beautypg.com

Stop – CRU Ditto Forensic FieldStation User Manual

Page 12

background image

12

Protecting Your Digital Assets

TM

Ditto Forensic FieldStation User Manual

stamp format: “S_yyyymmddhhmmss”. Alternatively, you can click on the

Logs button

from the top

menu bar.

Scroll to “eSATA Extended Disk Info” to see recorded data, including S.M.A.R.T. and hdparm information.

4.1.8 NetView Scan

NetView is a network tool that can be used to discover machines on a network
and even probe them for specific services that they may be running. This capability
can help an investigator locate physically hidden computers or quickly determine
whether a machine is acting as a data storage device that the Ditto Forensic FieldSta-
tion can image.

See Section 11.1 for more information about the NetView Scan feature.

4.2 INVESTIGATION INFO

The Investigation Info panel groups related information that may also be used in creating
custom directories and file names (see Section 5.8). The “Hide” button allows you to
minimize the panel.

Click the

Edit button

to enter information about the Investigator, Case Number, Evi-

dence Number, Description, Notes, and a Base Filename prefix for an E01 or DD image.

Each field is filtered to block non-printable ASCII characters. Any characters at the file
system level that may not be safe for a directory name or file name will be filtered out
and replaced with an underscore. Only printable ASCII characters are currently allowed
for directory and filenames. Multiple underscores will also be reduced to a single under-
score per naming item.

The Ditto Forensic FieldStation will generate an error message if you enter a non-printable ASCII character or
if your message exceeds the 58 character limit. Additionally, when the final directory or filename that uses
any of these fields is created, another level of filtering is applied.

Using apostrophes (‘) in the name fields will cause an error when the file or folder name is created. They

should not be used in the Investigation Info fields.

4.3 SYSTEM SETTINGS

Displays the current configuration settings of the Ditto Forensic FieldStation. These set-
tings are loaded as the default settings for the actions you perform in the “Action” panel.
The “Hide” button allows you to minimize the panel. Click the

Edit button

to customize

these settings. See Section 5.1 for details on each option.

4.4 CURRENT STATUS

Reports either as “Idle” or displays info about the action that the Ditto Forensic FieldSta-
tion is currently performing.

4.5 DISKS

Displays information about the attatched disks that are currently connected to the Ditto
Forensic FieldStation.The “Hide” button allows you to minimize the panel. To see the

Figure 10.

The “Action” section on the “Home”

screen, showing the options available for the “Netview

Scan” action.

Figure 11.

The “Investigation Info” section.

Figure 12.

The “System Settings” section.

Figure 13.

The “Current Status” section, displaying a

the status of a Physical Image action.

STOP!

See also other documents in the category CRU Computer Accessories: