remote acquisition
play

REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE - PowerPoint PPT Presentation

Sep 30, 2023 •405 likes •625 views

REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE FOR THE REMOTE ACQUISITION OF MULTIPLE COMPUTERS DENNIS CORTJENS UVA | SNE | RP2 NFI AGENDA Introduction Results / Conclusion Research Future research

  1. REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE FOR THE REMOTE ACQUISITION OF MULTIPLE COMPUTERS DENNIS CORTJENS UVA | SNE | RP2 NFI

  2. AGENDA • Introduction • Results / Conclusion • Research • Future research • Concepts • Goals Sheets: 20 • Implementation Duration: 15 minutes Questions: after presentation • Testing

  3. INTRODUCTION • large IT infrastructures > companies, data centers, universities • multiple computers / servers • time consuming > disassembling each computer • Netherlands Forensic Institute > 1 project > 3 research projects: 1. Bootable Linux CD / PXE for the remote acquisition of multiple computers > Dennis 2. Acquisition server > Eric 3. Triage software

  4. RESEARCH • question: Can a bootable Linux CD / PXE be build for the remote acquisition of multiple computers and how does it perform compared to the traditional method? • hypothesis: The remote acquisition of multiple computers (in general) is slower then the traditional method and across the internet it is slower then across a LAN. However, if the acquisition is performed remotely without being on location, it can be done parallel to other activities. This could make it a time efficient solution for partial and sparse acquisition in the future. • previous research: Automated Network Triage (ANT) Martin B. Koopmans, Joshua I. James | University College Dublin

  5. CONCEPTS - NFS

  6. CONCEPTS - iSCSI

  7. GOALS • creating a working (iSCSI) concept:  live image > optical disc / USB stick / PXE  authoring tool > configuring live image • testing the hypothesis:  performance NFS vs. iSCSI  remote vs. traditional acquisition • focus:  client side  working concept > basic server side

  8. IMPLEMENTATION - Client • live image:  KNOPPIX 7.2.0 vs. Ubuntu Desktop 14.04  packages and new services set_network_interfaces  secure connection send_client_information set_iscsi_targets  forensic soundness • authoring tool: nfs-common iscsitarget  bash script client  remastering live image iptables openvpn rabe_authoring_tool

  9. IMPLEMENTATION - Server • not in initial scope rabe_connect_iscsi_target SimpleHTTPServer • needed for working concept server • configuration:  Ubuntu Desktop 14.04 open-iscsi openvpn  packages  secure connection nfs-kernel-server  web service > python  bash script > connecting iSCSI targets

  10. TESTING - LAN

  11. TESTING - LAN iSCSI: Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 30 second(s) with 10 MiB/s (10752688 bytes/second). #1 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 14 minute(s) and 15 second(s) with 11 MiB/s (11695906 bytes/second). #2 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 30 second(s) with 10 MiB/s (10752688 bytes/second). #3 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS NFS: Written: 9.3 GiB (10000000188 bytes) in 17 minute(s) and 0 second(s) with 9.3 MiB/s (9803921 bytes/second). #1 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 38 second(s) with 10 MiB/s (10660981 bytes/second). #2 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 17 minute(s) and 4 second(s) with 9.3 MiB/s (9765625 bytes/second). #3 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS

  12. TESTING - internet

  13. TESTING - internet iSCSI: Written: 9.3 GiB (10000000188 bytes) in 2 hour(s), 13 minute(s) and 39 second(s) with 1.1 MiB/s (1247038 #1 bytes/second). MD5 hash calculated over data: 0c27b2131c240fa88ceeab132ca326d0 ewfacquire: SUCCESS NFS: Written: 9.3 GiB (10000000188 bytes) in 2 hour(s), 22 minute(s) and 6 second(s) with 1.1 MiB/s (1172882 #1 bytes/second). MD5 hash calculated over data: d1b749285de3e6ec69537fb1212b4dd0 ewfacquire: SUCCESS

  14. RESULTS / CONCLUSION • live image & authoring tool • NFS vs. iSCSI:  LAN: iSCSI faster 0.7-1.0 MiB/s (VPN overhead)  internet: iSCSI faster 8 minutes and 27 seconds (same speed 1.1 MiB/s) • hypothesis:  correct, but with some side notes  speed > network and internet connection limitation  takes much longer > ± 29 hours (LAN) / ± 244 hours (internet)  partial and sparse acquisition

  15. CONCLUSION / SUMMARY “ this concept is a theoretical solution for the remote acquisition of multiple computers and will not yet succeed the traditional acquisition method, but could be a solution for partial or sparse acquisition in the near future ” • created working concept • live image & authoring tool • concluded on NFS vs. iSCSI • open framework for future research

  16. FUTURE RESEARCH • live image: • forensics:  disable auto-mounting  disable auto-mounting  reduce size  reduce memory footprint  remove GUI  include memory acquisition  other tools? • authoring tool:  preview / triage mode >  chroot hopping copy-on-read (Eric) • further performance testing

  17. D E M O

  19. D E M O

  20. QUESTIONS?

Recommend

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J n Jaik aikae aeo De Department of f Computer Engineering Ka Kasetsart Unive versity Materials partly taken from lecture slides by Karl and

451 views • 34 slides
Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016

Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016

Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016 Location Netherlands Forensic Institute Supervisor : Ruud Schramp Agenda 1 Remote acquisition - research motivation introduction 2 Research scope and

1.09k views • 83 slides
Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your troubleshooting needs ! On Premises Available on cloud Feature Highlights Advanced remote desktop sharing Voice, video and text chat Remote

222 views • 11 slides
CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr

CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr

CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Storage Formats Acquisition Architecture Acquisition Methods Tools Data

693 views • 36 slides
Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting

Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting

Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting opportunity: with just a few tweaks to your homelife and routine, your productivity and personal well-being can be maximized. This document

324 views • 6 slides
DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA) Basic Rules Remote Connection AKE RA Encoding Rules 2 Remote Access Basic Rules Source devices may permit remote access to content

326 views • 15 slides
E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016

E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016

E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016 DISCLAIMER In connection with the proposed acquisition, iFresh Inc., a wholly owned subsidiary of E-compass Acquisition Corp. (ECAC), will

419 views • 30 slides
COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS

COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS

COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS A remote internship is a class of internship where you do not have to be physically present in the office or site while doing the internship. You

151 views • 13 slides
COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

REMOTE COLLECTION COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 Possibility of connecting in one line with low multidecks LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07

1k views • 82 slides
Defense Acquisition University Provides a global learning environment to develop qualified

Defense Acquisition University Provides a global learning environment to develop qualified

The Aerospace & Defense Forum 1/18/2013 Use of Strategic Management Methods in DoD Acquisition Programs Dr. Stanley Rosen P Professor of Acquisition Management f f A i iti M t Defense Acquisition University The Aerospace &

434 views • 24 slides
Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor

Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor

Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor Safe Harbor In keeping with the SECs Safe Harbor guidelines, certain statements made during this presentation could be considered

668 views • 35 slides
Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI

Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI

Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI CHANNELS 96 acquisitions per day (12 channels in each acquisition) Channel 04 (IR3.9) Channel 09 (IR10.8) MODIS Data Real-Time Monitoring of Dust Sources

1.09k views • 78 slides
Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t i d o n e a f t h e l e c t u r e ! t e r a r e o n s 1 Remote Access Modern computing requires the use of a variety of resources located on

652 views • 44 slides
Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be

Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be

Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be paid in cash at closing: Main terms of the Implied price to tangible book value (2018) ratio of 2.55x 2 transaction The closing of the

344 views • 8 slides
First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence

First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence

First Language Acquisition: Theories and Evidence Course Readings Imitation vs. Rule Creation First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence Universal Grammar and Language Acquisition

1.05k views • 60 slides
Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call?

Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call?

Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call? Executing a procedure in an application running on a remote server Transport Protocol and Serialization are abstracted away to work

309 views • 20 slides
Virtual Learning St. John the Baptist School Remote Learning vs. Virtual Learning Remote

Virtual Learning St. John the Baptist School Remote Learning vs. Virtual Learning Remote

Virtual Learning St. John the Baptist School Remote Learning vs. Virtual Learning Remote Learning Virtual Learning - Entire class is remote - Some of the class is in person and - Some live instruction and recorded some is remote lessons

374 views • 11 slides
KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views • 26 slides
ACQUISITION OF CATHEDRAL GROUP (HOLDINGS) LIMITED 14 May 2014 Acquisition overview

ACQUISITION OF CATHEDRAL GROUP (HOLDINGS) LIMITED 14 May 2014 Acquisition overview

ACQUISITION OF CATHEDRAL GROUP (HOLDINGS) LIMITED 14 May 2014 Acquisition overview Acquisition of Cathedral Group (Holdings) Limited a privately owned Greater London and South East of England mixed-use regeneration developer with a

872 views • 5 slides
(g)RPC - Remote Procedure Call February 13, 2019 Remote Procedure Call (RPC) a form of

(g)RPC - Remote Procedure Call February 13, 2019 Remote Procedure Call (RPC) a form of

(g)RPC - Remote Procedure Call February 13, 2019 Remote Procedure Call (RPC) a form of inter-process communication RPC - Protocols XML-RPC xmlrpc2 (CRAN), XMLRPC (omegahat) JSON-RPC https://www.jsonrpc.org/ gRPC open

341 views • 8 slides
Chapter 15: Distributed Communication Sockets Remote Procedure Calls (RPCs) Remote

Chapter 15: Distributed Communication Sockets Remote Procedure Calls (RPCs) Remote

Chapter 15: Distributed Communication Sockets Remote Procedure Calls (RPCs) Remote Method Invocation (RMI) CORBA Object Registration Silberschatz, Galvin, and Gagne 1999 Applied Operating System Concepts Sockets

461 views • 21 slides
Rapid and Adaptive System Acquisition A Model for IT Acquisition in the Department of Defense

Rapid and Adaptive System Acquisition A Model for IT Acquisition in the Department of Defense

Rapid and Adaptive System Acquisition A Model for IT Acquisition in the Department of Defense DR. Raymond A. Paul Department of Defense 28 January 2003 8/12/2003 1 Overview n Charting the DoD IT Acquisition Landscape n Commercial Use of

662 views • 51 slides
Remote Procedure Calls (RPCs) and Remote Method Invocation (RMI) CS425/ECE428 SPRING 2019

Remote Procedure Calls (RPCs) and Remote Method Invocation (RMI) CS425/ECE428 SPRING 2019

Remote Procedure Calls (RPCs) and Remote Method Invocation (RMI) CS425/ECE428 SPRING 2019 Process communication Message passing socket.write(DEPOSIT Alice $20\n) Remote procedure calls (RPC)s deposit(Alice, 20) Remote method

508 views • 22 slides
Incotec Acquisition Cultivating profitable growth Innovation you can build on Acquisition

Incotec Acquisition Cultivating profitable growth Innovation you can build on Acquisition

Incotec Acquisition Cultivating profitable growth Innovation you can build on Acquisition snapshot Incotec is an independent world leader of innovative seed enhancement technologies, headquartered in Enkhuizen, The Netherlands Croda

690 views • 7 slides

More recommend