• Home

  • Documents

  • Test Results for Digital Data Acquisition Tool - BlackBag ... · PDF fileTest Results for...
71
U.S. Department of Justice Office of Justice Programs National Institute of Justice Special REPORT Test Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2 SEPT. 09 Office of Justice Programs Innovation • Partnerships • Safer Neighborhoods www.ojp.usdoj.gov www.ojp.usdoj.gov/nij

Test Results for Digital Data Acquisition Tool - BlackBag ... · PDF fileTest Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2 ... Test Results for Digital Data

  • Upload
    vantram

  • View
    214

  • Download
    1

Embed Size (px)

Citation preview

  • U.S. Department of Justice Office of Justice Programs National Institute of Justice

    Special RepoRt

    Test Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2

    se

    pt. 0

    9

    Office of Justice Programs Innovation Partnerships Safer Neighborhoods

    www.ojp.usdoj.gov

    www.ojp.usdoj.gov/nij

  • U.S. Department of Justice Office of Justice Programs

    810 Seventh Street N.W.

    Washington, DC 20531

    Eric H. Holder, Jr. Attorney General

    Laurie O. Robinson Acting Assistant Attorney General

    Kristina Rose Acting Director, National Institute of Justice

    This and other publications and products of the National Institute

    of Justice can be found at:

    National Institute of Justice

    www.ojp.usdoj.gov/nij

    Office of Justice Programs

    Innovation Partnerships Safer Neighborhoods

    www.ojp.usdoj.gov

    http:www.ojp.usdoj.govwww.ojp.usdoj.gov/nij

  • sept. 09

    Test Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2

    NCJ 228223

  • Kristina Rose

    Acting Director, National Institute of Justice

    This report was prepared for the National Institute of Justice, U.S. Department of Justice, by the Office of Law Enforcement Standards of the National Institute of Standards and Technology under Interagency Agreement 2003IJR029.

    The National Institute of Justice is a component of the Office of Justice Programs, which also includes the Bureau of Justice Assistance, the Bureau of Justice Statistics, the Office of Juvenile Justice and Delinquency Prevention, and the Office for Victims of Crime.

  • February 2009

    Test Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2

  • February 2009 ii Results for MacQuisition 2.2

  • Contents

    Introduction..................................................................................................................................... 1 1 Results Summary ...................................................................................................................... 2 2 Test Case Selection ................................................................................................................... 3 3 Test Execution Approach.......................................................................................................... 4 4 Results by Test Assertion.......................................................................................................... 4

    4.1 Acquisition Hashes ............................................................................................................ 6 4.2 Block Acquisition Hashes.................................................................................................. 7 4.3 Acquisition With Insufficient Space .................................................................................. 7 4.4 Acquisition of HPA and DCO ........................................................................................... 7 4.5 Skip Request Ignored......................................................................................................... 7 4.6 Acquisition of Faulty Sectors............................................................................................. 8

    5 Testing Environment ................................................................................................................. 9 5.1 Test Computers .................................................................................................................. 9 5.2 Support Software ............................................................................................................. 10

    6 Test Results............................................................................................................................. 10 6.1 Test Results Report Key .................................................................................................. 10 6.2 Test Details ...................................................................................................................... 11

    6.2.1 DA-06-FW ................................................................................................................ 11 6.2.2 DA-06-FW-INTEL ................................................................................................... 14 6.2.3 DA-06-SATA28........................................................................................................ 17 6.2.4 DA-06-SATA48........................................................................................................ 19 6.2.5 DA-06-SATA48-INTEL........................................................................................... 21 6.2.6 DA-06-USB .............................................................................................................. 23 6.2.7 DA-06-USB-INTEL ................................................................................................. 26 6.2.8 DA-07-CF ................................................................................................................. 29 6.2.9 DA-07-PART............................................................................................................ 31 6.2.10 DA-07-THUMB...................................................................................................... 33 6.2.11 DA-08-DCO............................................................................................................ 35 6.2.12 DA-08-SATA28...................................................................................................... 37 6.2.13 DA-08-SATA28-INTEL......................................................................................... 39 6.2.14 DA-08-SATA48...................................................................................................... 41 6.2.15 DA-09 ..................................................................................................................... 43 6.2.16 DA-09-134 .............................................................................................................. 46 6.2.17 DA-09-134-INTEL ................................................................................................. 49 6.2.18 DA-09-INTEL......................................................................................................... 52 6.2.19 DA-09-TPIPE ......................................................................................................... 55 6.2.20 DA-09-TPIPE-INTEL............................................................................................. 57 6.2.21 DA-10 ..................................................................................................................... 60 6.2.22 DA-12 ..................................................................................................................... 62

    February 2009 iii Results for MacQuisition 2.2

  • February 2009 iv Results for MacQuisition 2.2

  • Introduction

    The Computer Forensics Tool Testing (CFTT) program is a joint project of the National Institute of Justice (NIJ), the research and development organization of the U.S. Department of Justice (DOJ), and the National Institute of Standards and Technologys (NISTs) Office of Law Enforcement Standards and Information Technology Laboratory. CFTT is supported by other organizations, including the Federal Bureau of Investigation, the U.S. Department of Defense Cyber Crime Center, U.S. Internal Revenue Service Criminal Investigation Division Electronic Crimes Program, and the U.S. Department of Homeland Securitys Bureau of Immigration and Customs Enforcement and U.S. Secret Service. The objective of the CFTT program is to provide measurable assurance to practitioners, researchers, and other applicable users that the tools used in computer forensics investigations provide accurate results. Accomplishing this requires the development of specifications and test methods for computer forensics tools and subsequent testing of specific tools against those specifications.

    Test results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools capabilities. This approach to testing computer forensic tools is based on well-recognized methodologies for conformance and quality testing. The specifications and test methods are posted on the CFTT Web site (http://www.cftt.nist.gov/) for review and comment by the computer forensics community.

    This document reports the results from testing BlackBag MacQuisition, version 2.2, against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0, available at the CFTT Web site (http://www.cftt.nist.gov/DA-ATP-pc-01.pdf).

    Test results from other software packages and the CFTT tool methodology can be found on NIJs computer forensics tool testing Web page, http://www.ojp.usdoj.gov/nij/topics/technology/electronic-crime/cftt.htm.

    http://www.cftt.nist.gov/http://www.cftt.nist.gov/DA-ATP-pc-01.pdfhttp://www.ojp.usdoj.gov/nij/topics/technology/electronic-crime/cftt.htm

  • Test Results for Digital Data Acquisition Tool Tool Tested: BlackBag MacQuisition Version: 2.2 Run Environments: Custom (Mac OS X)

    Supplier: BlackBag Technologies, Inc.

    Address: 300 Piercy Road San Jose, CA 95138

    Tel: 4088448890 Fax: 4088448891 WWW: http://www.blackbagtech.com/

    1 Results Summary

    The tool acquired the source drives accurately except for acquiring a drive with faulty sectors. However, several tool anomalies were observed:

    In one distributed version of MacQuisition 2.2 SHA1 acquisition hashes on the PowerPC architecture are computed incorrectly (DA06FW).

    The last hash i


General Digital Expertise Exploitation Results

General Digital Expertise Exploitation Results

Documents
PTV Digital Marketing Survey Results

PTV Digital Marketing Survey Results

Technology
7 Ways to Improve Digital Marketing Results

7 Ways to Improve Digital Marketing Results

Marketing
Digital humanities . Faculty Survey Results. DIC 2015

Digital humanities . Faculty Survey Results. DIC 2015

Education
Digital Genius Awards 2019 Results

Digital Genius Awards 2019 Results

Documents
QUICK START GUIDE - BlackBag Technologies€¦ · QUICKSTART GUIDE BlackLight© is designed with both novice and advanced users in mind. It features a clean interface, easy navigation,

QUICK START GUIDE - BlackBag Technologies€¦ · QUICKSTART GUIDE BlackLight© is designed with both novice and advanced users in mind. It features a clean interface, easy navigation,

Documents
Results of the 2015 Digital PM Summit Digital PM Agile Retrospective

Results of the 2015 Digital PM Summit Digital PM Agile Retrospective

Technology
Driving Demand Generation Results via Digital Nurturing

Driving Demand Generation Results via Digital Nurturing

Business
Digital citizenship questionnaire results

Digital citizenship questionnaire results

Education
Realizing Results Ethically in a Digital World · Realizing Results Ethically in a Digital World In this presentation, we will: Consider some digital ethical dilemmas Recognize the

Realizing Results Ethically in a Digital World · Realizing Results Ethically in a Digital World In this presentation, we will: Consider some digital ethical dilemmas Recognize the

Documents
Digital humanities. Librarian Survey Results. DIC 2015

Digital humanities. Librarian Survey Results. DIC 2015

Education
Digital Content = Better Results

Digital Content = Better Results

Education
Digital Solutions That Get Results

Digital Solutions That Get Results

Technology
SCA Digital June 2013 Results

SCA Digital June 2013 Results

Technology
Marbral advisory Digital Survey Results 2016

Marbral advisory Digital Survey Results 2016

Business
Press Kit - Cellebrite · Cellebrite Press Kit 3. 20 Years of Market Leadership & Innovation ... Europe / Cellebrite GmbH 2008 Mobilogy & NA Focus 2001 BlackBag Acquisition 2020 Achieved

Press Kit - Cellebrite · Cellebrite Press Kit 3. 20 Years of Market Leadership & Innovation ... Europe / Cellebrite GmbH 2008 Mobilogy & NA Focus 2001 BlackBag Acquisition 2020 Achieved

Documents
Digital Diaries 4 Results Summary

Digital Diaries 4 Results Summary

Documents
BlackBag Technologies, Inc

BlackBag Technologies, Inc

Technology
€¦  · Web viewIEF Triage $ 4. BlackBag. MacQuisition $ 5. Vound Software. Intella 100 $ 6. Passware. Passware forensic Kit $ 7. BlackBag. BlackLight $ 8. Guidance. EnCase $ 9

€¦  · Web viewIEF Triage $ 4. BlackBag. MacQuisition $ 5. Vound Software. Intella 100 $ 6. Passware. Passware forensic Kit $ 7. BlackBag. BlackLight $ 8. Guidance. EnCase $ 9

Documents
2016 Digital Marketing2016 DIGITAL MARKETING RENZAGROUP, LLC RENZAGROUP'S DIGITAL MARKETING PRACTICE FOCUSES ON DELIVERING QUANTIFIABLE RESULTS. OUR

2016 Digital Marketing2016 DIGITAL MARKETING RENZAGROUP, LLC RENZAGROUP'S DIGITAL MARKETING PRACTICE FOCUSES ON DELIVERING QUANTIFIABLE RESULTS. OUR

Documents
SCA Digital August 2013 Results

SCA Digital August 2013 Results

Technology
Merkle 2016 Digital Bowl Results

Merkle 2016 Digital Bowl Results

Marketing
Digital marketing challenges survey results

Digital marketing challenges survey results

Documents
Integrating Digital and Mail for Results

Integrating Digital and Mail for Results

News & Politics
Student digital experience tracker pilot results 2016

Student digital experience tracker pilot results 2016

Education
2006 Preliminary Results - Investis Digital

2006 Preliminary Results - Investis Digital

Documents
Measure Digital to Ignite Results not Reports

Measure Digital to Ignite Results not Reports

Documents
DIGITAL GREEN FARMSTACK EVALUATION RESULTS

DIGITAL GREEN FARMSTACK EVALUATION RESULTS

Documents
"European digital stories" Survey's results

"European digital stories" Survey's results

Documents
ADP Account Insights: Digital Media Survey Results

ADP Account Insights: Digital Media Survey Results

Business