigar firmware, lambar serial(s), ƙayyadaddun ƙayyadaddun ƙa'ida (misali, bayanan SCSI/USB) , HPA/DCO/AMA da suka danganci bayanai, RAID da bayanan ɓoyewa, girman / bayanin tsari, da nau'in tebur na bangare), cikakkun bayanai na bangare, kuma, idan akwai kuma ana goyan bayan TD4, filetsarin takamaiman bayanai.
Sakamakon Samun: Cikakkun bayanai game da abubuwan da ake samu na aikin, gami da toshe farawa da lambobi, ƙimar zanta, da karanta bayanan kuskure.
· Kanfigareshan: Bayanin tsarin aiki, kamar fitarwa file nau'in tsari, sashi file girman, kuma ko an kunna matsawa ko a'a.
Wurin Hoto: cikakkun bayanan tuƙi, gami da ƙimar hash ɗin sake karantawa (idan an kunna shi don aikin), bayanan tuƙi gabaɗaya (nau'in mu'amala, tashar TD4, lambar yin/samfuri, sigar firmware, lambar serial), ƙayyadaddun ƙayyadaddun yarjejeniya (misali. , Bayanin SCSI/USB), bayanan da suka shafi HPA/DCO/AMA, RAID da bayanan ɓoyewa, bayanin girman / shimfidawa, da nau'in tebur na bangare), cikakkun bayanai, da filetsarin takamaiman bayanai.
Takaitacciyar gazawa: Idan gazawa ta faru yayin aikin, za a nuna wannan sashin kuma zai haɗa da dalilin gazawar da lambar. Lura cewa lambar gazawar ba a yi nufin ta zama mai ma'ana ga mai amfani na ƙarshe ba. A lokuta da ake buƙatar goyon bayan abokin ciniki don warware matsalar gazawar aiki, ya kamata a lura da lambar gazawar kuma a haɗa cikin rahoton abin da ya faru. Wannan bayanin zai taimaka wajen tantance tushen gazawar.
Don samun dama ga rajistan ayyukan da aka adana akan TD4 ɗinku, faɗaɗa tayal ɗin aikin Tarihin Ayuba akan allon gida sannan danna ƙaramin yanki na tayal ɗin aikin. Za a nuna lissafin duk ayyukan da aka adana akan naúrar. Taɓa kan aiki zai nuna allon matsayin aikin sa. Lura cewa ba za ku iya buɗewa ba kuma view rajistan ayyukan bincike files kai tsaye a kan TD4. aiki
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
79
Babi na 4 Amfani da TD4
allon hali yana nuna mahimman bayanai game da aikin, amma bayanan aikin zai buƙaci a fitar dashi zuwa makoma ko kayan haɗi don samun damar yin hakan. view littafin forensic file akan wata kwamfuta daban.
4.14.1 Sampda logs
Biyu sampAna nuna rajistan ayyukan a ƙasa - ɗaya daga kwafi mai nasara kuma ɗaya daga tabbatarwar da ba ta dace ba. Kamar yadda aka nuna a cikin HTML log sampHar ila yau, akwai kibiyoyi sama / ƙasa a gefen dama na kowane sashe na kan kai. Kibiya ta ƙasa tana nuna sashin ya rushe; Kibiya ta sama tana nuna an faɗaɗa ta. The sample HTML rajistan ayyukan da ke ƙasa ana nuna su tare da duk filayen sun ruguje don sauƙi. An rarraba kowane yanki na bayanan log a matsayin mai mahimmanci ko ƙari, kuma mahimman bayanai kawai ana nunawa lokacin da wani sashe ya rushe. Lokacin da log ɗin da aka fitar ya kasance viewed a kan kwamfuta daban, kowane sashe za a iya faɗaɗa shi don nuna dalla-dalla, ƙarin bayani. A cikin wannan fadada view, mahimman bayanai ana haskaka su tare da cikakkun kwatancen filin, yayin da ƙarin bayanan ana nuna su cikin launin toka mai haske. Lura cewa takamaiman guntun bayanan log ɗin na iya ɗaukar ƙarin a cikin wani yanayi amma mai mahimmanci a wani yanayi. Don misaliampHar ila yau, bayanan ɓoyewa na tushen tushen abin da aka bayar za a yi la'akari da ƙari idan drive ɗin ba shi da boye-boye amma zai zama mahimmanci idan an gano ɓoyewa.
Yanayin farko na kowane log ɗin HTML zai kasance don nuna duk filayen sun ruguje tare da mahimman bayanai kawai da aka nuna. Yayin da za a iya jujjuya sassan ɗaiɗaikun tsakanin nuna duk bayanan ko kuma taƙaitaccen bayani, akwai maɓalli a gefen dama na dama na allon log ɗin HTML wanda zai ba da damar faɗaɗa ko rugujewa duka sassan.
Kuskuren saƙo a cikin rajistan ayyukan HTML yana da wasu ayyuka na musamman kuma. Duk wani yanayin kuskure zai nuna a cikin ja rubutu azaman mahimman bayanai a taƙaitaccen bayani view. Fadada sashin tare da yanayin kuskure zai nuna ƙarin cikakkun bayanai game da matsayin kuskure, gami da dalilin kuskuren.
80
BuɗeTextTM TableauTM Mai Duplicator na Forensic TD4
Saukewa: ISTD230400-UGD-EN-1
Sample Log 1 Nasarar EX01 Kwafi
4.14. Dokokin shari'a
Lura: Duk sassan log ɗin sun ruguje banda Sakamakon Saye.
Saukewa: ISTD230400-UGD-EN-1
Jagorar Mai Amfani
81
Babi na 4 Amfani da TD4 SampLe Log 2 Ba a yi nasarar Tabbatar da Kai tsaye ba (wanda ba a iya karantawa)
Lura: Duk sassan log ɗin sun ruguje banda Driv
Takardu / Albarkatu
 | opentext TD4 Forensic Duplicator [pdf] Jagorar mai amfani TD4 Forensic Duplicator, TD4, Mai Duplicator Forensic, Kwafi |