skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 236223   Add to Shopping cart   Find in a Library
Title: Test Results for Digital Data Acquisition Tool: Tableau TD1 Forensic Duplicator; Firmware Version 2.34 Feb 17, 2011
Corporate Author: National Institute of Standards and Technology (NIST)
United States of America
Date Published: 12/2011
Page Count: 60
Sponsoring Agency: National Institute of Justice
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 2003-IJ-R-029
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Document: PDF 
Type: Test/Measurement
Language: English
Country: United States of America
Annotation: This report presents the results from testing the Tableau TD1 Forensic Duplicator, firmware version 2.34 February 17, 2011, against the “Digital Data Acquisition Tool Assertions and Test Plan Version 1.0.”
Abstract: The tool acquired source drives completely and accurately, with the exception of the following: one case where a source drive containing faulty sectors was imaged, and two cases where source drives containing hidden sectors were imaged. In addition, there were two cases where the tool generated bogus alert messages in place of alerting the user to the presence of hidden sectors on the source drive. There are three testing observations that should be known to the user of the tool. First, when the tool was executed using the “fast” error recovery model and faulty sectors were encountered, some readable sectors near the faulty sectors were replaced by zeros in the created clone. This is the intended tool behavior as specified by the tool vendor. Second, in two cases, in place of alerting the user about hidden sectors on the source drive, the tool issued bogus alerts stating that the “Source disk may be blank.” In one of the two cases, the tool removed the HPA from the source and all sectors were acquired. In the second case, the tool did not remove the DCO from the source, and hidden sectors were not acquired. Third, the tool does not automatically remove DCOs from source drives, but is designed to alert the user when a DCO exists. A user may cancel the duplication process and manually remove the DCO using the “Disk Utilities” “Remove DCO & HPA” menu option. Extensive tables
Main Term(s): Science and Technology
Index Term(s): Computer hardware systems ; Computer software ; Computers ; Computer related crime ; Computer aided investigations ; Computer evidence ; NIJ grant-related documents
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=258217

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.